installing mod_ssl on Oracle9iAS with apache 1.3

Our Windows server is running Oracle8i, using Oracle9iAS with Apache 1.3 for Internet access (neither oracle or apache can be upgraded). I'm trying to set up SSL on one of the virtual sites.

What I've done so far:
 - installed OpenSSL and used it to create a certificate request and private key.
 - I have received a valid certificate from a CA and placed all the certificates on the server as instructed by the CA
 - I've edited my httpd.conf file as best I can with info I've gathered from researching the Internet to allow for a SSL connection.

So far I've tried to get SSL working on Apache using mod_ossl, Oracle's version of the mod_ssl module (which I don't have on Apache 1.3). Everything I've read tells me Apache needs mod_ssl to make SSL work and I was hoping I could use the already installed mod_ossl from Oracle but I can't seem to get it working.

Does anyone know if it's possible to use a certificate created through OpenSSL with Oracle's mod_ossl? If not, how do I go about installing mod_ssl? I have already downloaded and expanded the mod_ssl tar file but not installed (build).

I've attached the SSL section of my httpd.conf file.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
you probably can take a look at this - There are two major steps needed to configure SSL in 9iAS:
   I.  Create an Oracle Wallet which contains an SSL Certificate
   II. Configure httpd.conf directives to enable SSL with OHS

    * Common Name has to match the hostname.domainname that the webserver is
      known as. This is the Servername parameter in the httpd.conf file, and
      is the hostname.domainname that users will enter in the browser URL.

For the purposes of a basic SSL configuration, you should only need to
change the following directives:
   - Change the SSLWallet directive to the path where you saved your wallet, i.e:
     SSLWallet file:/tmp/wallets

If you intend to have more than one Virtual Host using ssl
1. Each SSL Virtual Host must have a different port. There are no Named
   Based Virtual Hosts for SSL.
2. Each SSL Virtual Host must have a different wallet or must get a wildcard certificate

I believe you have saw this appendix describes the method of enabling SSL for Apache using Openssl, do remember to restart Apache and below too ...

#Certificate Authority (CA):
#Set the CA certificate verification path where to find CA
#certificates for client authentication or alternatively one
#huge file containing all of this (file must be PEM encoded).
#Note: Inside SSLCACertificatePath you beed hash symlinks
#to point to the certificate files. Use the provided
#Makefile to update the hash symlinks after changes.
#SSLCACertificateFile conf\ssl.crt\ca-bundle.crt
uomobelloAuthor Commented:
I tried using Oracle Wallet but the old version of Oracle I have creates a private key of only 1024 bits and the minimum these days is 2048. (cannot upgrade because management refuses to pay for it)

I have bypassed Oracle Wallet and created a certificate request within Apache using OpenSSL and have received a certificate from a CA. My question is can I use Oracle's module mod_ossl in Apache for SSL or must I install the Apache module mod_ssl? If it's the latter I need to know how to install mod_ssl - my old version of Apache (1.3) doesn't have it. (I cannot upgrade Apache because of the old version of Oracle).
btanExec ConsultantCommented:
Pls see

mod_ssl is not a replacement for Apache-SSL - it is an alternative. It is a matter of personal choice which you use. mod_ssl is what is known as a “fork” - i.e., it was originally derived from Apache-SSL, but has been extensively redeveloped. Many people find it very easy to install.

To use mod_ssl you will need to acquire and install Apache, patch it with the latest updates, and install and configure the module. You will also need to acquire and install OpenSSL, generate a key-pair, and either sign the public part of it yourself, thus creating a certificate, or have it signed by a commercial Certificate Authority (CA).

The mod_ssl package consists of the SSL module itself - and, surprisingly, a set of patches for Apache itself. This may puzzle you at first: why do we need to patch Apache to install the mod_ssl module? Well, the standard API that Apache uses for it's modules is unable to communicate with the SSL module. Therefore, the source patches add the Extended API (EAPI). In other words: you can only use the mod_ssl module when Apache's core code contains the Extended API. When building mod_ssl, the Apache source tree is automatically altered for you, adding the Extended API.

After installation of the software you will need to configure Apache with Apache-SSL. Some additional directives should be used to configure the secure server - for example the location of the key-files.

To Install SSL-aware Apache

Requirements for Using Apache Web Server
Generating a Certificate Signing Request (CSR) using Apache (with mod_ssl) & OpenSSL
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

uomobelloAuthor Commented:
Ok, so it appears the mod_ossl module that comes with the Oracle application server 9iAS (which has Apache 1.3 built-in) makes Apache SSL-aware without using mod_ssl but I can't configure the Apache config file to make it work with the security request/certificate I already generated using OpenSSL.

My problem seems to be that I'm stuck with an old version of Apache that is tied to an old version of Oracle application server.

Thanks for trying.
btanExec ConsultantCommented:
The base Apache 1.3 Web server does not use SSL for browser connections (responding to https:// requests). An add-on module for SSL support known as mod_ssl. The Oracle Access Manager plug-ins for base Apache servers are different from those for Apache with mod_ssl (also referred to as using EAPI).
e.g. Oracle Access Manager supports Apache with mod_ssl only.
e.g. No SSL-specific features of Oracle Access Manager operate with the version of Apache 1.3 known as Apache-SSL.

Openssl is needed by mod_ssl when building Apache to support SSL. Openssl should be part of the Apache server built with mod_ssl.

You can download the latest version of Apache 1.3 from the Apache Web site:

The SSL plug-in mod_ssl is available from:

In order for the Apache Web server to support Oracle Access Manager plug-ins, the module mod-so must be compiled into the server binary. To compile Apache or Apache with mod_ssl with mod-so: Include the configuration option before compiling:
Ensure the configuration meets other Oracle Access Manager requirements and compile.

If you do not find a solution for your problem, log a service request

More reference
Apache source code—
Mod_SSL source code—
OpenSSL source code—
What is ApacheSSL—
Compiling and Installing Apache 1.3—
ApacheSSL build instructions for Win32—
uomobelloAuthor Commented:
The company I work for does not want to pay for an upgrade to our Oracle database. Neither have we been paying for Oracle support so I can't submit a service request.

I am stuck with this old version Oracle database (8i) and Oracle Application Server (9iAS) (web server) and therefore also stuck with the old version of Apache that came as part of 9iAS and DOES NOT have mod_ssl. This Apache uses an Oracle module called mod_ossl INSTEAD of mod_ssl for SSL connections.

Oracle 8i does NOT have Oracle Access Manager. I cannot reinstall another Apache web server that has open_ssl and mod_ssl and still use least I haven't found a way to do that.

Thank you for all the reference material but none of it relates to my particular situation.
btanExec ConsultantCommented:
. pretty stuck then for no upgrade but then as the ref stated you can install mod_ssl which you have asked originally.

Nonetheless, mod_ossl is very similar to the OpenSSL module, mod_ssl. The mod_ossl module is based on the Oracle implementation of SSL, which supports SSL version 3 and TLS version 1, and is based on Certicom and RSA Security technology.
Oracle no longer supports mod_ssl. A tool is provided to enable you to migrate from mod_ssl to mod_ossl, and convert your text certificates to Oracle wallets.
Actually even with upgrade to Oracle Advanced Security 10i, it also does not support greater than 1024bits RSA
coming back, from mod_ssl to mod_ossl is documented with changes as in the reference link - mainly make the following global changes to the httpd.conf file and LoadModule directives etc.
Pls ref
(Make Global Changes) (Modify the List of LoadModule Directives)(Migrate Your Server Certificate and Private Key)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.