FIPS 140-2 Configuration with Oracle Application Server and Oracle HTTP Server 10g
(Doc ID 473029.1)
Last updated on APRIL 01, 2024
Applies to:
Oracle HTTP Server - Version 10.1.2.0.0 to 10.1.3.5.0 [Release AS10gR2 to AS10gR3]Oracle Fusion Middleware - Version 10.1.2.0.0 to 10.1.4.3.0 [Release AS10gR2 to AS10gR3]
Information in this document applies to any platform.
Goal
FIPS 140-2 Configuration with Oracle Application Server and Oracle HTTP Server 10g
This document will outline steps to enable FIPS 140-2 on the Oracle Application Server 10g and configure FIPS 140-2 on Oracle HTTP Server installed with the following:
- Oracle Application Server 10g Release 2 (10.1.2)
- Oracle Application Server 10g Release 3 (10.1.3)
- Oracle Identity Management 10g (10.1.4)
Oracle Fusion Middleware 11g:
Oracle Database Advanced Security Administrator's Guide 11g Release 1 (11.1)
[ http://download.oracle.com/docs/cd/B28359_01/network.111/b28530/toc.htm ]
9 Using Oracle Wallet Manager
D Oracle Advanced Security FIPS 140-1 Settings
E Oracle Advanced Security FIPS 140-2 Settings
F orapki Utility
See also:
Oracle Fusion Middleware Administrator's Guide 11g Release 1 (11.1.1) - dynamic link designed to go to latest
Part III Secure Sockets Layer
6.7.3 Oracle Fusion Middleware FIPS 140-2 Settings
[ http://docs.oracle.com/cd/E28280_01/core.1111/e10105/sslconfig.htm#CBDBBHGA ] - from 11.1.1.7 doc library
The following steps are outlined in this document:
- Configure SSL Where Required
- Test SSL Functionality
- Apply Required Patchsets
- Configure Oracle HTTP Server with FIPS Compatible Cipher
- Enable FIPS in sqlnet.ora
- Test and Apply Critical Patch Update to Resolve Known Issues
Options without a CPU Patch:
- One-off patch for version 10.1.2.2, in Lieu of CPUJul2008+
- One-off patch for version 10.1.2.x and 10.1.4.x, in Lieu of CPUJul2008+
- One-off patch for version 10.1.3.x, in Lieu of CPUJul2008+
- Start and Test OPMN and Oracle HTTP Server
- Configure Oracle Web Cache
Important:
The steps herein are outlined to combine all steps involved, covering desired SSL configuration, documentation references for all versions, necessary Oracle Application Server 10g Patch Sets, Critical Patch Update requirements, and Oracle Documentation of FIPS 140-2 steps.
For a streamlined list of steps and/or for troubleshooting applicable to all platforms and versions, see the Quick FIPS 140-2 Test.
On some versions and platforms, there are one-off patches across different components. When applied, the Oracle Application Server components will work together to be FIPS 140-2 compliant. These are noted within the steps as alternative choices. However, the availability may be limited or fixes may conflict with Critical Patch Updates.
Beginning with CPUJul2008, all fixes have been back-ported and merged on all platforms for versions 10.1.2.2, 10.1.2.3, 10.1.3.1, 10.1.3.3, and 10.1.3.4.
Note that if a separate Oracle Database is used, the only requirement is that a CPU patch should be applied to the Database Server before applying a CPU patch to any Application Server homes. This is not a FIPS requirement, but a CPU requirement.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| FIPS 140-2 Configuration with Oracle Application Server and Oracle HTTP Server 10g |
| Solution |
| Quick FIPS 140-2 Test |
| How to Obtain Log and Trace Information |
| References |