20 Installing and Configuring Oracle HTTP Server 11g Webgate for OAM

This chapter describes how to install and configure Oracle HTTP Server 11g Webgate for Oracle Access Manager.

It discusses the following topics:

Note:

Oracle HTTP Server 11g Webgate for Oracle Access Manager is not intended for use in Oracle Identity and Access Management environments where you want to set up integration among Oracle Identity and Access Management components.

20.1 Installation Overview

Installing Oracle HTTP Server 11g Webgate for Oracle Access Manager involves the following steps:

  1. Installing Oracle HTTP Server 11g (11.1.1.3.0, 11.1.1.4.0, or 11.1.1.5.0)

  2. On Linux and Solaris operating systems: Installing third-party GCC libraries

  3. Running the Oracle HTTP Server Webgate Installer to install Oracle HTTP Server 11g Webgate for Oracle Access Manager

  4. Verifying the installation of Oracle HTTP Server 11g Webgate for Oracle Access Manager

  5. Completing post-installation configuration steps

  6. Registering the new Webgate agent

The following figure illustrates the process of installing Oracle HTTP Server 11g Webgate for Oracle Access Manager.

Figure 20-1 Oracle HTTP Server 11g Webgate Installation Process

Surrounding text describes Figure 20-1 .

As a standard practice, complete the following prerequisites for installing Oracle Fusion Middleware software:

  1. Review Oracle Fusion Middleware certification information.

    http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
    
  2. Review the system requirements.

  3. Satisfy all dependencies, such as installing Oracle HTTP Server, which is included in the Oracle Web Tier Installer.

  4. Perform the installation procedure for the appropriate component.

  5. Verify the installation.

Table 20-1 lists the Installers and tools used to install and configure Oracle HTTP Server 11g Webgate for Oracle Access Manager at different stages of the installation and configuration process.

Table 20-1 Installation and Configuration Tools

Task Tool

Install Oracle HTTP Server (11.1.1.3.0, 11.1.1.4.0, or 11.1.1.5.0)

Oracle Web Tier Installer based on the version you want to use

Install Oracle HTTP Server Webgate 11g

Oracle HTTP Server Webgate 11g Installer

Register Webgate Agent

RREG Tool, or the Oracle Access Manager Administration Console

Start or Stop Process Instances

OPMN Command-Line Tool


20.2 Preparing to Install Oracle HTTP Server 11g Webgate for Oracle Access Manager

Oracle HTTP Server 11g Webgate for Oracle Access Manager requires Oracle HTTP Server 11g (11.1.1.3.0, 11.1.1.4.0, or 11.1.1.5.0), which is included in the Oracle Web Tier 11g Installer. For information about installing Oracle HTTP Server, see the Oracle Fusion Middleware Installation Guide for Oracle Web Tier corresponding to the Oracle HTTP Server version you are using.

In addition, if you are using the Linux or Solaris operating system, you must install third-party GCC libraries on your machine before installing Oracle HTTP Server 11g Webgate for Oracle Access Manager.

This section discusses the following topics:

20.2.1 Oracle Fusion Middleware Certification

The Oracle Fusion Middleware Supported System Configurations document provides certification information for Oracle Fusion Middleware, including supported installation types, platforms, operating systems, databases, JDKs, and third-party products related to Oracle Identity and Access Management 11g Release 1 (11.1.1).

You can access the Oracle Fusion Middleware Supported System Configurations document by searching the Oracle Technology Network (OTN) web site:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

20.2.2 Installing and Configuring OAM 11g

For information about installing Oracle Access Manager (OAM), see Installing Oracle Identity and Access Management (11.1.1.5.0). For information about configuring Oracle Access Manager in a new or existing WebLogic administration domain, see Configuring Oracle Access Manager.

In addition, see the "Securing Communication Between OAM 11g Servers and WebGates" topic in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager for information about configuring Oracle Access Manager in Open, Simple, or Cert mode.

20.2.3 Installing and Configuring Oracle HTTP Server 11g

Oracle HTTP Server 11g Webgate for Oracle Access Manager is supported on Oracle HTTP Server 11.1.1.3.0, Oracle HTTP Server 11.1.1.4.0, and Oracle HTTP Server 11.1.1.5.0. You can choose to install any of these versions. You must install the Oracle HTTP Server 11.1.1.2.0 software before patching it to 11.1.1.3.0, 11.1.1.4.0, or 11.1.1.5.0.

If you do not have Oracle HTTP Server 11.1.1.2.0 installed, you can download the Oracle Web Tier 11g (11.1.1.2.0) Installer from the Oracle Technology Network (OTN):

http://www.oracle.com/technology/software/products/middleware/htdocs/fmw_11_download.html

Alternatively, you can download the latest Oracle Fusion Middleware 11g software from the following website:

http://edelivery.oracle.com/

Note:

For information about installing and configuring Oracle HTTP Server 11g (11.1.1.2.0), see the "Installing Oracle Web Tier" topic in the Oracle Fusion Middleware Installation Guide for Oracle Web Tier. For information about patching Oracle HTTP Server 11.1.1.2.0 to 11.1.1.3.0, 11.1.1.4.0, or 11.1.1.5.0 using the corresponding Patch Set Installer, see the "Applying the Latest Oracle Fusion Middleware Patch Set" topic in the Oracle Fusion Middleware Patching Guide.

After you install and configure Oracle HTTP Server, a working instance of Oracle HTTP Server is configured in an Instance Home.

20.2.4 Installing Third-Party GCC Libraries (Linux and Solaris Operating Systems Only)

If you are installing Oracle HTTP Server 11g Webgate for Oracle Access Manager on a Linux or Solaris operating system, you must download and install third-party GCC libraries on your machine. See Table 20-2 for more information.

You can download the appropriate GCC library from the following third-party website:

http://gcc.gnu.org/

Note:

You must download sources from this website and compile them to obtain the GCC libraries.

For some operating systems, the required libraries may be available as installable packages from the support websites of operating system vendors.

Table 20-2 Versions of GCC Third-Party Libraries for Linux and Solaris

Operating System Architecture GCC Libraries Required Library Version

Linux 32-bit

x86

libgcc_s.so.1

libstdc++.so.5

3.3.2

Linux 64-bit

x64

libgcc_s.so.1

libstdc++.so.6

3.4.6

Solaris 64-bit

SPARC

libgcc_s.so.1

libstdc++.so.5

3.3.2


20.2.4.1 Verifying the GCC Libraries Version on Linux and Solaris Operating Systems

Perform the following checks to verify the version of GCC libraries:

On the Linux32 on i386 platform:

Run the following commands and ensure that their output is always greater than 0:

strings -a libgcc_s.so.1 | grep -c "GCC_3.0"
strings -a  libgcc_s.so.1 | grep -v "GCC_3.3.1" | grep -c "GCC_3.3"
file  libgcc_s.so.1 | grep "32-bit" | grep -c "80386" 
file  libstdc++.so.5  | grep "32-bit" | grep -c "80386" 

On the Linux 64 on x86-64 platform:

Run the following commands and ensure that their output is always greater than 0:

strings -a libgcc_s.so.1 | grep -c "GCC_3.0"
strings  -a libgcc_s.so.1  | grep -v "GCC_3.3.1" | grep -c "GCC_3.3"
strings -a libgcc_s.so.1 | grep -c "GCC_4.2.0"
file  libgcc_s.so.1 | grep "64-bit" | grep -c "x86-64"
file  libstdc++.so.6  |  grep "64-bit" | grep -c "x86-64"

On the Solaris 64 on SPARC platform:

Run the following commands and ensure that their output is always greater than 0:

strings -a libgcc_s.so.1 | grep -c "GCC_3.0"
strings  -a libgcc_s.so.1  | grep -v "GCC_3.3.1" | grep -c "GCC_3.3"
file  libgcc_s.so.1 | grep "64-bit" | grep -c "SPARC"
file  libstdc++.so.5 | grep "64-bit" | grep -c "SPARC"

20.2.5 Prerequisites for 64-Bit Oracle HTTP Server 11g Webgates on Windows 2003 and Windows 2008 64-Bit Platforms

If you are using Windows 2003 or Windows 2008 64-bit operating systems, you must install Microsoft Visual C++ 2005 libraries on the machine hosting the Oracle HTTP Server 11g Webgate for Oracle Access Manager.

These libraries are included in the Microsoft Visual C++ 2005 SP1 Redistributable Package (x64), which can be downloaded from the following website:

http://www.microsoft.com/DownLoads/details.aspx?familyid=EB4EBE2D-33C0-4A47-9DD4-B9A6D7BD44DA&displaylang=en

In addition, install the Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update, which can be downloaded from the following website:

http://www.microsoft.com/downloads/en/details.aspx?familyid=fb01abe6-9099-4544-9aec-0ac13f19bc50&displaylang=en

20.3 Installing Oracle HTTP Server 11g Webgate for Oracle Access Manager

This section discusses the following topics:

20.3.1 Launching the Installer

The Installer program for Oracle HTTP Server 11g Webgate for Oracle Access Manager is included in the webgate.zip file.

Perform the following steps to start the installation wizard:

  1. Extract the contents of the webgate.zip file to a directory. By default, this directory is named webgate.

  2. Move to the Disk1 directory under the webgate folder.

  3. Start the Installer by executing one of the following commands:

    UNIX: <full path to the runInstaller directory>./runInstaller -jreLoc <WebTier_Home>/jdk

    Windows: <full path to the setup.exe directory>\ setup.exe -jreLoc <WebTier_Home>\jdk

    Note:

    When you install Oracle HTTP Server, the jdk directory is created under the <WebTier_Home> directory. You must enter the absolute path of the JRE folder located in this JDK when launching the installer. For example, on Windows, if the JDK is located in D:\oracle\Oracle_WT1\jdk, then launch the installer from the command prompt as follows:

    D:\setup.exe -jreLoc D:\oracle\Oracle_WT1\jdk

    After the Installer starts, the Welcome screen appears. Continue by referring to the section Installation Flow and Procedure for installing Oracle HTTP Server 11g Webgate for Oracle Access Manager.

20.3.2 Installation Flow and Procedure

Follow the instructions in Table 20-3 to install Oracle HTTP Server 11g Webgate for Oracle Access Manager.

If you need additional help with any of the installation screens, click Help to access the online help.

Table 20-3 Installation Flow

No. Screen Description and Action Required

1

Welcome Screen

Click Next to continue.

2

Prerequisite Checks Screen

Click Next to continue.

3

Specify Installation Location Screen

Specify the Middleware Home and Oracle Home locations.

Note that the Middleware Home should contain an Oracle Home for Oracle Web Tier. Oracle WebLogic Server is not a prerequisite for installing Oracle HTTP Server Webgate. However, Oracle HTTP Server, which is a component of Oracle Web Tier, requires only the directory structure for the Middleware home.

For more information about these directories, see "Oracle Fusion Middleware Directory Structure and Concepts" in Oracle Fusion Middleware Installation Planning Guide.

Click Next to continue.

4

On selected UNIX operating systems only (Linux 32- and 64-bit, and Solaris 64-bit):

Specify GCC Library Screen

Specify the directory that contains the GCC libraries.

Click Next to continue.

5

Installation Summary Screen

Verify the information on this screen.

Click Install to begin the installation.

6

Installation Progress Screen

If you are installing on a UNIX system, you may be asked to run the ORACLE_HOME/oracleRoot.sh script to set up the proper file and directory permissions.

Click Next to continue.

7

Installation Complete Screen

Click Finish to dismiss the installer.


20.4 Post-Installation Steps

You must complete the following steps after installing Oracle HTTP Server 11g Webgate for Oracle Access Manager:

  1. Move to the following directory under your Oracle Home for Webgate:

    On UNIX operating systems:

    <Webgate_Home>/webgate/ohs/tools/deployWebGate

    On Windows operating systems:

    <Webgate_Home>\webgate\ohs\tools\deployWebGate

  2. On the command line, run the following command to copy the required bits of agent from the Webgate_Home directory to the Webgate Instance location:

    On UNIX operating systems:

    ./deployWebgateInstance.sh -w <Webgate_Instance_Directory> -oh <Webgate_Oracle_Home>

    On Windows operating systems:

    deployWebgateInstance.bat -w <Webgate_Instance_Directory> -oh <Webgate_Oracle_Home>

    Where <Webgate_Oracle_Home> is the directory where you have installed Oracle HTTP Server Webgate and created as the Oracle Home for Webgate, as in the following example:

    <MW_HOME>/Oracle_OAMWebGate1

    The <Webgate_Instance_Directory> is the location of Webgate Instance Home, which is same as the Instance Home of Oracle HTTP Server, as in the following example:

    <MW_HOME>/Oracle_WT1/instances/instance1/config/OHS/ohs1

    Note that an Instance Home for Oracle HTTP Server is created after you configure Oracle HTTP Server. This configuration is performed after installing Oracle HTTP Server 11.1.1.2.0 or patching to Oracle HTTP Server 11.1.1.5.0.

  3. Run the following command to ensure that the LD_LIBRARY_PATH variable contains <Oracle_Home_for_Oracle_HTTP_Server>/lib:

    On UNIX (depending on the shell):

    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<Oracle_Home_for_Oracle_HTTP_Server>/lib

    On Windows:

    Set the <Webgate_Installation_Directory>\webgate\ohs\lib location and the <Oracle_Home_for_Oracle_HTTP_Server>\bin location in the PATH environment variable. Add a semicolon (;) followed by this path at the end of the entry for the PATH environment variable.

  4. From your present working directory, move up one directory level:

    On UNIX operating systems, move to:

    <Webgate_Home>/webgate/ohs/tools/setup/InstallTools

    On Windows operating systems, move to:

    <Webgate_Home>\webgate\ohs\tools\EditHttpConf

  5. On the command line, run the following command to copy the apache_webgate.template from the Webgate_Home directory to the Webgate Instance location (renamed to webgate.conf) and update the httpd.conf file to add one line to include the name of webgate.conf:

    On UNIX operating systems:

    ./EditHttpConf -w <Webgate_Instance_Directory> [-oh <Webgate_Oracle_Home>] [-o <output_file>]

    On Windows operating systems:

    EditHttpConf.exe -w <Webgate_Instance_Directory> [-oh <Webgate_Oracle_Home>] [-o <output_file>]

    Note:

    The -oh <WebGate_Oracle_Home> and -o <output_file> parameters are optional.

    Where <Webgate_Oracle_Home> is the directory where you have installed Oracle HTTP Server Webgate for Oracle Access Manager and created as the Oracle Home for Webgate, as in the following example:

    <MW_HOME>/Oracle_OAMWebGate1

    The <Webgate_Instance_Directory> is the location of Webgate Instance Home, which is same as the Instance Home of Oracle HTTP Server, as in the following example:

    <MW_HOME>/Oracle_WT1/instances/instance1/config/OHS/ohs1

    The <output_file> is the name of the temporary output file used by the tool, as in the following example:

    Edithttpconf.log

    Note that an Instance Home for Oracle HTTP Server is created after you configure Oracle HTTP Server. This configuration is performed after installing Oracle HTTP Server 11.1.1.2.0 or patching to Oracle HTTP Server 11.1.1.5.0.

20.5 Verifying the Oracle HTTP Server 11g Webgate for Oracle Access Manager

After completing the installation of Oracle HTTP Server 11g Webgate for Oracle Access Manager, including the post-installation steps, you can examine the installDATE-TIME_STAMP.out log file to verify the installation.

On UNIX systems, if you do not know the location of your Oracle Inventory directory, you can find it in the <Webgate_Home>/oraInst.loc file.

On Microsoft Windows systems, the default location for the inventory directory is C:\Program Files\Oracle\Inventory\logs.

20.6 Getting Started with a New Oracle HTTP Server 11g Webgate Agent for Oracle Access Manager

Before you can get started with the new Oracle HTTP Server 11g Webgate agent for Oracle Access Manager, you must complete the following tasks:

  1. Register the New Webgate Agent

  2. Copy Generated Files and Artifacts to the Webgate Instance Location

  3. Restart the Oracle HTTP Server Instance

20.6.1 Register the New Webgate Agent

You can register the new Webgate agent with Oracle Access Manager by using the Oracle Access Manager Administration Console. For more information, see the "Registering Partners (Agents and Applications) by Using the Console" topic in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager.

Alternatively, you can use the RREG command-line tool to register a new Webgate agent. The tool can be run in two modes: In-Band mode, and Out-Of-Band mode.

Setting Up the RREG Tool

  1. After installing and configuring Oracle Access Manager, navigate to the following location:

    On UNIX operating systems:

    <Oracle_IDM2>/oam/server/rreg/client

    On Windows operating systems:

    <Oracle_IDM2>\oam\server\rreg\client

  2. On the command line, untar the RREG.tar.gz file using gunzip, as in the following example:

    gunzip RREG.tar.gz

    tar -xvf RREG.tar

The tool used to register the agent is located in the following location:

On UNIX operating systems:

<RREG_Home>/bin/oamreg.sh

On Windows operating systems:

<RREG_Home>\bin\oamreg.bat

Note:

<RREG_Home> is the directory where you extracted the contents of RREG.tar.gz/rreg to.

Set the following environment variables in the oamreg.sh script or in the oamreg.bat script:

  • OAM_REG_HOME - Set this variable to the absolute path to the directory where you extracted the contents of RREG.tar/rreg.

  • JDK_HOME - Set this variable to the absolute path to the directory where Java/JDK is installed on your machine.

Updating the OAM11gRequest.xml File

You must update the agent parameters, such as agentName, in the OAM11GRequest.xml file located in the <RREG_Home>\input directory on the Windows operating system. On the UNIX operating system, the file is located in the <RREG_Home>/input directory.

Note:

The OAM11GRequest.xml file or the short version OAM11GRequest_short.xml is used as a template. You can copy this template file and use.

Modify the following required parameters in the OAM11GRequest.xml file or in the OAM11GRequest_short.xml file:

  • <serverAddress>

    Specify the host and the port of the Administration Server.

  • <agentName>

    Specify any custom name for the agent.

  • <agentBaseUrl>

    Specify the host and the port of the machine where Oracle HTTP Server 11g Webgate is installed.

  • <preferredHost>

    Specify the host and the port of the machine where Oracle HTTP Server 11g Webgate is installed.

  • <security>

    Specify the security mode, such as open, based on the Webgate installed.

  • <primaryServerList>

    Specify the host and the port of Managed Server for Oracle Access Manager proxy, under a <Server> container element.

After modifying the file, save the file and close.

In-Band Mode

If you run the RREG tool once after updating the Webgate parameters in the OAM11GRequest.xml file, the files and artifacts required by Webgate are generated in the following directory:

On UNIX operating systems:

<RREG_Home>/output/<agent_name>

On Windows operating systems:

<RREG_Home>\output\<agent_name>

Note:

You can run RREG either on a client machine or on the server machine. If you are running it on the server machine, you must manually copy the artifacts back to the client machine.

Complete the following steps:

  1. Open the OAM11GRequest.xml file, which is located in the input directory (<RREG_Home>/input/ on UNIX, and <RREG_Home>\input on Windows). <RREG_Home> is the directory where you extracted the contents of RREG.tar.gz/rreg to. Edit this XML file and fill in parameters for the new Oracle HTTP Server Webgate for Oracle Access Manager.

  2. Run the following command on the command line:

    On UNIX operating systems:

    ./<RREG_Home>/bin/oamreg.sh inband input/OAM11GRequest.xml

    On Windows operating systems:

    <RREG_Home>\bin\oamreg.bat inband input\OAM11GRequest.xml

Out-Of-Band Mode

If you are an end-user with no access to the server, you can email your updated OAM11GRequest.xml file to the system administrator, who can run RREG in the Out-Of-Band mode. You can collect the generated <AgentID>_Response.xml file from the system administrator and run RREG on this file to obtain the Webgate files and artifacts you require.

After you receive the generated <AgentID>_Response.xml file from the administrator, you must manually copy the file to the input directory on your machine.

Complete the following steps:

  1. If you are an end-user with no access to the server, open the OAM11GRequest.xml file, which is located in the input directory (<RREG_Home/input/ on UNIX, and <RREG_Home\input\ on Windows). <RREG_Home> is the directory where you extracted the contents of RREG.tar.gz/rreg to. Edit this XML file and fill in parameters for the new Oracle HTTP Server Webgate for Oracle Access Manager. Send the updated file to your system administrator.

  2. If you are an administrator, copy the updated OAM11GRequest.xml file to the input directory on your machine (<RREG_Home>/input/ on UNIX, and <RREG_Home>\input\ on Windows). This is the file you received from the end-user. Move to your (administrator's) RREG_Home directory and run the following command on the command line:

    On UNIX operating systems:

    ./<RREG_Home>/bin/oamreg.sh outofband input/OAM11GRequest.xml

    On Windows operating systems:

    <RREG_Home>\bin\oamreg.bat outofband input\OAM11GRequest.xml

    An <Agent_ID>_Response.xml file is generated in the output directory on the administrator's machine (<RREG_Home>/output/ on UNIX, and <RREG_Home>output\ on Windows). Send this file to the end-user who sent you the updated OAM11GRequest.xml file.

  3. If you are an end-user, copy the generated <Agent_ID>_Response.xml file to your input directory (<RREG_Home>/input/ on UNIX, and <RREG_Home>input\ on Windows). This is the file you received from the administrator. Move to your (client's) RREG home directory and run the following command on the command line:

    On UNIX operating systems:

    ./<RREG_Home>/bin/oamreg.sh outofband input/<Agent_ID>_Response.xml

    On Windows operating systems:

    <RREG_Home>\bin\oamreg.bat outofband input\<Agent_ID>_Response.xml

Note:

If you register the Webgate agent using the Oracle Access Manager Administration Console, as described in the "Registering Partners (Agents and Applications) by Using the Console" topic in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager, you must manually copy the files and artifacts generated after the registration from the server machine (the machine where Oracle Access Manager Administration Console is running) to the client machine. The files and artifacts are generated in the <MW_HOME>/user_projects/domains/<name_of_the_WebLogic_domain_for_OAM>/output/<Agent_ID> directory.

Files and Artifacts Generated by RREG

Regardless of the method or mode you use to register the new Webgate agent, the following files and artifacts are generated in the <RREG_Home>/output/<Agent ID> directory:

  • cwallet.sso

  • ObAccessClient.xml

  • In the SIMPLE mode, RREG generates:

    • password.xml, which contains the obfuscated global passphrase to encrypt the private key used in SSL. This passphrase can be the same as the passphrase used on the server.

    • aaa_key.pem

    • aaa_cert.pem

  • In the CERT mode, RREG generates:

    password.xml, which contains the obfuscated global passphrase to encrypt the private key used in SSL. This passphrase can be different than the passphrase used on the server.

    Note:

    You can use these files generated by RREG to generate a certificate request and to get it signed by a third-party Certification Authority. To install an existing certificate, you must use the existing aaa_cert.pem and aaa_chain.pem files along with password.xml and aaa_key.pem.

20.6.2 Copy Generated Files and Artifacts to the Webgate Instance Location

After RREG generates these files and artifacts, you must manually copy them (cwallet.sso, ObAccessClient.xml, password.xml, aaa_key.pem, aaa_cert.pem, based on the security mode you are using) from the <RREG_Home>/output/<Agent ID> directory to the <Webgate_Instance_Home> directory.

In OPEN mode, copy the following files from the <RREG_Home>/output/<Agent_ID> directory to the <Webgate_Instance_Home>/webgate/config directory:

  • ObAccessClient.xml

  • cwallet.sso

In SIMPLE mode, copy the following files from the <RREG_Home>/output/<Agent_ID> directory to the <Webgate_Instance_Home>/webgate/config directory:

  • ObAccessClient.xml

  • cwallet.sso

  • password.xml

In addition, copy the following files from the <RREG_Home>/output/<Agent_ID> directory to the <Webgate_Instance_Home>/webgate/config/simple directory:

  • aaa_key.pem

  • aaa_cert.pem

In CERT mode, copy the following files from the <RREG_Home>/output/<Agent_ID> directory to the <Webgate_Instance_Home>/webgate/config directory:

  • ObAccessClient.xml

  • cwallet.sso

  • password.xml

After copying the files, you must either generate a new certificate or migrate an existing certificate.

Generating a New Certificate

You can generate a new certificate as follows:

  1. From your present working directory, move to the <Webgate_Home>/webgate/ohs/tools/openssl directory.

  2. On the command line, create a certificate request as follows:

    ./openssl req -utf8 -new -nodes -config openssl_silent_ohs11g.cnf -keyout aaa_key.pem -out aaa_req.pem -rand <Webgate_Home>/webgate/ohs/config/random-seed

  3. Self-sign the certificate as follows:

    ./openssl ca -config openssl_silent_ohs11g.cnf -policy policy_anything -batch -out aaa_cert.pem -infiles aaa_req.pem

  4. Copy the following generated certificates to the <Webgate_Instance_Home>/webgate/config directory:

    • aaa_key.pem

    • aaa_cert.pem

    • cacert.pem located in the simpleCA directory

      Note:

      After copying the cacert.pem file, you must rename the file to aaa_chain.pem.

Migrating an Existing Certificate

If you want to migrate an existing certificate (aaa_key.pem, aaa_cert.pem, and aaa_chain.pem), be sure to remember the passphrase that you used to encrypt aaa_key.pem. You must enter the same passphrase during the RREG registration process. If you do not use the same passphrase, the password.xml file generated by RREG does not match the paraphrase used to encrypt the key.

If you enter the same passphrase, you can copy these certificates as follows:

  1. From your present working directory, move to the <Webgate_Instance_Home>/webgate/config directory.

  2. Copy the following certificates to the <Webgate_Instance_Home>/webgate/config directory:

    • aaa_key.pem

    • aaa_cert.pem

    • aaa_chain.pem

20.6.3 Restart the Oracle HTTP Server Instance

You can use the Oracle Process Manager and Notification Server (OPMN) command-line tool to start or stop your Oracle HTTP Server instance. If any instances are running, run the following command on the command-line to stop all running instances:

<Oracle_Home_for_Oracle_HTTP_Server>/opmn/bin/opmnctl stopall

To restart the Oracle HTTP Server instance, run the following commands on the command line:

  1. <Oracle_Home_for_Oracle_HTTP_Server>/opmn/bin/opmnctl start

  2. <Oracle_Home_for_Oracle_HTTP_Server>/opmn/bin/opmnctl startproc ias-component=<Oracle_HTTP_Server_Instance_Name>