In this post, I will explain how to use SSL configuration in Workflow Notification mailer briefly.
As you know, Notification mailer has the ability to work with smtp and imap. Also Notification mailer can use these protocols with SSL configuration. So if you enable SSL in your configuration, your notification mailer will speak smtp and imap securely..
The logic is the same as EBS Web server SSL implementation.
We export the certificate, the Autority signs it , we store it and lastly we configure our applications (in this case notification mailer) to use it and work in SSL. The export phase is somewhat different, because in ssl implementation of Notification mailer, to certificate is exported from the mail server..
There is video on Oracle Support to be followed. -> Workflow Mailer Configuration SSL Implementation (1324799.1)
Here is the action plan for enable SSL in Notification mailer:
A. Access your main web page https://<host.domain:port>.
B. Double-click on the padlock at the bottom of the page to view the Certificates.
If there is no padlock, then on the top toolbar:
select File->Properties->Certificates
a) click on the first line and then View Certificate. - This will be the certificate for the root
Certifying Authority (CA).
b) On Details tab click Copy to File, this will start the export wizard.
c) Click Next to continue.
d) Select Base-64 encoded X.509 (.CER) and click next.
e) Enter ca1 as the name and click ok to export the certificate.
f) Repeat steps a thru e for each line on the Certification Path tab incrementing the file name each
time by 1, i.e. ca2, ca3.
Next, we create a keystore and import our certificate to it.
a. Create a keystore that holds the certificate, use the default location (i.e. /home/applmgr)
keytool -genkey -alias -keystore -storetype JKS
Pass : ermanpass
Note: Answers for the questions like CN , OU can be gathered from the information written in the certificate
b. Upload the Certificate to the Concurrent Manager tire using a ftp tool then import the certificate into the
created keystore:
keytool -import -alias my_cert -file server.cer -keystore .keystore -storepass ermanpass
c.Verify the cetificate
keytool -list -keystore .keystore
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
my_cert, Jul 1, 2014, trustedCertEntry
Certificate fingerprint (MD5): 12:7A:55:50:6C:76:54:38:13:1D:EC:BF:FF:32:40:95
-keystore, Jul 1, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): 4F:F6:43:44:FD:C0:98:FE:DF:68:7D:C8:F8:0A:67:BE
Then we set MAILER_SSL_TRUSTSTORE (i.e. /home/applmgr/.keystore )
From sqlplus:
$FND_TOP/sql/afsvcpup.sql
Enter Component Id: 10006 ( Workflow Notification Mailer)
Enter the Comp Param Id to update : 10229
You have selected parameter : SSL Trust store
Current value of parameter : NONE
Enter a value for the parameter : /home/applmgr/.keystore
Lastly, we configure the notification mailer to work in SSL..
We configure the mailer through OAM.. We just check the checkboxes(outbound ssl enabled &Inbound SSL enabled) for SSL (IMAP and SMTP) and restart our mailer..
As you know, Notification mailer has the ability to work with smtp and imap. Also Notification mailer can use these protocols with SSL configuration. So if you enable SSL in your configuration, your notification mailer will speak smtp and imap securely..
The logic is the same as EBS Web server SSL implementation.
We export the certificate, the Autority signs it , we store it and lastly we configure our applications (in this case notification mailer) to use it and work in SSL. The export phase is somewhat different, because in ssl implementation of Notification mailer, to certificate is exported from the mail server..
There is video on Oracle Support to be followed. -> Workflow Mailer Configuration SSL Implementation (1324799.1)
Here is the action plan for enable SSL in Notification mailer:
We export the certificate ..Following video explains how to export a certificate in details ;
B. Double-click on the padlock at the bottom of the page to view the Certificates.
If there is no padlock, then on the top toolbar:
select File->Properties->Certificates
a) click on the first line and then View Certificate. - This will be the certificate for the root
Certifying Authority (CA).
b) On Details tab click Copy to File, this will start the export wizard.
c) Click Next to continue.
d) Select Base-64 encoded X.509 (.CER) and click next.
e) Enter ca1 as the name and click ok to export the certificate.
f) Repeat steps a thru e for each line on the Certification Path tab incrementing the file name each
time by 1, i.e. ca2, ca3.
Next, we create a keystore and import our certificate to it.
a. Create a keystore that holds the certificate, use the default location (i.e. /home/applmgr)
keytool -genkey -alias -keystore -storetype JKS
Pass : ermanpass
Note: Answers for the questions like CN , OU can be gathered from the information written in the certificate
b. Upload the Certificate to the Concurrent Manager tire using a ftp tool then import the certificate into the
created keystore:
keytool -import -alias my_cert -file server.cer -keystore .keystore -storepass ermanpass
c.Verify the cetificate
keytool -list -keystore .keystore
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
my_cert, Jul 1, 2014, trustedCertEntry
Certificate fingerprint (MD5): 12:7A:55:50:6C:76:54:38:13:1D:EC:BF:FF:32:40:95
-keystore, Jul 1, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): 4F:F6:43:44:FD:C0:98:FE:DF:68:7D:C8:F8:0A:67:BE
Then we set MAILER_SSL_TRUSTSTORE (i.e. /home/applmgr/.keystore )
From sqlplus:
$FND_TOP/sql/afsvcpup.sql
Enter Component Id: 10006 ( Workflow Notification Mailer)
Enter the Comp Param Id to update : 10229
You have selected parameter : SSL Trust store
Current value of parameter : NONE
Enter a value for the parameter : /home/applmgr/.keystore
We configure the mailer through OAM.. We just check the checkboxes(outbound ssl enabled &Inbound SSL enabled) for SSL (IMAP and SMTP) and restart our mailer..
If EBS Application itself is not SSL configured, then can we configure MAiler with SSL?
ReplyDeleteYes, you can.
ReplyDelete