Sitemap

Amicuk Programming Answers

Weblogic certificate is not being authenticated in Oracle HTTP Server

2015-10-11   Views:705

Advertisement

I am using Oracle HTTP Server with SSL and mod_proxy set up trying to pass a url through to the weblogic server. I start with my OHS url in the browser and the proxy is switches to the url to weblogic but I get the following error on the OHS side: [2

I am using Oracle HTTP Server with SSL and mod_proxy set up trying to pass a url through to the weblogic server. I start with my OHS url in the browser and the proxy is switches to the url to weblogic but I get the following error on the OHS side:
[2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2077] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] nzos proxy handshake error, nzos_Handshake returned 29024(server social.us.oracle.com:443, client 10.139.164.191)
[2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2171] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] NZ Library Error: Invalid X509 certificate chain [Hint: the client probably doesn't provide a valid client certificate]
[2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] (20014)Internal error: proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com)
[2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com) from 10.139.164.196 ()
And the following error on the weblogic side:
####<Dec 22, 2011 6:40:10 PM MST> <Warning> <Security> <denovm11-1> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <8e6c6502a1af117a:4eeee51e:13466bb040d:-8000-000000000000a764> <1324604410502> <BEA-090482> <BAD_CERTIFICATE alert was received from denovm11-6.us.oracle.com - 10.139.164.196. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
Here is my ssl.conf from OHS:
# Oracle HTTP Server mod_ossl configuration file: ssl.conf #
# OHS Listen Port
Listen 443
<IfModule ossl_module>
## SSL Global Context
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache "shmcb:${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_scache(512000)"
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
<IfModule mpm_winnt_module>
SSLMutex "none"
</IfModule>
<IfModule !mpm_winnt_module>
SSLMutex pthread
</IfModule>
## SSL Virtual Host Context
<VirtualHost *:443>
<IfModule ossl_module>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require.
SSLVerifyClient none
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
# SSL Certificate Revocation List Check
# Valid values are On and Off
SSLCRLCheck Off
#Path to the wallet
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule proxy_module>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Path to the wallet
SSLProxyWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
SSLProxyEngine on
SSLProxyVerify none
# ottest : denovm11-1
ProxyPass /test https://abc.us.oracle.com:7001/test
ProxyPassReverse /test https://abc.us.oracle.com:7001/test
</IfModule>
</VirtualHost>
</IfModule>
On the OHS side I have all the certificates needed so SSL is working properly. The weblogic environment is currently working fine with other webgates, but those are apache and we are trying to switch to OHS.
Can OHS use mod_proxy to connect to weblogic or do I need to use mod_wl_ohs?
Does anyone see anything wrong in my ssl.conf file in regards to the proxy section.
Thanks in advance.

The replay answer
Advertisement
In summary:
You need to create a new wallet with CSR (certificate signing req)
Send this to your certificate authority and get the signed server certificate.
Now import the signed server cert and the trusted root cert in to the wallet that you created newly.
Modify ssl.conf to point to the new wallet location.
To create wallet refer to : http://docs.oracle.com/cd/E25054_01/core.1111/e10105/wallets.htm#CHDGIJDC
Further reference: http://docs.oracle.com/cd/E25054_01/core.1111/e10105/sslconfig.htm#CBDGIJDF
Dont mind if this doc is 500 pages ;)

Go to See the other 6 answers

Weblogic certificate is not being authenticated in Oracle HTTP Server

Category:DefaultRelease time:2015-10-11Views:130

I am using Oracle HTTP Server with SSL and mod_proxy set up trying to pass a url through to the weblogic server. I start with my OHS url in the browser and the proxy is switches to the url to weblogic but I get the following error on the OHS side: [2[More]

Implement Oracle Aplication Server Portal - Starting work

Category:DefaultRelease time:2015-10-11Views:130

Hi everyone I work with java and Oracle database, manager oracle application server, but i need to learn Oracle Aplication Server Portal, i just to know some tips to start. How can i do that? Thanks José VieiraHi José, The link : http://www.oracle.co[More]

Fate of Oracle Application Server? Is it going to be obsolete?

Category:DefaultRelease time:-0001-11-30Views:130

Hi all, What is the fate of Oracle Application Server? Is Oracle going to dump or obsolete it ? Or it will coexist along with WebLogic? Many thanks. OmerOracle Application Server is a suit of products which includes Oracle HTTP Server, Web Cache, Dis[More]

Install SSL certificate for Oracle HTTP server

Category:DefaultRelease time:-0001-11-30Views:130

I received a PFX file that contains an SSL wildcard certificate for our company *.xyz.com. I used this tool "xca" to extract two files: "server.crt" and "serverkey.pem". I want to install this on the oracle 11g HTTP server (O[More]

Migration from Oracle App Server 10.1.3.5 to WebLogic 12 - Expected issues?

Category:DefaultRelease time:2015-10-11Views:130

Hi all, the company I work for wants to migrate its Oracle Application Server 10.1.3.5 (with JRE 1.6) to WebLogic 12 and we need to guess which kind of remediation could be needed to have all web-apps still working. The concerned applications are usi[More]

Deploy Oracle Mobile Server on Weblogic?

Category:DefaultRelease time:2015-10-11Views:130

Hello, We currently have a client-server application which communicates over HTTP with a BEA Weblogic 8 server on Solaris, and are assessing the feasibility of creating an offline client using Oracle Lite. Ideally, we would like to install the mobile[More]

How to integrate Oracle Http Server with Weblogic

Category:DefaultRelease time:2015-10-11Views:130

Weblogic supports Apache web server 2.0 and 2.2 to be a proxy server. Oracle Http Server (OHS) is based on Apache 2.0. I am trying to configure Weblogic to use OHS that comes with OAS install as proxy on Linux environment. I am unable to get the WLS[More]

How to use LDAP authentication in Oracle Linux

Category:DefaultRelease time:2015-10-11Views:130

Hi All, In Oracle Linux 2.6.18-194 el5, goes to system->Administration->Authentication, enabled LDAP in both User Information and Authentication, tried to use network user account information to log in the linux machine but it did not work. The logi[More]

Slow performance with oracle http server connecting weblogic

Category:DefaultRelease time:2015-10-11Views:130

I have a performance issue while using Oracle HTTP server as a proxy with weblogic server. It takes 10-15 seconds to pass the requests. I also received the error related to SSL in my error logs even though i havent configured the SSL. please find the[More]

New install of SQL 2014 Std MSDN. Get "The SQL Server product key is not valid. To proceed, re-enter the product key values from the Certificate of Authenticity (COA) or SQL Server packaging."

Category:DefaultRelease time:-0001-11-30Views:130

Trying to install a new version of SQL 2014 Std 64 or x86. Installing on Windows 8.1Pro 64bit machine. I get: "TITLE: SQL Server Setup failure. SQL Server Setup has encountered the following error: The SQL Server product key is not valid. To proceed,[More]

Certificates from Oracle Security Server

Category:DefaultRelease time:-0001-11-30Views:130

Hi everyone Has anyone been able to genereate a certificate using the Oracle Security Server (OSS) and been able to use that to set up a HTTP listener to use SSL with that? If so, how???? OAS documentation goes on and on about how to install a certif[More]

Hot
Hi, I'm trying to assign different ip addresses to each vpn client depending the group the belong to. To do so, I create three different pools locally to the router and configure the radius server to send the Cisco-AVPair="ip:addr-pool=poolname" [More]
Hello Experts, I want to use ECN to keep track of changes on mulitlevel BOMs, but I am struggeling with understanding how this is done in the best way. Basically, my understanding is that if you want to do a change, you create a change master and set [More]
After upgrading to the latest version of firefox, my browser no longer loads any pages.Hopefully one of these articles will help you resolve the issue: [https://support.mozilla.com/en-US/kb/cannot+connect+after+upgrading+Firefox Cannot connect after [More]
i have a linked list code that wont compile successfully. The code is //Lets try the Linked List  import java.util.*; class LinkedListDemo { public static void main ( String args[]){      LinkedList l1=new LinkedList();      l1.add( "A");      l [More]
Please, how do I Create a new password file. i am trying to change dbid of my database, Do I need to delete the old password file, and create a new one by using the orapwd utility, or does orapwd utility overwrite the old one, thanks.You do not have [More]
How can I tell if I have the latest firmware for my airport card? I have a G4 15" Powerbook. When I query about this Mac, it show this as the latest firmware: : 404.2 (3.90.34.0.p16) The latest update is AirPort Extreme Firmware Update 5.7 for Mac OS [More]
Hi all, How do I configure Exchange to be able to send as an external domain? I have a closed relay which requires authentication, which works on the user's mailbox but not on external domains we don't own. There's one email I need to be able to send [More]
In a 4.6c environment I have setup action box items for various sm and QM notifications. I would like to secure some of the action box items that their execution is only allowed by authorized personnel using authority-check objects. Is there a way to [More]
Hi there, We have some installation issues with a created Adobe Pro X package. This is a new problem, the same package was installed 4 months ago on a similar system (Windows 7 enterprise edition x64) and even on a Windows Server 2008 (terminal serve [More]
Please just give me a clue! Is anyone else having the same problem as me. Ok, Dell XPS Laptop running windows 7 home premium, 2 Terabyte Drives, 8 Gigs Ram, all windows updates installed, AntiVirus up-to-date, and no new programs installed since buyi [More]