Skip to topic | Skip to bottom
Home
You are here: TWiki > Apex Web > SecurityCategory > SSLandAPEXxdbHttp r1 - 13 May 2007 - 19:53 - PeterLorenzen
EditAttachPrintable

Start of topic | Skip to actions

Using SSL with the Oracle XML DB HTTP Server?

If you are running APEX via the Oracle XML DB HTTP Server you can use SSL to encrypt the communication between the browser and the HTTP Server by following the steps below. Before you start you have to create a Wallet and load a SSL certificated in it as explained here.

  1. Enable FTP access to XML DB: 
    call dbms_xdb.setftpport(21);
  2. Login to XML DB via FTP as SYSTEM
  3. Copy the xdbconfig.xml file from the root to your PC. The file contains the XML DB setup
  4. Configure the SSL port by setting these parameters: http2-port and http2-protocol in you local file. The format of the file is described here. Something like this: 
    <http2-port>8090</http2-port>
<http2-protocol>TCPS</http2-protocol>
  5. Copy the local file back to XML DB. If you have not placed the tags in the right position you get an error.
  6. Specify the location of the Wallet you created earlier in the sqlnet.ora and listener.ora files in ORACLE_HOME\NETWORK\ADMIN. For example: 
    WALLET_LOCATION =
  (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
      (DIRECTORY = d:\oracle\wallet)
    )
  )
  7. Disable client authentication by inserting this in the sqlnet.ora and the listener.ora files:
    SSL_CLIENT_AUTHENTICATION = FALSE
  8. Create a listening end point that uses SSL by inserting this in the listener.ora file. For example:
    LISTENER_SSL=
( DESCRIPTION_LIST =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCPS)(HOST = WMSI001494.corp.wmdata.net)(PORT = 2484))
  )
)
  9. Enable TCPS Dispatcher by running this as SYS. Remember to replace orcl in SERVICE with your SID:
    alter system set dispatchers= '(PROTOCOL=TCPS) (SERVICE=orclXDB)' scope=spfile;
  10. Restart the database
  11. Now you should be able to use SSL. For example: https://wmsi001494:8090/apex/apex_admin
  12. You have to import the SSL certificate in your browser. How you do it depends on the browser and browser version
  13. To disable normal HTTP access run this as SYS: 
     call dbms_xdb.sethttpport(0);

There are a range of optional settings that I have ignored so check the Oracle XML DB Developer's Guide and Oracle Database Advanced Security Administrator's Guide

Also most of the setup can be done using the Oracle Net Manager if you prefer.

Here are examples of the setup files:




Author: PeterLorenzen - 13 May 2007

Comments

End of topic
Skip to actions | Back to top
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
This site is powered by the TWiki collaboration platformCopyright © 1999-2010 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
key Log In or Register