looks something is wrong in 5.2 step 9 in the ssl.conf file but dont understand what
# +======================================================================+
# | Copyright (c) 2005, 2016 Oracle and/or its affiliates. |
# | All rights reserved. |
# | Version 12.0.0 |
# +======================================================================+
#
# $Header: ssl_conf_FMW.tmp 120.5.12020000.3 2016/11/22 07:44:30 kmandal ship $
#
# This template is used to seed the initial ssl.conf. After that, AutoConfig does not manage ssl.conf changes.
# It is advisable to perform OHS configuration changes through EM console.
# The default EM console URL is http://quea01303.unix.quebec.local:7003/em
#
###################################################################
# Oracle HTTP Server mod_ossl configuration file: ssl.conf #
###################################################################
# OHS Listen Port
Listen 4483
<IfModule ossl_module>
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache "shmcb:${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_scache(512000)"
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
<IfModule mpm_winnt_module>
SSLMutex "none"
</IfModule>
<IfModule !mpm_winnt_module>
SSLMutex pthread
</IfModule>
##
## SSL Virtual Host Context
##
<VirtualHost _default_:4483>
# This directive toggles the usage of the SSL/TLS Protocol Engine for proxy. This is usually used inside a <VirtualHost> section to enable SSL/TLS for proxy usage in a particular virtual host.
# By default the SSL/TLS Protocol Engine is disabled for proxy both for the main server and all configured virtual hosts. Note that the SSLProxyEngine directive should not, in general,
# be included in a virtual host that will be acting as a forward proxy (using <Proxy> or ProxyRequests directives). SSLProxyEngine is not required to enable a forward proxy server to proxy SSL/TLS requests.
SSLProxyEngine ON
#Specifies the location of the wallet containing the certificates to use when opening proxy connections. Syntax SSLProxyWallet wrl
SSLProxyWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
<IfModule ossl_module>
# General setup for the virtual host
DocumentRoot "/applsivint/fs2/inst/apps/SIVINT_qued01320/portal"
ServerName qued01320.unix.quebec.local
ServerAdmin applmgr@unix.quebec.local
LogLevel warn
ErrorLog "|${ORACLE_HOME}/ohs/bin/rotatelogs ${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/error_log 86400"
TransferLog "|${ORACLE_HOME}/ohs/bin/rotatelogs ${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/access_log 86400"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require.
SSLVerifyClient none
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
#SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
# Commenting off the default CipherSuite and added strong Cipher Suite as part of bug 9284427
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!RC4:!3DES:!SEED:!IDEA:!CAMELLIA:+HIGH:+MEDIUM
# SSL Certificate Revocation List Check
# Valid values are On and Off
SSLCRLCheck Off
#Path to the wallet
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
#SSLWallet file:/applsivprod/fs_ne/inst/SIVPROD_quea01303/certs/Apache
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog "|${ORACLE_HOME}/ohs/bin/rotatelogs ${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_request_log 86400" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#
# Turn on the rewrite engine
#
RewriteEngine ON
RewriteLog ${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/mod_rewrite.log
RewriteLogLevel 0
include ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/oracle_apache_ssl.conf
</IfModule>
</VirtualHost>
</IfModule>