Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


installing mod_ssl on Oracle9iAS with apache 1.3

Posted on 2014-07-23
Medium Priority
Last Modified: 2014-08-05
Our Windows server is running Oracle8i, using Oracle9iAS with Apache 1.3 for Internet access (neither oracle or apache can be upgraded). I'm trying to set up SSL on one of the virtual sites.

What I've done so far:
 - installed OpenSSL and used it to create a certificate request and private key.
 - I have received a valid certificate from a CA and placed all the certificates on the server as instructed by the CA
 - I've edited my httpd.conf file as best I can with info I've gathered from researching the Internet to allow for a SSL connection.

So far I've tried to get SSL working on Apache using mod_ossl, Oracle's version of the mod_ssl module (which I don't have on Apache 1.3). Everything I've read tells me Apache needs mod_ssl to make SSL work and I was hoping I could use the already installed mod_ossl from Oracle but I can't seem to get it working.

Does anyone know if it's possible to use a certificate created through OpenSSL with Oracle's mod_ossl? If not, how do I go about installing mod_ssl? I have already downloaded and expanded the mod_ssl tar file but not installed (build).

I've attached the SSL section of my httpd.conf file.
Question by:uomobello
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 64

Expert Comment

ID: 40217030
you probably can take a look at this - There are two major steps needed to configure SSL in 9iAS:
   I.  Create an Oracle Wallet which contains an SSL Certificate
   II. Configure httpd.conf directives to enable SSL with OHS

    * Common Name has to match the hostname.domainname that the webserver is
      known as. This is the Servername parameter in the httpd.conf file, and
      is the hostname.domainname that users will enter in the browser URL.

For the purposes of a basic SSL configuration, you should only need to
change the following directives:
   - Change the SSLWallet directive to the path where you saved your wallet, i.e:
     SSLWallet file:/tmp/wallets

If you intend to have more than one Virtual Host using ssl
1. Each SSL Virtual Host must have a different port. There are no Named
   Based Virtual Hosts for SSL.
2. Each SSL Virtual Host must have a different wallet or must get a wildcard certificate

I believe you have saw this appendix describes the method of enabling SSL for Apache using Openssl, do remember to restart Apache and below too ...

#Certificate Authority (CA):
#Set the CA certificate verification path where to find CA
#certificates for client authentication or alternatively one
#huge file containing all of this (file must be PEM encoded).
#Note: Inside SSLCACertificatePath you beed hash symlinks
#to point to the certificate files. Use the provided
#Makefile to update the hash symlinks after changes.
#SSLCACertificateFile conf\ssl.crt\ca-bundle.crt

Author Comment

ID: 40217250
I tried using Oracle Wallet but the old version of Oracle I have creates a private key of only 1024 bits and the minimum these days is 2048. (cannot upgrade because management refuses to pay for it)

I have bypassed Oracle Wallet and created a certificate request within Apache using OpenSSL and have received a certificate from a CA. My question is can I use Oracle's module mod_ossl in Apache for SSL or must I install the Apache module mod_ssl? If it's the latter I need to know how to install mod_ssl - my old version of Apache (1.3) doesn't have it. (I cannot upgrade Apache because of the old version of Oracle).
LVL 64

Expert Comment

ID: 40218409
Pls see

mod_ssl is not a replacement for Apache-SSL - it is an alternative. It is a matter of personal choice which you use. mod_ssl is what is known as a “fork” - i.e., it was originally derived from Apache-SSL, but has been extensively redeveloped. Many people find it very easy to install.

To use mod_ssl you will need to acquire and install Apache, patch it with the latest updates, and install and configure the module. You will also need to acquire and install OpenSSL, generate a key-pair, and either sign the public part of it yourself, thus creating a certificate, or have it signed by a commercial Certificate Authority (CA).

The mod_ssl package consists of the SSL module itself - and, surprisingly, a set of patches for Apache itself. This may puzzle you at first: why do we need to patch Apache to install the mod_ssl module? Well, the standard API that Apache uses for it's modules is unable to communicate with the SSL module. Therefore, the source patches add the Extended API (EAPI). In other words: you can only use the mod_ssl module when Apache's core code contains the Extended API. When building mod_ssl, the Apache source tree is automatically altered for you, adding the Extended API.

After installation of the software you will need to configure Apache with Apache-SSL. Some additional directives should be used to configure the secure server - for example the location of the key-files.

To Install SSL-aware Apache

Requirements for Using Apache Web Server
Generating a Certificate Signing Request (CSR) using Apache (with mod_ssl) & OpenSSL
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 40230160
Ok, so it appears the mod_ossl module that comes with the Oracle application server 9iAS (which has Apache 1.3 built-in) makes Apache SSL-aware without using mod_ssl but I can't configure the Apache config file to make it work with the security request/certificate I already generated using OpenSSL.

My problem seems to be that I'm stuck with an old version of Apache that is tied to an old version of Oracle application server.

Thanks for trying.
LVL 64

Expert Comment

ID: 40230773
The base Apache 1.3 Web server does not use SSL for browser connections (responding to https:// requests). An add-on module for SSL support known as mod_ssl. The Oracle Access Manager plug-ins for base Apache servers are different from those for Apache with mod_ssl (also referred to as using EAPI).
e.g. Oracle Access Manager supports Apache with mod_ssl only.
e.g. No SSL-specific features of Oracle Access Manager operate with the version of Apache 1.3 known as Apache-SSL.

Openssl is needed by mod_ssl when building Apache to support SSL. Openssl should be part of the Apache server built with mod_ssl.

You can download the latest version of Apache 1.3 from the Apache Web site:

The SSL plug-in mod_ssl is available from:

In order for the Apache Web server to support Oracle Access Manager plug-ins, the module mod-so must be compiled into the server binary. To compile Apache or Apache with mod_ssl with mod-so: Include the configuration option before compiling:
Ensure the configuration meets other Oracle Access Manager requirements and compile.

If you do not find a solution for your problem, log a service request

More reference
Apache source code—
Mod_SSL source code—
OpenSSL source code—
What is ApacheSSL—
Compiling and Installing Apache 1.3—
ApacheSSL build instructions for Win32—

Author Comment

ID: 40235267
The company I work for does not want to pay for an upgrade to our Oracle database. Neither have we been paying for Oracle support so I can't submit a service request.

I am stuck with this old version Oracle database (8i) and Oracle Application Server (9iAS) (web server) and therefore also stuck with the old version of Apache that came as part of 9iAS and DOES NOT have mod_ssl. This Apache uses an Oracle module called mod_ossl INSTEAD of mod_ssl for SSL connections.

Oracle 8i does NOT have Oracle Access Manager. I cannot reinstall another Apache web server that has open_ssl and mod_ssl and still use least I haven't found a way to do that.

Thank you for all the reference material but none of it relates to my particular situation.
LVL 64

Accepted Solution

btan earned 2000 total points
ID: 40235492
. pretty stuck then for no upgrade but then as the ref stated you can install mod_ssl which you have asked originally.

Nonetheless, mod_ossl is very similar to the OpenSSL module, mod_ssl. The mod_ossl module is based on the Oracle implementation of SSL, which supports SSL version 3 and TLS version 1, and is based on Certicom and RSA Security technology.
Oracle no longer supports mod_ssl. A tool is provided to enable you to migrate from mod_ssl to mod_ossl, and convert your text certificates to Oracle wallets.
Actually even with upgrade to Oracle Advanced Security 10i, it also does not support greater than 1024bits RSA
coming back, from mod_ssl to mod_ossl is documented with changes as in the reference link - mainly make the following global changes to the httpd.conf file and LoadModule directives etc.
Pls ref
(Make Global Changes) (Modify the List of LoadModule Directives)(Migrate Your Server Certificate and Private Key)

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
When it comes to protecting Oracle Database servers and systems, there are a ton of myths out there. Here are the most common.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
This video explains what a user managed backup is and shows how to take one, providing a couple of simple example scripts.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question