Wednesday, November 15, 2006

SSL-enabled AS1013

By default, AS1013 is already SSL-enabled with dummy certificate. And it is listening port 4443.
So you can access your web application via https://HOST:4443. Click the bottom right hand side lock icon in IE to view the certificate is dummy.

In Linux, reference to properly generate a valid SSL certificate via Oracle Wallet Manager (owm).

However, the document stops at successfully installation of certificate only. It doesn't explain how to access the web application simply via httpS://HOST (without specifying port).

We need to do the following:

1. Edit AS/Apache/Apache/conf/ssl.conf to load the correct certificate. For example,
SSLWallet = (where you install the SSL certificate) e.g /etc/ORACLE/WALLETS/oracle

2. Redirection 4443 to 443.
In Linux, ports below 1024 need to be executed by root priviledge. The simplest way is to use iptables command to redirect uncommon 4443 to common SSL port 443.

Edit /etc/rc.d/rc.local to include the following:
iptables -t nat -A PREROUTING -p tcp --dport 443 -i eth0 -j REDIRECT --to-port 4443

3. If you want to force the web server to always serve https. Meaning, when user access http://HOST/anything, they will be routed to httpS://HOST/anything automatically.

Edit AS/Apache/Apache/conf/httpd.conf to include the following:
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

No comments: