728x90
cd ${DOMAIN_HOME}/config/fmwconfig/components/OHS/${component_name}
기존 ssl.conf 파일을 백업하고 아래와 같이 수정하여 작성
SSLSessionCache None 추가
각 <VirtualHost>의 <IfModule ossl_module> ~ </IfModule> 뒤에 ServerName 추가
WebLogic 연동 설정인 <IfModule weblogic_module> ~ </IfModule> 추가
ex)
###################################################################
# Oracle HTTP Server mod_ossl configuration file: ssl.conf #
###################################################################
# The Listen directive below has a comment preceding it that is used
# by tooling which updates the configuration. Do not delete the comment.
#[Listen] OHS_SSL_PORT
Listen 4443
SSLSessionCache None
<IfModule ossl_module>
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use, second the expiring timeout (in seconds) and third
# the mutex to be used.
SSLSessionCache "shmcb:${ORACLE_INSTANCE}/servers/${COMPONENT_NAME}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<IfModule !mpm_winnt_module>
Mutex pthread ssl-cache
</IfModule>
##
## SSL Virtual Host Context
##
#[VirtualHost] OHS_SSL_VH
<VirtualHost *:4443>
<IfModule ossl_module>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require.
SSLVerifyClient None
# SSL Protocol Support:
# Configure usable SSL/TLS protocol versions.
SSLProtocol TLSv1.2
# Option to prefer the server's cipher preference order
SSLHonorCipherOrder on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
SSLCipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA
# SSL Certificate Revocation List Check
# Valid values are On and Off
SSLCRLCheck Off
#Path to the wallet
SSLWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/default"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
ServerName abc.co.kr
ErrorLog "||${PRODUCT_HOME}/bin/odl_rotatelogs /logs/web/ssl/web_error_log"
CustomLog "||${PRODUCT_HOME}/bin/odl_rotatelogs /logs/web/ssl/web_access_log 43200" common
<IfModule weblogic_module>
WebLogicCluster 192.168.56.101:7102
MatchExpression *.jsp
Debug OFF
Idempotent OFF
DynamicServerList OFF
DebugConfigInfo ON
WLIOTimeoutSecs 900
ConnectTimeoutSecs 20
ConnectRetrySecs 2
</IfModule>
</IfModule>
</VirtualHost>
</IfModule>'WEB > OHS' 카테고리의 다른 글
| 13. OHS 버전 확인 (11g, 12c) (0) | 2024.08.08 |
|---|---|
| 11. VirtualHost 설정 (0) | 2024.08.08 |
| 10. OHS 12cR1 환경 설정 (0) | 2024.08.07 |
| 9. OHS 12c+ weblogic 12c 연동 (0) | 2024.08.07 |
| 8. OHS 12cR2 환경 설정 (0) | 2024.08.07 |
