Configuring SSL for Oracle APEX

Platform:  LINUX

All steps are done with ORACLE_HOME set to the middle tier home (Apache, Companion CD home)

1. You need to use Oracle Wallet Manager (OWM) to create a wallet and get it set up.
— a. set up ORACLE_HOME, etc.
— b. go to $ORACLE_HOME/bin
— c. run Oracle Wallet Manager ./owm
— d. create a new wallet and save in a new directory (e.g. /home/oracle/myWallet/)
— e. create a certificate request
— — i. the common name is the name of the url, for example
— — ii. Organizational Unit and Organization are just text associated with your company
— — iii. You should spell out the state
— f. export the request to a text file
— g. You will need to go to a certificate authority (CA) to get a certificate and paste in the contents of the text file created in (f). I have had problems with both goDaddy and Verisign. I have had good luck with and
— h. If you get a trial certificate you will need to get the trial Root Certificate (aka trusted certificate) from the CA. Save it as a text file. Install that into OWM as a trusted cert.
— i. Now install your cert (from g) in OWM and save.
2. Configure your ssl.conf file, located in $ORACLE_HOME/Apache/Apache/conf
— a. You can use the default listen and port settings (probably 4443 or 4447) or you can change to 443. If you change to 443, you need to change all occurences. Also, the apachectl file will need to be owned by root (located in $ORACLE_HOME/Apache/Apache/bin/). Same requirement as running on Port 80.
—- 1. Setting up Apache to run on ports below 1024
1 Shutdown OHS
2 Become root
3 cd $ORACLE_HOME/Apache/Apache/bin
4 chown root .apachectl
5 chmod 6750 .apachectl
6 cd $ORACLE_HOME/Apache/Apache/logs
7 rm -f *
— b. Besides the port change, you need to change the location of your wallet and give your wallet password. You can encrypt the password, but I’m not covering that here and now.
SSLWallet file:/home/oracle/myWallet/
SSLWalletPassword mySuperPW1
— c. Save ssl.conf
3. Here is the trick. You need to configure OPMN to run in SSL mode. Edit the file opmn.xml (located in $ORACLE_HOME/opmn/conf/)
— a. under start mode, look for ssl-disabled
— — change to
— — ssl-enabled
— b. Save opmn.xml
4. go to $ORACLE_HOME/opmn/bin and restart
— a. opmnctl stopall
— b. opmnctl startall

OK, now you are running in SSL. You might want to run everything in SSL, or just some things. To do this, you can set an Apache Rewrite Rule. Here is an example that will rewrite everything that is in pls/apex to https (assumes you are running on port 443). Edit your httpd.conf file, add the lines below at the end of the file, opmnctl stopall, opmnctl startall:
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/pls/apex/(.*)$$1 [L,R]

Hope this captures all of the steps. Let me know if this helps.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: