How to setup GeoTrust SSL on OC4J

December 29, 2004 at 3:08 pm · Filed under Techno

An SSL certificate is required to secure/encrypt the communications between a client browser and an OC4J J2EE sesrver. The SSL certificate is used for encryption and identification of your web site.

Assumptions:

We have Sun Java JDK 1.3.1_06 properly setup on the server machine

OC4J is installed in the C:\Java\OC4J folder

Step 1 - Setup a Certificate Signing Request (CSR)

A CSR is used to describe and identify both your server and your company. It will be sent to GeoTrust in a later step.

To start change to a directory where you will be storing your CSR and eventually your certificate.

I.E. cd C:\Java\OC4J\J2EE

Generate a private key with the following command: 

keytool -genkey -alias oc4j -keyalg RSA -keystore keystore

You will be prompted for a password.

IMPORTANT The next field that you will be prompted for is “What is your first and last name?” At this prompt, you must specify the common name (FQDN) of your web site. I.E. www.yourdomain.com

You will then be prompted for your organizational unit, organization, etc.

Generate the CSR by typing the following command: 

keytool -certreq -alias oc4j -keystore keystore -file www.yourdomain.com.csr

You will not be prompted for the common name, organization, etc. The keytool will use the values that you specify when generating the private key.

Step 2 - Obtain Certificate

Point your browser to: https://members.ev1.net/rsMembers/english/ssl/sslorder.asp and follow the steps required. You will need to upload (via cut and paste) the CSR you generated in Step 1 so have it handy.

The end result will be that you will end up with an email from GeoTrust with the certificate in it. Copy the certificate information to a file inside the same filder you were working on in Step 1

I.E. C:\Java\OC4J\J2EE

Step 3 - Import the required certificates:

Before you can import your certificate you will need to import the Equifax Root certificate into your keystore.

Download the Equifax Root Certificate from:

http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer

Make sure to download this to C:\Java\OC4J\J2EE

Import the root certificate by typing in the following command: 

keytool -import -alias geotrustca -keystore keystore -file Equifax_Secure_Certificate_Authority.cer

Once the root certificate is installed you can import the certificate you just generated in Step 2 by typing in the following command: 

keytool -import -alias oc4j -keystore keystore -file www.yourdomain.com.crt

Step 4 - Configure and restart OC4J

Go to the config folder of your OC4J installation, in our case it would be in C:\Java\OC4J\J2EE\HOME\CONFIG and copy http-web-site.xml to secure-web-site.xml.

Edit secure-web-site.xml and change tag as follows:

Code:


<web-site port="6060" display-name="Oracle9iAS Containers for J2EE HTTP Web Site" secure="true">
   <ssl-config keystore="../../keystore" keystore-password="password"/>
   <default-web-app application="default" name="defaultWebApp" />
   <web-app application="default" name="edms" root="/edms" shared="true"/>
   <access-log path="../log/http-web-access.log" />
</web-site

The key elements are:

The secure=”true” attribute.

The pointing to your keystore and including your keystore password from Step 1

tag for your application including the shared=”true” attribute

Lastly go to edit the server.xml file in the same folder and change the reference from http-web-site.html to secure-web-site.html…this will allow only SSL connections to your server.

That’s it…restart OC4J and you’re ready to go.

RSS feed for comments on this post · TrackBack URL

Leave a Comment

*
To prove that you're not a bot, enter this code
Anti-Spam Image