Setting up SSL for Banner 8 SSB

Unlike Admin Pages, Self Service Banner (SSB) 8 is still required for most clients.  While a good deal of functionality has been ported over to Banner 9 SSB, it is not complete and thus most client will currerntly need to run Banner 8 in conjunction with Banner 9..

Now Banner 8 is written in Apache 1.x/mod_plsql, and officially this requires weblogic and Fusion Middleware; two technologies that Oracle have essentially "retired"

One of the most annoying things about using Oracle's mod_plsql is that it requires the use of Oracle Wallets to setup SSL. Under Linux, this tool is pretty annoying. It requires X windows and has numerous quirks and idiosyncrasies, it often will not be able to trace signed certificates back to a root and can require users to upload numerous intermediate certificates. Normal Apache SSL setups, which take 5-10 at most, usually take hours using Oracle wallets.

As a workaround for using wallets for Banner 8 SSB SSL, here are a couple of alternatives you can try. Both these require the setup of an Apache 2.x Web Server.

  • Proxy Banner 8 SSB through another Apache server using mod_proxy
  • Setup mod_owa which is currently maintained by Doug MacMahon (to be discussed later)

Apache MOD PROXY

The Apache Mod Proxy module, in a nutshell simply allows you to redirect traffic from one server to another and then allow the latter server to serve the pages.

In the example below a proxy is setup from serverA to serverB. In this case, when a user connects to serverA, he/she will get the contents of serverB.

It's usually useful in situations where you don't want to expose the real web server for reasons of security. In our case, it's also useful if we need to run SSL and it's too annoying to setup on the original server (as in the case of Oracle Application Server and the SSL wallet)

To accomplish this, we will do the following:

  • Setup Banner 8 SSB without SSL In keeping with the diagram above, let's call this Server B. Make it's working before you proceed and note the port (typically it's on 8888)
  • Install Apache HTTPD (if you are compiling this from source, make sure to compile this with --enable-proxy). Note that is can be the same server as Banner 8 SSB or a separate box;  it makes no difference. However, if you are going to set this up on a separate server, make sure the new server can access the SSB Server (note firewall rules). Let's call this server A.
  • On server A, edit the httpd.conf and uncomment the following line to enable proxy services
    • LoadModule proxy_module modules/mod_proxy.so
  • Create a Virtual host block to proxy back to Server B. Note the last (2) lines which do a forward and reverse proxy to the SSB Server (serverB).
 
    SSLEngine On
    DocumentRoot "/usr/local/apache2/htdocs"
    ServerName www.serverA.edu
    # Note the SSL Setup on the next (3) lines.
    SSLCertificateFile /etc/SSL/cert.crt
    SSLCertificateKeyFile /etc/SSL/priv.key
    SSLCertificateChainFile /etc/SSL/root.crt
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / http://www.serverB.edu:8888/
    ProxyPassReverse / http://www.serverB.edu:8888/

Restart Apache on ServerA. At this point you are done. You now have SSB running on https://www.serverA.edu. More importantly you can now setup SSL using PEM text files instead of a wallet.