A problem with Oracle HTTP Server, there was a problem because an OHS instance had a caducated SSL certificate, this OHS is the entry point to the company services and it is located inside the DMZ public zone, so it serves as a reverse proxy and load balancer for the requests to the backend servers. The OHS is installed in Oracle Solaris OS, when it was started it failed with this kind of errors in logs: nzos call nzosSetCredential returned 28791. So here are the steps that were followed in order to create and configure a new SSL Certificate for OHS.
The first step is to generate private and public keys, so we are going to use Keytool in order to generate this key pair.
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore server.gob.mx.jksThen we need to generate CSR format file, it will ask for the password and after that we can send it to the respective provider or Certificate Authority for signed certificate creation.
keytool -certreq -alias server -file server.gob.mx.csr -keystore server.gob.mx.jksOnce the Certificate Authority has created and delivered the corresponding signed certificate, we will import the .p7b file into the keystore.
keytool -import -alias server -trustcacerts -file /u01/app/oracle/Middleware/ohs122/wlserver/sslconf/server_gob_mx.p7b -keystore /u01/app/oracle/Middleware/ohs122/wlserver/sslconf/server.gob.mx.jksThe next step is to generate the new Oracle Wallet with the orapki tool available in OHS installation. After that we can convert the JKS Keystore previously created to our Oracle Wallet with the following two commands.
/u01/app/oracle/Middleware/ohs122/oracle_common/bin/orapki wallet create -wallet /u01/app/oracle/Middleware/ohs122/wlserver/sslconf/wallet -auto_login -pwd password/u01/app/oracle/Middleware/ohs122/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet /u01/app/oracle/Middleware/ohs122/wlserver/sslconf/wallet -pwd password-keystore /u01/app/oracle/Middleware/ohs122/wlserver/sslconf/server.gob.mx.jks -jkspwd passwordAs the last step we need to update the ssl.conf file from the OHS instance in which it is specified the path to the wallet previously created using vi editor.
We proceed to restart the OHS instance so the changes can take effect, the server should now start without problems.
/u02/app/oracle/domains/ohs_prod/bin/stopComponent.sh ohs_prod/u02/app/oracle/domains/ohs_prod/bin/startComponent.sh ohs_prod