Overview of SSL in Oracle Applications 11i

Today I am going to cover overview of SSL & various components of oracle Apps in which you can configure SSL.

If you encounter any Issues or got any doubts w.r.t. Oracle Applications create a Thread in Oracle Apps Forum at http://teachmeoracle.com/forum

What is SSL ?
SSL stands for Secure Socket Layer which is protocol developed by Netscape. Data Transferred between Server & Client is Secured (Encrypted)

Why I need a SSL in Oracle Applications ?
Usually data transmitted between client machine & server (Web Server on http protocol & Forms Server on Sockets ) is clear text packets. Any one can put Packet Sniffer between Client machine & Server & can open & read all data transaction between your machine & Server (If he/she has network access) Hacker can get your Username/Password or any sensitive data. This become critical when you have Internet access to Oracle Applications 11i (Usually Self Service Implementation)

Where I need to configure SSL in Apps ?
Communication between Client & Oracle Applications happen via three components.
Oracle Web Server (Initial Connection & all self service access is via Web Server/Apache). If your Form Server is in servlet Mode then Core Applications are also accessed via Web Server (Jserv Component)
Oracle Form Server : For Core Oracle Application Access (Forms)
Database : You access web server which in turn talks to database Server via UTL_HTTP package via dad (/pls/$SID)

So You enable SSL on particular component depending on your requirement & component which is accessible over Internet & should be secured. You can Implement across all three component or only one or any two.

What is common deployment for Internet Facing Oracle Applications ?
Though you can configure SSL for Web, Forms & database for extra Security but Usually most prone & Internet facing component is Web Server (For Self Service Applications) so common trend is to Enable SSL between Client Machine & Web Server (Apache) in Oracle Applications.

What will happen w.r.t. Data communication after enabling SSL ?
By default you access Applications over HTTP (Hyper Text Transfer Protocol) but after enabling SSL on web server you will access via HTTPS (Secure) . Data will be encrypted at one end & decrypted at other end.

More on
How Data Encryption Happens ….
Is there any performance overheads ….
What is openssl & oracle Wallets …
How to configure SSL in Oracle Apps 11i …
and lot more on SSL coming in Next Post

Those of you who want to raise questions/doubts problems , can now do same via Forum http://teachmeoracle.com/forum (Dedicated to Apps DBA, for Fast Response from some of Best Apps DBA’s). Check others doubts & you can answer them.

http://teachMeOracle.com/forum

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

2 comments
www.2x2successteam.com says September 13, 2012

Great info. Lucky me I recently found your site by accident (stumbleupon).
I’ve book marked it for later!

Reply
Vishal says November 10, 2014

Hi,

I am using R12 and tring to connect one supplier but I am getting “java.io.IOException: java.io.IOException: javax.net.ssl.SSLException: SSL handshake failed: SSLSessionNotFoundErr
” error.
We already implement punchout for 3 supplier but for this supplier we are getting an issue.
Please help me in this.Its bit urgent for me we have our milestone this wkend.

Thanks
Vishal

Reply
Add Your Reply

Not found