The main problem with automated traffic over SSL is the trust issue, a web browser can always ask the user for guidance. When it comes to trust a non user driven program can't. This problem is solved in the following way. You put the certificate of all the trusted servers in special place, called an Oracle Wallet. Oracle will then look in this place to make a informed decision about whether or not to trust a server that it is connecting to.
Only applicable when the database is configured to communicate with the HTTP Server, when using an external proxy, see next section.
During the application installation process a wallet with the certificate for the server is created by the installer. This is a “AutoLogin” wallet where no password is needed to access it. It is stored at <IFS_HOME>\ohs\config\fmwconfig\components\OHS\instances\<INSTANCE_NAME>\keystores\ifs\cwallet.sso. Copy this to a folder that is accessible by Oracle (e.g: in to a folder inside the server where Oracle is installed).
Note: Make sure you set the file permission right. It is a security risk letting anybody have access to this file. It is not wrong to have this file write protected (for example on cd) once all certificates are imported.
When Oracle needs to connect to an external proxy (using its own certificate) a wallet must be created and the certificate imported manually. Refer to the Oracle documentation (orapki) for the version in use. The wallet should contain the root and possibly the intermediate certificate.
Update the PLSQLAP_ENVIRONMENT_TAB table. Log on as APPOWNER and add or update the PLSQLAP_ENVIRONMENT_TAB with
| NAME | VALUE |
|---|---|
| SSL_WALLET_PATH | file:<Path to the wallet above> |
Example:
| NAME | VALUE |
|---|---|
| SSL_WALLET_PATH | file:C:\wallet_store |