Configuring Oracle eBS database tier

Use the Oracle tools to configure both the truststore and the keystore on the Oracle eBS database tier.

About this task

The Oracle Wallet Manager and the orapki command, are used in the following steps. The following task sets up a self-signed certification authority, truststore, and keystore.

Procedure

  1. Create a self-signed certificate authority.
    Issue the following commands:
    mkdir authority

orapki wallet create -wallet ./authority -pwd=ThePwd12

orapki wallet add -wallet ./authority -dn "CN=authority, C=US" -keysize 2048 
-self_signed -validity 3650 -pwd=ThePwd12

orapki wallet export -wallet ./authority -dn "CN=authority, C=US" 
-cert CA.cer-pwd=ThePwd12
    The CA.cer file is the trusted certificate that is used in the keytool command to import a CA certificate into the truststore for the dispatcher.
  2. Create stores for Oracle eBS database tier authentication
    Issue the following commands:
    mkdir server

orapki wallet create -wallet ./server -auto_login -pwd=ThePwd12

orapki wallet add -wallet ./server -trusted_cert -cert CA.cer -pwd=ThePwd12

orapki wallet add -wallet ./server -dn "CN=server, C=US" -keysize 2048 
-pwd=ThePwd12

orapki wallet export -wallet ./server -dn "CN=server, C=US" -request creq.cer 
-pwd=ThePwd12

orapki cert create -wallet ./authority -request creq.cer -cert signed.cer 
-validity 3650 -pwd=ThePwd12

orapki wallet add -wallet ./server -user_cert -cert signed.cer -pwd=ThePwd12
  3. Configure the Oracle network.
    You must configure the listener.ora and sqlnet.ora files on the Oracle eBS database tier to enable SSL. These files are typically edited with the Oracle Net Manager or with a text editor. These files are in the ORACLE_HOME/network/admin/instance directory of the database tier. This example does not require adapter authentication. If you want to require authentication for the Oracle eBS Adapter, set SSL_CLIENT_AUTHENTICATION to TRUE.
    1. Edit the listener.ora file.
    2. Locate the following lines and substitute the appropriate values for SERVER_WALLET_LOCATION and HOSTNAME. 
      SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION = (SOURCE = (METHOD = FILE)(METHOD_DATA =
(DIRECTORY = SERVER_WALLET_LOCATION)
))
LISTENER = (DESCRIPTION_LIST = (DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = HOSTNAME)(PORT = 2484))
))
      Note: Port 2484 is typically used for SSL communication (TCPS protocol).
    3. Edit the sqlnet.ora file.
    4. Locate the following lines and substitute the appropriate values for highlighted values. 
      SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION = (SOURCE = (METHOD = FILE)(METHOD_DATA =
(DIRECTORY = SERVER_WALLET_LOCATION)
))