AWS
Quick guide on aws for beginners Understanding network concepts in aws How to achieve CI/CD in aws CI/CD in aws managed resources with Jenkins Push Image to aws ECR Using GitHub Actions Setup an EventBridge Rule in aws How ECS & ECR works in aws EKS with Fargate Profile Launch EKS using eksctl in aws Container insight for EKS-Fargate in cloudwatch Deploy aws resources with CloudFormation AWS secrets scanning by GitHub Setup Site to Site VPN Connection in AWS
AZURE
Gateways in Azure Understanding network concepts in Azure Ingress in Azure Kubernetes Service
GCP
Architecting hybrid infrastructure with Anthos

ANSIBLE
Ansible a configuration management tool Runbook Automation tool for playbooks
DOCKER
Docker a containerization Tool Networking in Docker Multi-stage build in Docker what is docker-compose All about Docker swarm
GIT
CLI instruction to work with Git Integrating Jenkins with GitHub Secret detection in GitLab Push Image to ECR Using GitHub Actions
JENKINS
Jenkins a continuous integration tool Acheive CI/CD using Jenkins in AWS Configuring weblogic deployer plugin in Jenkins
KUBERNETES
Kubernetes an orchestration framework Launch kubernetes cluster in Different ways Debugging your kubernetes cluster Certificates renewal of kubernetes cluster Deploying application on Kubernetes cluster api versions to use in manifest file RBACs in Kubernetes Health check of containers in Kubernetes Rancher a cluster management platform Understanding ISTIO as a service mesh
TERRAFORM
Deploying IaC using Terraform Terraform module EKS cluster using Terraform

APACHE
Things to know in Apache How to Configure Apache-httpd Server Setup httpd as os-service on OL8 SiteMinder and its Integration with WebServer Apache SSL Installation Instructions NO_RESOURCES Errors in APACHE with WLS
WEBLOGIC
Installing WebLogic 12.1.3 without GUI WebLogic Server as a managed Azure service WLS domain extension to include JRF template All about OPatch in WLS How to define WorkManager in Weblogic Some known Weblogic exceptions Different OutOfMemory issues Some known Weblogic exceptions Play with WLST Persistent store in WLS Configuration of NodeManager

JAVA
JAVA_OPTIONS Study on JAVA_HEAP Native OOM in Java Heap Types of Threads Various Java-options to use in Java apps How to run Java Flight Recorder dbping a java-weblogic utility
SSL
When & why to use SSL certificates SSLv3 to TLS1.* SHA2 on Oracle https Server Weblogic SSL Renewal Steps
CHEATSHEETs
Linux Cheatsheet Linux Log parsing cheetsheet SSL Cheatsheet MySQL Cheatsheet PostgreSQL Cheatsheet WebLogic Cheatsheet Python Cheatsheet Kubernetes Cheatsheet Terraform Cheatsheet Hashicorp-vault Cheatsheet GCP Cheatsheet
OTHER
All about Messaging Queue small guide on Python WLSDM monitoring agent in WLS Register driver for MSSqlServer Understanding YAML Understanding Role of an API Gateway SonarQube code analysis

18 April 2017

SHA2 on Oracle Http Server

OHS has Limitation to work with SHA2 certificates and supports from 11.1.1.9 onwards

Here are the steps to configure SHA2 certificate over OHS server


1 generate a private key
$ openssl genrsa -des3 -out private.key 2048
(give password )

2 generate CSR
$ openssl req -new -sha256 -key private.key -out abc.csr

3 Create openssl wallet
$ openssl pkcs12 –export –out ewallet/ewallet.p12 –inkey priv_key_location \ 
  –in server_cert_location –certfile root_cert_location

  verify It using below command. You will see ‘User and trusted certificate’ 
  as shown in green below(if above command used correctly)
$ orapki wallet display -wallet ewallet/
**
User Certificates:
Subject:    CN=www.abc.com,O=GOOGLE INC,L=London,ST=London,C=GB
Trusted Certificates:
Subject:    CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\,
            Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
**

4 Extract user.crt  from the wallet created in previous step
$ orapki wallet export -wallet /opt/software/wt/ohs_instance/config/OHS/ohs1/keystores/ewallet/ \
  -dn "CN=www.abc.com,O=GOOGLE INC,L=London,ST=London,C=GB" -cert user.crt -pwd ********

Extract the intermediate and root certificate in base 64 format from certificate received by CA.
(from windows machine)

5 Create chain certificates ( copy certificates into single file chain.crt)
user --> Intermendiate --> root

6 Create a wallet using openssl
$ openssl pkcs12 –export –out /ohs_instance/config/OHS/ohs1/keystores/openssl/ewallet.p12 \
  –inkey private.key –in user.crt –certfile chain.crt

7 Convert openssl wallet to JKS
$ orapki wallet pkcs12_to_jks -wallet /ohs_instance/config/OHS/ohs1/keystores/openssl \ 
  -pwd ******** -jksKeyStoreLoc /ohs_instance/config/OHS/ohs1/keystores/punit.jks -jksKeyStorepwd welcome1 

8 Create an auto login wallet using orapki
$ orapki wallet create -wallet /ohs_instance/config/OHS/ohs1/keystores/abc -auto_login -pwd welcome1

9 Convert jks to wallet
$ orapki wallet jks_to_pkcs12 -wallet /ohs_instance/config/OHS/ohs1/keystores/dslcheck -pwd welcome1 \ 
  -keystore /opt/software/wt/ohs_instance/config/OHS/ohs1/keystores/punit.jks -jkspwd welcome1 

10 verify  wallet
 $ orapki wallet display -wallet /ohs_instance/config/OHS/ohs1/keystores/abc/

this should show below result and include all the certificates

**
User Certificates:
Subject:    CN=www.abc.com,O=GOOGLE INC,L=London,ST=London,C=GB
Trusted Certificates:
Subject:    CN=www.abc.com,O=GOOGLE INC,L=London,ST=London,C=GB
Subject:    CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
Subject:    CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, 
            Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
**

Refer the wallet path into ssl.conf & httpd.conf as

SSLWallet "/opt/software/wt/ohs_instance/config/OHS/ohs1/keystores/abc"

Restart the instance.

Refer this to check your installed certificate
https://www.sslshopper.com/ssl-checker.html#hostname=abc.com
Labels: , ,

No comments:

Post a Comment