Leave a Comment:
8 comments
You can save yourself a lot of trouble by putting hardware Proxy/SSL-accelerator in front of your midtier.
ReplyYou can save yourself a lot of trouble by putting a hardware Proxy/SSL-accelerator in front of your midtier.
ReplyVitaliy
Can you elaborate on trouble ?
Yes SSL accelerator will improve performance on SSL enabled web tier but there is additioanl cost associated with SSL accelerators
ReplyChanging SSL certs every time you clone. Dealing with expired SSL certs. Dealing with SSL related security bugs.
While ORACLE APPS has built-in SSL functionality it’s not the only and not the best solution out there.
Hardware SSL-accelerator/Proxy can do a much better job on all counts.
ReplyWe have SSL enabled. but as said in cloning SSL enabled instances we never take backup of ssl.crt & ssl.key . We never had any issues though we did not take the backup. Can you please brief on this? What exaclty happens if we dont take the backup of ssl.crt and ssl.key?
Thanks
Aravind Cuddapah
to add more when ever we clone using SSL enabled instance all these ssl.crt and ssl.key directories are replaced with source .But we never had any problems.
Thanks
Aravind Cuddapah
Hi Arvind,
First to understand ssl.crt contain your ServerName (ServerName directive in httpd.conf/ssl.conf) This server name will be same if you access apps using same name as MachineName on which apps is installed else it will be load balancer name.
Now if you clone instance from oNlineAppsDBA to DevoNlineApps so certificate on target instance will still be of source i.e. oNlineAppsDBA. You will not hit any issues but users will get warning while accessing page that ServerName on certificate doesn’t match with actual server do you wish to continue .
If you are using SSL on target instance as well and if delete ssl.crt & ssl.key from target you will not be able to start web server.
Do let me know if this is clear now .
Atul
ReplyHi Atul,
Can you guide me how to renew the SSL certificate in E-business suit.
Regards
sanjeev