8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | 21c | 23ai | Misc | PL/SQL | SQL | RAC | WebLogic | Linux

Home » Articles » 12c » Here

Oracle HTTP Server (OHS) 11g and 12c : Configure SSL

This article describes how to configure SSL for Oracle HTTP Server (OHS) 11g and 12c.

Related articles.

Configuration Options

Oracle HTTP Server (OHS) is an Apache HTTP Server with some extra modules included, so we can take the normal approach of configuring SSL like any other Apache server, as described in this article.

By default OHS uses a wallet containing a demo certificate to enable HTTPS. We should replace this demo certificate with a self-signed certificate or a certificate from a certificate authority. This article will describe replacing the demo certificate with self-signed certificate.

Create a Wallet and Certificate

The following article includes a number of methods for creating certificates, keystores and wallets.

Here is an example of creating a wallet containing a self-signed certificate.

mkdir -p ~/wallet
cd ~/wallet

$MW_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd WalletPasswd123 -auto_login

$MW_HOME/oracle_common/bin/orapki wallet add -wallet ./ -pwd WalletPasswd123 \
  -dn "CN=`hostname`, OU=Example Department, O=Example Company, L=Birmingham, ST=West Midlands, C=GB" \
  -keysize 1024 -self_signed -validity 3650

If you have an existing JKS keystore used to SSL enable WebLogic managed servers, you can create a wallet from it with the following commands.

mkdir -p ~/wallet
cd ~/wallet

$MW_HOME/oracle_common/bin/orapki wallet create -wallet ./ -pwd WalletPasswd123 -auto_login

$MW_HOME/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet ./ -pwd WalletPasswd123 \
    -keystore ~/keystore/identity.jks -jkspwd KeystorePassword123

Edit ssl.conf

Edit the "$INSTANCE_HOME/ssl.conf" file, amending the following setting to these values.

   SSLProtocol -All +TLSv1
   SSLWallet  "/home/oracle/wallet"
   SSLCipherSuite HIGH:!aNULL:!MD5:!3DES:!DES:!DHE:!RSA

Depending on the components you are using, and any additional configuration you have performed, you should check the following files too.


You must restart OHS for the changes to take effect.

$DOMAIN_HOME/bin/stopComponent.sh ohs1
$DOMAIN_HOME/bin/startComponent.sh ohs1

For more information see:

Hope this helps. Regards Tim...

Back to the Top.