Print Page

Sunday, August 26, 2007

SSL Setup for Oracle AS B2B

Please follow the below steps to configure B2B for SSL.

1. Configure SSL.

a. Edit Oracle_Home\opmn\conf\opmn.xml. Search for ssl-disabled and change it to ssl-enabled.
b. Startup Oracle Wallet Manager. Open the default wallet* in Oracle_Home\Apache\Apache\conf\ssl.wlt\default. Password is welcome.
c. Right click on “Trusted Certificates” Node and import the Remote Trading Partners Certificate.
d. Save the wallet in location Oracle_Home\Apache\Apache\conf\ssl.wlt\default and save as text file i.e b2bwallet.txt
e. Edit Oracle_Home\ip\config\
f. Search for wallet location and change it to Oracle_Home\\Apache\\Apache\\conf\\ssl.wlt\\default\\b2bwallet.txt
g. In the Host Trading partner change the wallet password to "welcome"
h. Stop and start opmn – opmnctl stopall / opmnctl startall

* Note: Usage of default wallet is recommended only for Test. Request for a Server Certificate from a CA for actual usage.

2. Test SSL Configuration

a. Access Oracle Enterprise Manager.
b. Find the SSL port
c. Access the B2B Transport Servlet through the following the URL: https://hostname:sslport/b2b/transportServlet

3. Configure SSL for Trading Partners.

a.Log into the B2B UI Tool.
b. Click on Partners>>Trading Partners>>Select the Trading Partner>>Capabilities>>Select the Business Protocol>>Communication Capabilities>>Select Delivery Channel
c. Update Delivery Channel to enable Transport Security.
d. Update Transports details to select HTTPS 1.1 secure as the Transport Protocol.
e. Update Transport Server details to include the SSL port.
f. Repeat this for the remaining Trading Partner.
g. Create a Configuration and Deploy.

For a new wallet, please follow.

1. Create a new wallet with OWM (Oracle Wallet Manager).
2. Generate a certificate request from wallet manager for the host Acme.
3. Sign this certificate request from OCA (Oracle Certificate Authority).
4. Import the approved certificate in the wallet. The wallet now contains the ready certificate of host Acme.
5. Import the CA certificate. Wallet now contains the host certificate and CA root certificate. Also import the remote trading partners certificate. Wallet now has host,CA and remote trading partners certificate.
6. Export the wallet and save it as wallet.txt.
6. Update the for wallet location to Oracle_Home\Apache\Apache\conf\ssl.wlt\default\wallet.txt. Also update opmn.xml for ssl-enabled.
7. Create the wallet password in host trading partner.
8. Create the delivery channel for host and remote trading partners with transport security enabled.
9. Create the agreement with working collaboration and secured delivery channels and deploy it.
10. Stop and start opmn – opmnctl stopall / opmnctl startall

No comments: