Wednesday, March 22, 2017

Configure SSL for OHS 11g



Definitions, Acronyms, and Abbreviations

Ports: 
Make sure following ports are open on OHS machine.

SSL: 4443 (Recommended)
Non-SSL: 7777 (It could be different one as per your environment)

Step1: Importing an existing SSL key/certificate pair into a Java Keystore

If you have given a pair of .cert and .key file (Maybe with password), you have to strictly follow steps listed in this awesome blog by John Graham(http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html). Here are the steps he has given:

1. Suppose you have a certificate and key in PEM format. The key is named host.key and the certificate host.crt.

2. The first step is to convert them into a single PKCS12 file using the command: openssl pkcs12 -export -in host.crt -inkey host.key > host.p12. You will be asked for various passwords (the password to access the key (if set) and then the password for the PKCS12 file being created).

3. Then import the PKCS12 file into a keystore using the command: keytool -importkeystore -srckeystore host.p12 -destkeystore host.jks -srcstoretype pkcs12. You now have a keystore named host.jks containing the certificate/key you need.

We have to have all keys and certificates bundled in a PKCS12 file(.p12 or .pfx) and then import into a single java Keystore(.jks).

To know about PKCS12 read on https://en.wikipedia.org/wiki/PKCS_12
"In cryptography, PKCS 12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust


Friday, March 3, 2017

Testing URL redirect in bulk, including URL with https


I came across to a requirement to test a list of URL if they are redirecting correctly. 
This could be a very tedious task, if done manually as the list was long. 

I tried Fiddler (www.telerik.com/fiddler). However, it did not solve the purpose. I could not find a way to use Fiddler for URL in bulk. Also it was hard to control Fiddler as once it start capturing, it captures everything going out or coming in your computer. Lot of junk it creates. 

Then, I used this funny name tool called Screaming frog (https://www.screamingfrog.co.uk/seo-spider/). Wow, It was just the tool I was looking for. Very smooth and controlled tool. 
Here the steps to use it to test URL redirection in bulk: 

I had to run Screaming frog in “List” mode

Go to Mode and click on "List"



Create a text file and write all URL need to be tested, one URL per line. Then upload it.




 Follow the wizard and you will see result like this: 



I have squeezed the columns I am not interested in. You can in my demo, gmail.com got redirected to goole.com/gmail.Status 301 means redirection done perfectly. 


This is it, very simple and perfect tool for the purpose!


Friday, February 25, 2011

Everything you need to know to configure OHS 11g/12c running in SSL/TLS mode




Definitions, Acronyms, and Abbreviations



Term
Description
OHS
Oracle HTTP Server
PKCS12
TLS
SSL

Keystore
Wallet
Keytool
openssl
orapki

Ports: 
Make sure following ports are open on OHS machine.

SSL: 4443 (Recommended)
Non-SSL: 7777 (It could be different one as per your environment)

Step1: Importing an existing SSL key/certificate pair into a Java Keystore

If you have given a pair of .cert and .key file (Maybe with password), you have to strictly follow steps listed in this awesome blog by John Graham(http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html). Here are the steps he has given:

1. Suppose you have a certificate and key in PEM format. The key is named host.key and the certificate host.crt.

2. The first step is to convert them into a single PKCS12 file using the command: openssl pkcs12 -export -in host.crt -inkey host.key > host.p12. You will be asked for various passwords (the password to access the key (if set) and then the password for the PKCS12 file being created).

3. Then import the PKCS12 file into a keystore using the command: keytool -importkeystore -srckeystore host.p12 -destkeystore host.jks -srcstoretype pkcs12. You now have a keystore named host.jks containing the certificate/key you need.

We have to have all keys and certificates bundled in a PKCS12 file(.p12 or .pfx) and then import into a single java Keystore(.jks).

To know about PKCS12 read on https://en.wikipedia.org/wiki/PKCS_12
"In cryptography, PKCS 12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust