Hi.
I have a big problem setting up Oracle Application Server to use
SSL. I have been able to setup a apache webserver with SSL. Of course I'm
trying whith OpenSSL. I hope somebody could show me a way...
I have Oracle Application Server 4.0.8 on AIX 4.3.3, it's running
fine, but I want to use SSL (by obvious reasons).
My OpenSSL version is 0.9.5 28 Feb 2000 on Linux 2.2.16, I've used it
to make certificates for Apache webservers without any problem.
To set up OAS with SSL it needs basicly 3 files (Apache just 2):
CertFile.- The certificate file signed by a CA, in this case
myself.
DistNameFile.- File containing the server distinguised name.
PrivateKeyFile.- The private key.
DistNameFile does no exist in Apache and this is a binary file, I
can't edit it...
The proces to generate this files is simple... I just need to run a
program called "genreq" (part of OAS), it prompts for tipical information
such as CommonName, e-mail, Country, etc... however this command creates
three files:
DistNameFile (binary) servname.der
PrivateKeyFile (binary) privkey.der
CertReq (ASCII) certreq.pkc
The CertReq file is what I use to create and sign a CertFile with
OpenSSL. OAS manual's says I can use Oracle Security Server instead of pay
a CA file like verisign... anyway I don't have Oracle Security Server so
I'm trying with OpenSSL.
I have done it in four ways (no one works):
1.- I used CA.pl to create and sign a certificate useing the
CertReq file (generated by genreq OAS). It's created fine but when I click
"the play bottom" in the OAS manager (A web page) just say "Couln't start
foo listener". The logs says the same (too much information).
2.- I taked lent a certificate from other webserver
(Apache) This certificate was generated in the way explained in
www.apache-ssl.org (FAQ) by command line. The common name and other info
does not correspond each other but whin I do a "click" on "the play
bottom" the listener starts ( ??? ) but after viewing the cert info to
start the real work it's unable to send data: "Netscape has encountred
bad data from the server". The logs says Listener foo started with SSL but
no more. OAS listener think is working fine...
3.- I copied a CertFile from an Apache. This cert was generated by
CA.pl The OAS didn't start the listener.
4.- I generated a cert file with:
openssl req -new > new.cert.csr
openssl x509 -in new.cert.csr -out new.cert.cert -req
-signkey privkey.pem -days 30
taking care the info entered were the same than the given when I created
DistNameFile, PrivateKeyFile, CertReq with OAS genreq (CommonName, email,
etc...) Like the second way OAS Listener Started but is unable to send
data. Once and again my friendly logs doesn't say much...
All the lent certs works fine in their Apache webservers even if they
be scrambled. OAS is able to use 40 bits https listener or 128 bits https
listener, I'm useing 40 bits.
Someting more... it's strange that OAS doesn't ask for a passphrase in
command line or OAS Manager.
Thanks a lot (Does somebody has a piece or pizza?) .
--
Ricardo Santos Quintero
mailto:[EMAIL PROTECTED]
http://www.cs.buap.mx/~ricardo
Area de Administración de Redes
Facultad de Ciencias de la Computación
Benemérita Universidad Autónoma de Puebla
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
