Configure SSL for OHS 11g

Definitions, Acronyms, and Abbreviations

Term	Description
OHS	Oracle HTTP Server
PKCS12	Public Key Cryptography Standards (https://en.wikipedia.org/wiki/PKCS)
TLS	Transport Layer Security (https://en.wikipedia.org/wiki/Transport_Layer_Security)
SSL	Secure Socket Layer (http://info.ssl.com/article.aspx?id=10241)
Keystore	https://en.wikipedia.org/wiki/Keystore
Wallet	https://docs.oracle.com/cd/E23943_01/core.1111/e10105/wallets.htm#ASADM2021
Keytool	http://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html
openssl	https://www.openssl.org/
orapki	https://docs.oracle.com/cd/B28359_01/network.111/b28530/asoappf.htm#i634246

Ports: 

Make sure following ports are open on OHS machine.

SSL: 4443 (Recommended)

Non-SSL: 7777 (It could be different one as per your environment)

Step1: Importing an existing SSL key/certificate pair into a Java Keystore

If you have given a pair of .cert and .key file (Maybe with password), you have to strictly follow steps listed in this awesome blog by John Graham(http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html). Here are the steps he has given:

1. Suppose you have a certificate and key in PEM format. The key is named host.key and the certificate host.crt.

2. The first step is to convert them into a single PKCS12 file using the command: openssl pkcs12 -export -in host.crt -inkey host.key > host.p12. You will be asked for various passwords (the password to access the key (if set) and then the password for the PKCS12 file being created).

3. Then import the PKCS12 file into a keystore using the command: keytool -importkeystore -srckeystore host.p12 -destkeystore host.jks -srcstoretype pkcs12. You now have a keystore named host.jks containing the certificate/key you need.

We have to have all keys and certificates bundled in a PKCS12 file(.p12 or .pfx) and then import into a single java Keystore(.jks).

To know about PKCS12 read on https://en.wikipedia.org/wiki/PKCS_12

"In cryptography, PKCS 12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust" 

Testing URL redirect in bulk, including URL with https

I came across to a requirement to test a list of URL if they are redirecting correctly. 

This could be a very tedious task, if done manually as the list was long. 

I tried Fiddler (www.telerik.com/fiddler). However, it did not solve the purpose. I could not find a way to use Fiddler for URL in bulk. Also it was hard to control Fiddler as once it start capturing, it captures everything going out or coming in your computer. Lot of junk it creates. 

Then, I used this funny name tool called Screaming frog (https://www.screamingfrog.co.uk/seo-spider/). Wow, It was just the tool I was looking for. Very smooth and controlled tool. 

Here the steps to use it to test URL redirection in bulk: 

I had to run Screaming frog in “List” mode

Go to Mode and click on "List"

Create a text file and write all URL need to be tested, one URL per line. Then upload it.

 Follow the wizard and you will see result like this: 

I have squeezed the columns I am not interested in. You can in my demo, gmail.com got redirected to goole.com/gmail.Status 301 means redirection done perfectly. 

This is it, very simple and perfect tool for the purpose!

Everything you need to know to configure OHS 11g/12c running in SSL/TLS mode

Definitions, Acronyms, and Abbreviations

Term	Description
OHS	Oracle HTTP Server
PKCS12	Public Key Cryptography Standards (https://en.wikipedia.org/wiki/PKCS)
TLS	Transport Layer Security (https://en.wikipedia.org/wiki/Transport_Layer_Security)
SSL	Secure Socket Layer (http://info.ssl.com/article.aspx?id=10241)
Keystore	https://en.wikipedia.org/wiki/Keystore
Wallet	https://docs.oracle.com/cd/E23943_01/core.1111/e10105/wallets.htm#ASADM2021
Keytool	http://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html
openssl	https://www.openssl.org/
orapki	https://docs.oracle.com/cd/B28359_01/network.111/b28530/asoappf.htm#i634246

Ports: 

Make sure following ports are open on OHS machine.

SSL: 4443 (Recommended)

Non-SSL: 7777 (It could be different one as per your environment)

Step1: Importing an existing SSL key/certificate pair into a Java Keystore

If you have given a pair of .cert and .key file (Maybe with password), you have to strictly follow steps listed in this awesome blog by John Graham(http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html). Here are the steps he has given:

1. Suppose you have a certificate and key in PEM format. The key is named host.key and the certificate host.crt.

2. The first step is to convert them into a single PKCS12 file using the command: openssl pkcs12 -export -in host.crt -inkey host.key > host.p12. You will be asked for various passwords (the password to access the key (if set) and then the password for the PKCS12 file being created).

3. Then import the PKCS12 file into a keystore using the command: keytool -importkeystore -srckeystore host.p12 -destkeystore host.jks -srcstoretype pkcs12. You now have a keystore named host.jks containing the certificate/key you need.

We have to have all keys and certificates bundled in a PKCS12 file(.p12 or .pfx) and then import into a single java Keystore(.jks).

To know about PKCS12 read on https://en.wikipedia.org/wiki/PKCS_12

"In cryptography, PKCS 12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust"