Oracle® Clinical

Enabling SSL for Oracle HTTP Server for Microsoft Windows

Release 4.5
Document version 1.0
May 2004

This document describes how to enable Secure Socket Layer (SSL) for Oracle
HTTP Server for Microsoft Windows on an Oracle Clinical Web Server. The
process involves the following steps:
1. Generating and submitting the certificate request
2. Installing the certificate and making configuration changes
3. Changing Registry settings for PDF DEW

Before you begin

You must do the following before making the server SSL enabled:
■ Install Oracle Clinical
■ Resolve any existing installation issues
Since enabling SSL requires purchasing a Secure Certificate from the Certificate
Authority, you must initiate the process of approval and place the purchase order
according to your organization’s processes prior to creating a certificate request.

Generating and submitting the certificate request

You must complete the following steps:
■ Generate the private key and certificate request
■ Encrypt the private key
■ Submit the certificate request

Generate the private key and certificate request

To generate a private key and certificate request(CSR), do the following:
1. Open a DOS Window and change (cd) to the following directory under
Apache:
prompt> ORACLE_HOME\iSuites\Apache\open_ssl\bin
2. From this directory, type the following command:
openssl req –new –nodes –keyout private.key –out
public.csr –config .\openssl.cnf

Copyright © 2004, Oracle. All Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
rights reserved.
 This command generates two files: private.key and public.csr (a
certificate request).
3. Enter the information prompted by OpenSSL. Make sure that the informtion
is correct for the organization requesting the certificate. Make sure that you
type the full state name, not its abbreviation. For Common name, include the
full name of the HOST and DOMAIN where you are running the command.
The following is an example of the prompts and information:
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]:
Massachusetts
Locality Name (eg, city) [ ]: Burlington
Organization Name (eg, company) [Internet Widgits Pty
Ltd]: Oracle
Organization Unit Name (eg, section) [ ]: OPA
Common Name (eg, YOUR name) [ ]: host1.us.oracle.com
Email Address [ ]: username@oracle.com
challenge password [ ]: mypassword
An optional company name [ ]: Oracle

Encrypt the private key

To encrypt the private key, do the following:
1. Run the following command to make the private key encrypted:
openssl rsa -in private.key -des3 -out secureprivate.key
2. Enter PEM pass phrase: password
3. Verify password: enter PEM pass phrase: password again
An encrypted private key named secureprivate.key is created. Make the
private key file readable only by the administrative account by changing the
properties of the file.
Remember the password you entered. When using the encrypted private key,
this password is requested each time Oracle HTTP Server is started. If you do not
want to enter the password each time, use the unencrypted private key.

Submit the certificate request

Once the certificate request is generated, you need to send it to a Certificate
Authority (CA), for example, Verisign, to get the secure certificate. Typically, to
obtain the certificate, you go to the web site of the CA, for example
www.verisign.com, and follow the steps for submitting a certificate request.
Typically, the Certificate Authority requests that you copy the contents of the
certificate file public.csr to its request form.
Make sure you open the file in a text editor, such as Notepad, so that text
formatting information and other extra characters are not added to the contents.
Copy the entire contents of the file public.csr: including the text BEGIN
CERTIFICATE REQUEST and END CERTIFICATE REQUEST.

2
Installing the certificate and making configuration changes
This section describes how to install the certificate and how to make any
necessary changes.

Install the certificate

When you receive the certificate file from the Certificate Authority, do the
following:
1. Copy the content from the email including the text BEGIN CERTIFICATE
and END CERTIFICATE. Paste it into the file public.crt.
2. Save this certificate file into the following directory :
ORACLE_HOME\iSuites\Apache\Apache\conf\ssl.crt\
3. Copy the Private key file into the following directory:
ORACLE_HOME\iSuites\Apache\Apache\conf\ssl.key\

Create SSL certificate related entries

To update to your secure certificate, do the following:
1. Open the httpd.conf file. It is in the following directory:
ORACLE_HOME\iSuites\Apache\Apache\conf\httpd.conf
2. Search for the lines of text that begin with SSLCertificateFile and
SSLCertificateKeyFile.
3. Edit these lines of text to reflect the path of your new certificate and private
key files. For example:
SSLCertificateFile conf\ssl.crt\public.crt
SSLCertificateKeyFile conf\ssl.key\private.key
4. Save the httpd.conf file.
5. Stop and start the Oracle HTTP Server.

Changing Registry settings for PDF DEW

After you enable the server to use HTTPS protocol, you must update the
following Registry settings, so administrators can view PDF DEW display in
HTTPS mode:
■ Set the registry key HKEY_LOCAL_MACHINE > SOFTWARE > ORACLE >
OPA_HTTPS_ENABLED value to 1.
■ Set the registry key HKEY_LOCAL_MACHINE > SOFTWARE > ORACLE >
OPA_PORT value to blank.
The original value of OPA_PORT is 80. If left at 80, when you click a CRF cell
in PDF DEW mode, the message, Cannot find server. The page cannot be
displayed, appears.
A blank value for the OPA_PORT registry key works fine for both HTTP and
HTTPS protocols.

3
Copyright © 2004, Oracle Corporation: All rights reserved.
This document is provided for information purposes only and
the contents hereof are subject to change without notice. This
document is not warranted to be error-free, nor subject to any
other warranties or conditions, whether expressed orally or
implied in law, including implied warranties and conditions of
merchantability or fitness for a particular purpose. We
specifically disclaim any liability with respect to this document
and no contractual obligations are formed either directly or
indirectly by this document. This document may not be
reproduced or transmitted in any form or by any means,
electronic or mechanical, for any purpose, without our prior
written permission. Oracle is a registered trademark of Oracle
Corporation and/or its affiliates. Other names may be
trademarks of their respective owners.