Modern browsers give warnings if you access a non TLS website. It applies to Oracle E-Business Suite as well. Even if you are working with a local EBS VM you may want to setup TLS to get rid of the annoying messages. It is possible to setup a self-signed certificate as described in the Doc ID 1367293.1.
orapki wallet add -wallet ./ -dn 'CN=hostname.domainname' -asym_alg RSA -keysize 2048 -sign_alg sha256 -self_signed -validity 365 -auto_login_only |
However even after EBS instance is configured with the self-signed certificate browers may show the following warning:
NET::ERR_CERT_COMMON_NAME_INVALID |
I found a solution on the Internet: create a self-signed ceritificate with the subject alternative name (SAN) extension. But the below command fails:
$FMW_HOME/oracle_common/bin/orapki wallet add -wallet ./cwallet.sso -dn "CN=hostname.domainname" -keysize 2048 -sign_alg sha256 -self_signed -addext_san DNS:hostname.domainname -validity 3652 -auto_login_only Invalid command: -addext_san |
It turned out that orapki shipped with EBS 12.2 does not support -addext_san parameter. I found a workaround to use a newer orapki version. The easiest way was to use the orapki shipped with Oracle Database 19c that was a part of the EBS instance:
chmod 777 /u01/install/APPS/fs_ne/inst/EBSDB_demo/certs/Apache/cwallet* su - oracle cd /u01/install/APPS/fs_ne/inst/EBSDB_demo/certs/Apache /u01/install/APPS/19c/bin/orapki wallet add -wallet ./cwallet.sso -dn "CN=hostname.domainname" -keysize 2048 -sign_alg sha256 -self_signed -addext_san DNS:hostname.domainname -validity 3652 -auto_login_only |
Now you can access the EBS login page, export the certificate from the browser, save it as ‘selfsigned.cer’. Then double click on it and import into the Windows Trusted Root Certification Authorities.
After you restart your browser and access the EBS login page again it will identify it as a secure connection.