How To Enable SSL and TLS 1.2 in Oracle E-Business Suite Release 12.2 - by Mohsin Ali - Medium

3/12/24, 11:09 AM How to enable SSL and TLS 1.2 in Oracle E-Business Suite Release 12.
iness Suite Release 12.2 | by Mohsin Ali | Medium
Open in app Sign up Sign in
Search Write
How to enable SSL and TLS 1.2 in

Oracle E-Business Suite Release
12.2
Mohsin Ali · Follow
4 min read · Dec 13, 2023
14
This document details the steps for enabling SSL/TLS 1.2 in Oracle E-
Business Suite Release 12.2.x
https://mohsinalirana.medium.com/how-to-enable-ssl-and-tls-1-2-in-oracle-e-business-suite-release-12-2-714271b7337b 1/14
3/12/24, 11:09 AM How to enable SSL and TLS 1.2 in Oracle E-Business Suite Release 12.2 | by Mohsin Ali | Medium
PreRequisites:
Apply Necessary Patches for TLS 1.2 mentioned in below document:
Enabling TLS in Oracle E-Business Suite Release 12.2 (Doc ID 1367293.1)

5.1 Apply Required Updates and Patches
Stop the Application Services:
cd $ADMIN_SCRIPTS_HOME
sh adstpall.sh apps/apps
1 ) Create a Wellet and Generate CSR file:
. /u01/app/oracle/DEVDB/EBSapps.env run
cd /u01/walletnew
export PATH=$FMW_HOME/webtier/bin:$FMW_HOME/oracle_common/bin:$PATH
alias orapki=$FMW_HOME/oracle_common/bin/orapki
orapki wallet create -wallet ./ -auto_login_only

export DN='CN=test.domain.com.sa,O=TEST Investments Company,L=Riyadh,ST=Riyadh,C
orapki wallet add -wallet ./ -dn "$DN" -asym_alg RSA -keysize 2048 -sign_alg sha
export DN='CN=test.domain.com.sa,O=TEST Investments Company,L=Riyadh,ST=Riyadh,C
2) Submit the Certificate Request to a Certificate Authority:
cd /u01/walletnew
orapki wallet export -wallet ./ -dn "$DN" -request server.csr
In my case I am using Digicerts Certificates.
Sumbit above generated CSR to certificate Autority to issue digital certificates.
3) Import the Server Certificate to the Wallet:
Upload the certificates received from CA Authority in a directory:
cd /u01/walletnew
mv TrustedRoot.crt ca.crt
mv DigiCertCA.crt intca.crt
mv devdb_nci_com_sa.crt server.crt
4) Import any root and intermediate certificates into the wallet:
orapki wallet add -wallet ./ -trusted_cert -cert ca.crt -auto_login_only

orapki wallet add -wallet ./ -trusted_cert -cert intca.crt -auto_login_only
orapki wallet add -wallet ./ -user_cert -cert server.crt -auto_login_only
5) Modify the Oracle HTTP Server Wallet:
cd /u01/app/oracle/DEVDB/fs1/FMW_Home/webtier/instances/EBS_web_OHS1/config/OHS/
mkdir bkp-31Aug2023
mv cwallet.sso cwallet.sso.lck bkp-31Aug2023/
cp /u01/walletnew/cwallet.sso* /u01/app/oracle/DEVDB/fs1/FMW_Home/webtier/instan
6) Modify the OPMN Wallet and Configure the Cipher Suites:
cd /u01/app/oracle/DEVDB/fs1/FMW_Home/webtier/instances/EBS_web_OHS1/config/OPMN
mkdir bkp-31Aug2023
7) Modify the Oracle Fusion Middleware Wallets:
mkdir bkp-31Aug2023
8) Add Ca in Internet certificates:
echo $ORACLE_HOME/sysman/config
/u01/app/oracle/DEVDB/fs1/EBSapps/10.1.2/sysman/config
cd /u01/app/oracle/DEVDB/fs1/EBSapps/10.1.2/sysman/config
cp b64InternetCertificate.txt b64InternetCertificate.txt_bk
cd /u01/walletnew
cat ca.crt >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt
9) Configure the OPMN Cipher Suites:
cd /u01/app/oracle/DEVDB/fs1/FMW_Home/webtier/instances/EBS_web_OHS1/config/OPMN
cp opmn.xml opmn.xml_bk
vi opmn.xml
find "ssl enabled"

Change
<ssl enabled="true" wallet-file="/u01/app/oracle/DEVDB/fs1/FMW_Home/webtier/inst
TO
<ssl enabled="true" wallet-file="/u01/app/oracle/DEVDB/fs1/FMW_Home/webtier/inst
10) Edit the admin.conf File:
cp admin.conf admin.conf_bk
vi admin.conf
find SSLCipherSuite
Change
SSLCipherSuite HIGH:MEDIUM
SSLProtocol TLSv1.2
TO
SSLCipherSuite HIGH:MEDIUM
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
11) Edit SSL configuration File:
cp ssl.conf ssl.conf_bk
vi ssl.conf
SLProtocol TLSv1.2
TO
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
12) Start Weblogic Admin server:
sh adadminsrvctl.sh start
13) Login the Weblogic console and change following configuration:
1) Click on Lock & Edit.

2) Under Domain Structure > your Oracle E-Business Suite domain >
Environment and Servers, select one of the managed servers.
(Note that you will need to repeat this for all managed servers in your envir
Then under the Server Start tab in the Arguments section, add the following:
-DUseSunHttpHandler=true -Dhttps.protocols=TLSv1.2
14) Redeploy NonJ2EEmanagement Application:
Once you've performed the Above, Redeploy the NonJ2EEmanagement Application

by following:
cd $FMW_HOME
. SetWebtier.env
$ORACLE_HOME/opmn/bin/opmnctl redeploy -adminHost test.domain.com.sa -adminPort
perl $AD_TOP/bin/adSyncContext.pl contextfile=$CONTEXT_FILE
Stop the Weblogic Services:
sh adadminsrvctl.sh stop
15) Import Certificates in CACERTS files:
cd /u01/app/oracle/DEVDB/fs1/EBSapps/comn/util/jdk64/jre/lib/security/cacerts
chmod u+w cacerts
When prompted, enter the keystore password (the default password is "changeit").
keytool -import -alias OHSRootCA -file ca.crt -trustcacerts -v -keystore cacerts

keytool -import -alias OHSIntCA -file intca.crt -trustcacerts -v -keystore cacer
keytool -import -alias OHSServer -file server.crt -trustcacerts -v -keystore cac
chmod u-w cacerts
cd /u01/app/oracle/DEVDB/fs1/EBSapps/comn/util/jdk32/jre/lib/security/cacerts
chmod u+w cacerts

keytool -import -alias OHSRootCA -file ca.crt -trustcacerts -v -keystore cacerts
keytool -import -alias OHSIntCA -file intca.crt -trustcacerts -v -keystore cacer
keytool -import -alias OHSServer -file server.crt -trustcacerts -v -keystore cac
chmod u-w cacerts
16) Change Following Variables in the Context File:
echo $CONTEXT_FILE
/u01/app/oracle/DEVDB/fs1/inst/apps/DEVDB_devdb/appl/admin/DEVDB_devdb.xml
cd /u01/app/oracle/DEVDB/fs1/inst/apps/DEVDB_devdb/appl/admin
cp DEVDB_devdb.xml DEVDB_devdb.xml_bk
vi DEVDB_devdb.xml
Change below Context Variables:
s_url_protocol https
s_local_url_protocol https
s_webentryurlprotocol https
s_active_webport 4443
s_webssl_port 4443
s_https_listen_parameter 4443
s_login_page https://test.domain.com.sa:4443/OA_HTML/AppsLogin
s_external_url https://test.domain.com.sa:4443
17) Run Autoconfig on Application:
adautocfg.sh
vi /u01/app/oracle/DEVDB/fs1/FMW_Home/user_projects/domains/EBS_domain/config/co
change
<connection-filter-rule>0.0.0.0/0 * * deny</connection-filter-rule>
to
<connection-filter-rule>0.0.0.0/0 * * allow</connection-filter-rule>
18) Synchronization Between Run and Patch File Systems:
vi $APPL_TOP_NE/ad/custom/adop_sync.drv
#SSL SECTION - START

# Required for SSL setup migration from RUN to PATCH file-system.
# Please alter the commands in the event that rsync is not available or the plat
#10.1.2 b64InternetCertificate.txt
rsync -zr %s_current_base%/EBSapps/10.1.2/sysman/config/b64InternetCertificate.t
#Oracle HTTP Server Wallet - cwallet.sso

rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OH
#OPMN Wallet - cwallet.sso

rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OP
#Fusion Middleware Control Wallets - cwallet.sso

rsync -zr %s_current_base%/FMW_Home/user_projects/domains/EBS_domain_%s_dbSid%/o
rsync -zr %s_current_base%/FMW_Home/user_projects/domains/EBS_domain_%s_dbSid%/o
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OH
#JDK keystore
rsync -zr --include=jdk* --include=jdk*/jre --include=jdk*/jre/lib --include=jdk
#SSL SECTION - END
wq!
19) Start the Application Services:
sh adstrtall.sh apps/apps
20) Run FS_CLONE
adop phase=fs_clone
Oracle E Business Suite Ebs R12 Upgrade Oracle Ebs R12 Ebs R12 Ssl
Ebs R12 Tls
Public domain.
Written by Mohsin Ali Follow
5 Followers
Oracle Application Database Consultant Linkedin:

https://www.linkedin.com/in/mohsinalirana/
More from Mohsin Ali
Mohsin Ali Mohsin Ali
How to Setup DMZ on EBS R12.2.x How to install Oracle Apex with
DMZ Configuration With an External and ORDS and Apache Tomcat on…
Internal Application Tier: This document shows how to install and
configure Oracle Apex 22.2 with ORDS and…
4 min read · Oct 7, 2023 4 min read · Jan 14, 2024
1 2 1
Mohsin Ali Mohsin Ali
How to upgrade EBS 12.1.3 to How to enable SSL on Weblogic for

12.2.12 EBS R12.2
Upgrade EBS 12.1.3 to 12.2.12: This Document show the steps to implement
SSL on weblogic on EBS R12.2.x , Before…
10 min read · Dec 14, 2023 5 min read · Jan 12, 2024
See all from Mohsin Ali
Recommended from Medium
Martin Heinz in ITNEXT Artturi Jalli
Modern Git Commands and I Built an App in 6 Hours that Makes

Features You Should Be Using $1,500/Mo
It’s not 2005 anymore and git offers more Copy my strategy!
than just add, commit, push and pull. Let’s…
· 6 min read · 5 days ago · 3 min read · Jan 23, 2024
539 3 12.7K 151
Lists
Staff Picks Stories to Help You Level-Up

597 stories · 807 saves at Work
19 stories · 515 saves
Self-Improvement 101 Productivity 101

20 stories · 1464 saves 20 stories · 1350 saves
Appareddy Dwarampudi Prateek Bansal
Configuring Thanos Receiver: A SSL & TLS 4: Public Key

Step-by-Step Guide for Long-Ter… Infrastructure
"Welcome! If you’re familiar with Prometheus, Public Key Infrastructure (PKI) is a framework
you’re in the right place. In this blog, we’ll… established to enable secure, encrypted…
5 min read · Dec 1, 2023 6 min read · Dec 4, 2023
an0nbil in InfoSec Write-ups Oliver Foster in Stackademic
This is the easiest bug you can find What’s the Difference Between
right now. localhost and 127.0.0.1?
My article is open to everyone; non-member
readers can click this link to read the full text.
3 min read · Feb 21, 2024 · 8 min read · Feb 1, 2024
603 6 2.3K 10
See more recommendations

How To Enable SSL and TLS 1.2 in Oracle E-Business Suite Release 12.2 - by Mohsin Ali - Medium

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To Enable SSL and TLS 1.2 in Oracle E-Business Suite Release 12.2 - by Mohsin Ali - Medium

Uploaded by

Copyright:

Available Formats

3/12/24, 11:09 AM How to enable SSL and TLS 1.2 in Oracle E-Business Suite Release 12.

iness Suite Release 12.2 | by Mohsin Ali | Medium

Open in app Sign up Sign in

How to enable SSL and TLS 1.2 in

Apply Necessary Patches for TLS 1.2 mentioned in below document:

Enabling TLS in Oracle E-Business Suite Release 12.2 (Doc ID 1367293.1)

Stop the Application Services:

1 ) Create a Wellet and Generate CSR file:

orapki wallet create -wallet ./ -auto_login_only

export DN='CN=test.domain.com.sa,O=TEST Investments Company,L=Riyadh,ST=Riyadh,C

2) Submit the Certificate Request to a Certificate Authority:

In my case I am using Digicerts Certificates.

Sumbit above generated CSR to certificate Autority to issue digital certificates.

3) Import the Server Certificate to the Wallet:

Upload the certificates received from CA Authority in a directory:

4) Import any root and intermediate certificates into the wallet:

orapki wallet add -wallet ./ -trusted_cert -cert ca.crt -auto_login_only

5) Modify the Oracle HTTP Server Wallet:

6) Modify the OPMN Wallet and Configure the Cipher Suites:

7) Modify the Oracle Fusion Middleware Wallets:

8) Add Ca in Internet certificates:

9) Configure the OPMN Cipher Suites:

find "ssl enabled"

10) Edit the admin.conf File:

11) Edit SSL configuration File:

12) Start Weblogic Admin server:

13) Login the Weblogic console and change following configuration:

1) Click on Lock & Edit.

14) Redeploy NonJ2EEmanagement Application:

Once you've performed the Above, Redeploy the NonJ2EEmanagement Application

perl $AD_TOP/bin/adSyncContext.pl contextfile=$CONTEXT_FILE

Stop the Weblogic Services:

15) Import Certificates in CACERTS files:

keytool -import -alias OHSRootCA -file ca.crt -trustcacerts -v -keystore cacerts

chmod u+w cacerts

16) Change Following Variables in the Context File:

Change below Context Variables:

17) Run Autoconfig on Application:

18) Synchronization Between Run and Patch File Systems:

#SSL SECTION - START

#Oracle HTTP Server Wallet - cwallet.sso

#OPMN Wallet - cwallet.sso

#Fusion Middleware Control Wallets - cwallet.sso

rsync -zr %s_current_base%/FMW_Home/user_projects/domains/EBS_domain_%s_dbSid%/o

rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OH

19) Start the Application Services:

20) Run FS_CLONE

Ebs R12 Tls

Written by Mohsin Ali Follow

Oracle Application Database Consultant Linkedin:

More from Mohsin Ali

Mohsin Ali Mohsin Ali

4 min read · Oct 7, 2023 4 min read · Jan 14, 2024

Mohsin Ali Mohsin Ali

How to upgrade EBS 12.1.3 to How to enable SSL on Weblogic for

See all from Mohsin Ali

Recommended from Medium

Martin Heinz in ITNEXT Artturi Jalli

Modern Git Commands and I Built an App in 6 Hours that Makes

· 6 min read · 5 days ago · 3 min read · Jan 23, 2024

539 3 12.7K 151

Staff Picks Stories to Help You Level-Up

Self-Improvement 101 Productivity 101