Tuesday, February 26, 2008

SSL in 11i -- Where all we can have certificates

Yup one off the major problem for Apps DBA comes, when we have all bounch of security in our environment. SSL is one off them. So you have to take care of Apache ceritificate and moreover all issues with certificate or SSL handshake etc etc. But where to look for ceritificates:

Application Tier:
Look at httpd.conf file and search for ssl.crt or passkey or ssl.key, you will get the location where these files are stored. Make sure you change your ceritificate in the location mentioned in httpd.conf file.
ssl.crt > contains ca.crt, rootca.crt and server.crt files
ssl.key> contains server.key
passkey> Contains the certificate password

so for Apache certificate if you have above mentioned files it will work.

Now comes Client machine:
We have certificate here too:
C:\Program Files\Oracle\JInitiator 1.3.1.18\lib\security look at certdb file. Your ca.crt certificate must match with one of certificate in this file.

And look at ceritificate in your browser too:
IE > Internet Options > contents > Ceritficates> Click on tab Trusted Root Certification Authorities> Specially look at Class 2,3 certificate expiry date.

If all the above this are ok, you should not face any issue with Apache and SSL.

Happy Troubleshooting !!!

No comments: