Total Pageviews

Monday, August 11, 2014

configuring webgate 10g in cert mod at OHS 10g complete instructions


Installing 10g WebGate in cert mod at OHS 10g

 

 

Prerequisites for Webgate installation:-

======================================

We’ve installed this in orasystemsusa server.

1.      YOU ALREADY INSTALLED WEBGATE AT OAM SERVER AND KNOW THE PASSWORD.

2.      Copy the installer and GCC library to your target server.

3.      Make a backup of original httpd.conf file.

It’s usually here: <middleware>/weblogic/Oracle_WT1/instances/instance1/config/OHS/ohs1/httpd.conf

4.      Download cert for your target server from Venafi site.

5.      Install 3 certificate .cert, .chain, .key

6.      Cert importing is part of WebGate installation. Copy 3 files(cert,chain.key) to target RAP server.

 

Here are the steps to install webgate at OAM server. If you already did not installed at OAM server as mentioned in step 1 as a pre-requisite. Webgate needs to be configured at OAM server pointing to OHS server that it will be protecting.

 

i.                 Login to access console.

ii.                Click on Access System Configuration.

iii.               Click on Add New Access Gate

a.     

 

iv.               Fill up all the information that is shown once you click on Add New Access Gate.

v.                You can change the default value or update depending on your environment.

vi.               Specify Transport Security mod.(it depends on your OAM server. If you OAM server is in Cert Mod that Webgate needs to be in Cert Mod otherwise you can use Open mod. Webgate at my blog is in Cert Mod).

a.     

vii.             Fill up all the other values (OAM server, AccessGate Name, etc).

viii.            At Primary HTTP Cookie Domain mention your cookie domain info, i.e if your servername is orasystemsusa.unix.com use .unix.com as the value. Please remember that there is a “.” Before the name.

ix.               At Preferred HTTP Host specify HTTP Host information that you have at your environment. If you specify complete server information and fail to save this page(webgate information) please change Preferred HTTP Host to SERVER_NAME

a.     

x.                Save this information(page will refresh).

xi.               Click on AccessGate Configuration again and find your newely created Webgate.

xii.             Click at the Webgate you created(my example wg1).

xiii.            Go to the bottom of the page and click List Access Servers.

xiv.             


xv.             Associate your access server with this webgate. Make sure if you configure your Webgate in Open Mod you can only select OAM that is in OPEN Mod(in my blog I have configured in Cert Mod).

xvi.            You are done with your configuration of Webgate now login to OHS server to install your webgate as described in below steps.

 

 

 

 

$ pwd

/op/oracle/Cert

$ ls -l

total 32

-rw-r-----   aaa_cert.pem

-rw-r-----   aaa_chain.pem

-rw-r-----   aaa_key.pem

 

6. go to directory where software is downloaded. I have these 3 files are installation directory.

 

[idm@idm softwares]$ ltr

 

Oracle_Access_Manager10_1_4_3_0_linux64_OHS11g_WebGate

 libstdc++.so.5

 libgcc_s.so.1

 

 

 

[idm@idm softwares]$ ./Oracle_Access_Manager10_1_4_3_0_linux64_OHS11g_WebGate

InstallShield Wizard

 

Initializing InstallShield Wizard...

 

Preparing Java(tm) Virtual Machine...

...................................

...................................

...................................

...................................

...................................

...................................

...................................

...................................

...................................

...................................

...................................

...................................

...................................

...................................

...................................

.....................

Running InstallShield Wizard...

 

-------------------------------------------------------------------------------

Welcome to the InstallShield Wizard for Oracle Access Manager 10.1.4.3.0

WebGate

 

The InstallShield Wizard will install Oracle Access Manager 10.1.4.3.0 WebGate

on your computer.

To continue, choose Next.

 

Oracle Access Manager 10.1.4.3.0 WebGate

Oracle

 

 

 

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

 

-------------------------------------------------------------------------------

 

The product that you are about to install needs to be owned by the same user

as the web server is running as. Most of the time the web server is run as

`root' or `nobody'. Doing a `ps' on the server process is a quick way to find

out who the owner is.

 

   Enter the username the web server is running as [nobody] idm  à check who is the owner of the folder you are going to install. In my case owner and group was idm

 

   Enter the Group for the above username [nobody] idm

 

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

 

-------------------------------------------------------------------------------

 

Please specify the installation directory for Oracle Access Manager 10.1.4.3.0

WebGate.

 

   Please specify a directory name or press Enter [/opt/oracle/webgate]

   /op/oracle/webgate         à directory where do you want to install webgate

 

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

 

-------------------------------------------------------------------------------

 

Oracle Access Manager 10.1.4.3.0 WebGate will be installed in the following

location:

/op/oracle/webgate/access

for a total size:

 0 KB

Please make a note of the Oracle Access Manager 10.1.4.3.0 WebGate

installation directory: /op/oracle/webgate/access because you will need

to refer to it in the future.

 

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

 

-------------------------------------------------------------------------------

 

To proceed with installation of Oracle Access Manager 10.1.4.3.0 WebGate and

for successfully running the product, you must install additional GCC runtime

libraries, namely libgcc_s.so.1 and libstdc++.so.5. Note that these libraries

should be compatible with GCC 3.4.5. The libraries are available for download

from either of the following locations - http://metalink.oracle.com (requires

login), or http://www.oracle.com/technology/products/ias/index.html. Once

these libraries are locally available, please specify the directory containing

the files and proceed with the installation.

 

   Location of GCC runtime libraries []: /op/oracle/softwares

 

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

 

Creating uninstaller...

 

 

Extracting Language Packs. Please Wait...

 

 

WebGate Configuration

 

 

Changing file ownership and permissions...

 

 

 

Specify the transport security mode

 [X]  1  -  Open Mode:    No Encryption

 [ ]  2  -  Simple Mode:  Encryption through SSL and a Public Key Certificate

 [ ]  3  -  Cert Mode:    Encryption through SSL and a Public Key Certificate

 

   To select an item enter its number, or 0 when you are finished [0]: 3

 

Specify the transport security mode

 [ ]  1  -  Open Mode:    No Encryption

 [ ]  2  -  Simple Mode:  Encryption through SSL and a Public Key Certificate

 [X]  3  -  Cert Mode:    Encryption through SSL and a Public Key Certificate

 

   To select an item enter its number, or 0 when you are finished [0]:

 

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

 

-------------------------------------------------------------------------------

 

Please provide the WebGate ID, host name, and port number for the WebGate

connection. You must use a unique ID for each WebGate you install.

 

   WebGate ID [] wg1  <= This value is what you will add in OAM access manager when you add this server. This Webgate must be installed at OAM server before you can specify name here.

 

   Access Server ID [] oas_001

 

Password for WebGate: xxxxxx

 

   Host name where an Access Server is installed [] access-server-name

 

   Port number the Access Server listens to [6021]

 

Password Phrase: xxxxxx

 

Password Phrase Confirmation: xxxxxx

 

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

 

-------------------------------------------------------------------------------

 

 

Do you already have certificates to install or would you like to generate a

request for them?

 [X]  1  -  Request for certificate

 [ ]  2  -  Install certificate

 

   To select an item enter its number, or 0 when you are finished [0]: 2

 

Do you already have certificates to install or would you like to generate a

request for them?

 [ ]  1  -  Request for certificate

 [X]  2  -  Install certificate

 

   To select an item enter its number, or 0 when you are finished [0]:

 

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

 

-------------------------------------------------------------------------------

 

In order to install the certificates, you will need to provide the paths to

the certificate, chain, and key files.

 

   Full path to the certificate (.pem) file [] /op/oracle/Cert/aaa_cert.pem

 

   Full path to the key (.pem) file [] /op/oracle/Cert/aaa_key.pem

 

   Full path to the chain (.pem) file [] /op/oracle/Cert/aaa_chain.pem

 

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

 

 

Configuring WebGate...

 

-------------------------------------------------------------------------------

 

Oracle Access Manager 10.1.4.3.0 WebGate is installed under your Oracle Access

Manager 10.1.4.3.0 WebGate installation directory. In order to use the Oracle

Access Manager 10.1.4.3.0 WebGate module, configure your web server by

modifying the configuration in your web server directory. Oracle can

automatically update the configuration for you. Alternatively, you can

manually update it.

 

Proceed with automatic update of "httpd.conf"?

 [X]  1  -  Yes

 [ ]  2  -  No

 

   To select an item enter its number, or 0 when you are finished [0]:

 

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]                                                                                      

-------------------------------------------------------------------------------

 

 

   Enter the absolute path of httpd.conf in your Web Server config

   directory.

    (e.g. "/export/apache/conf/httpd.conf") [] <middleware>/weblogic/Oracle/instances/instance1/config/OHS/ohs1/httpd.conf <= this value may different depending location of your OHS. This is the file you backed up before you start this installation.

 

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

 

 

Updating web server configuration...

 

-------------------------------------------------------------------------------

Configure Web Server

 

Web Server Configuration has been modified for WebGate

 

 Please restart your WebServer to complete the installation of WebGate.

 

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

 

-------------------------------------------------------------------------------

 

Press ENTER to read the text [Type q to quit] q

 

 

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

 

-------------------------------------------------------------------------------

 

Oracle Access Manager 10.1.4.3.0 WebGate has been successfully installed.

Oracle Access Manager 10.1.4.3.0 WebGate Setup Information

 Transport Security: cert

 WebGate ID: wg1

 Access Server Host Name: acces-server-name

 Access Server Port Number: 6021

 

Press 3 to Finish or 4 to Redisplay [3]

 

 

==============================

 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)