Sitemap

Amicuk Programming Answers

Weblogic certificate is not being authenticated in Oracle HTTP Server

2015-10-11   Views:678

Advertisement

I am using Oracle HTTP Server with SSL and mod_proxy set up trying to pass a url through to the weblogic server. I start with my OHS url in the browser and the proxy is switches to the url to weblogic but I get the following error on the OHS side: [2

I am using Oracle HTTP Server with SSL and mod_proxy set up trying to pass a url through to the weblogic server. I start with my OHS url in the browser and the proxy is switches to the url to weblogic but I get the following error on the OHS side:
[2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2077] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] nzos proxy handshake error, nzos_Handshake returned 29024(server social.us.oracle.com:443, client 10.139.164.191)
[2011-12-22T18:40:09.4683-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-2171] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] NZ Library Error: Invalid X509 certificate chain [Hint: the client probably doesn't provide a valid client certificate]
[2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] (20014)Internal error: proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com)
[2011-12-22T18:40:09.4685-07:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: denovm11-6] [host_addr: 10.139.164.196] [tid: 1155799360] [user: root] [ecid: 004hBXzInYHEOPb_THt1ic0007DM000002] [rid: 0] [VirtualHost: social.us.oracle.com:443] proxy: pass request body failed to 10.139.164.191:7001 (denovm11-1.us.oracle.com) from 10.139.164.196 ()
And the following error on the weblogic side:
####<Dec 22, 2011 6:40:10 PM MST> <Warning> <Security> <denovm11-1> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <8e6c6502a1af117a:4eeee51e:13466bb040d:-8000-000000000000a764> <1324604410502> <BEA-090482> <BAD_CERTIFICATE alert was received from denovm11-6.us.oracle.com - 10.139.164.196. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
Here is my ssl.conf from OHS:
# Oracle HTTP Server mod_ossl configuration file: ssl.conf #
# OHS Listen Port
Listen 443
<IfModule ossl_module>
## SSL Global Context
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache "shmcb:${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_scache(512000)"
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
<IfModule mpm_winnt_module>
SSLMutex "none"
</IfModule>
<IfModule !mpm_winnt_module>
SSLMutex pthread
</IfModule>
## SSL Virtual Host Context
<VirtualHost *:443>
<IfModule ossl_module>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require.
SSLVerifyClient none
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
# SSL Certificate Revocation List Check
# Valid values are On and Off
SSLCRLCheck Off
#Path to the wallet
SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule proxy_module>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Path to the wallet
SSLProxyWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
SSLProxyEngine on
SSLProxyVerify none
# ottest : denovm11-1
ProxyPass /test https://abc.us.oracle.com:7001/test
ProxyPassReverse /test https://abc.us.oracle.com:7001/test
</IfModule>
</VirtualHost>
</IfModule>
On the OHS side I have all the certificates needed so SSL is working properly. The weblogic environment is currently working fine with other webgates, but those are apache and we are trying to switch to OHS.
Can OHS use mod_proxy to connect to weblogic or do I need to use mod_wl_ohs?
Does anyone see anything wrong in my ssl.conf file in regards to the proxy section.
Thanks in advance.

The replay answer
Advertisement
In summary:
You need to create a new wallet with CSR (certificate signing req)
Send this to your certificate authority and get the signed server certificate.
Now import the signed server cert and the trusted root cert in to the wallet that you created newly.
Modify ssl.conf to point to the new wallet location.
To create wallet refer to : http://docs.oracle.com/cd/E25054_01/core.1111/e10105/wallets.htm#CHDGIJDC
Further reference: http://docs.oracle.com/cd/E25054_01/core.1111/e10105/sslconfig.htm#CBDGIJDF
Dont mind if this doc is 500 pages ;)

Go to See the other 6 answers

Weblogic certificate is not being authenticated in Oracle HTTP Server

Category:DefaultRelease time:2015-10-11Views:130

I am using Oracle HTTP Server with SSL and mod_proxy set up trying to pass a url through to the weblogic server. I start with my OHS url in the browser and the proxy is switches to the url to weblogic but I get the following error on the OHS side: [2[More]

Implement Oracle Aplication Server Portal - Starting work

Category:DefaultRelease time:2015-10-11Views:130

Hi everyone I work with java and Oracle database, manager oracle application server, but i need to learn Oracle Aplication Server Portal, i just to know some tips to start. How can i do that? Thanks José VieiraHi José, The link : http://www.oracle.co[More]

Fate of Oracle Application Server? Is it going to be obsolete?

Category:DefaultRelease time:-0001-11-30Views:130

Hi all, What is the fate of Oracle Application Server? Is Oracle going to dump or obsolete it ? Or it will coexist along with WebLogic? Many thanks. OmerOracle Application Server is a suit of products which includes Oracle HTTP Server, Web Cache, Dis[More]

Install SSL certificate for Oracle HTTP server

Category:DefaultRelease time:-0001-11-30Views:130

I received a PFX file that contains an SSL wildcard certificate for our company *.xyz.com. I used this tool "xca" to extract two files: "server.crt" and "serverkey.pem". I want to install this on the oracle 11g HTTP server (O[More]

Migration from Oracle App Server 10.1.3.5 to WebLogic 12 - Expected issues?

Category:DefaultRelease time:2015-10-11Views:130

Hi all, the company I work for wants to migrate its Oracle Application Server 10.1.3.5 (with JRE 1.6) to WebLogic 12 and we need to guess which kind of remediation could be needed to have all web-apps still working. The concerned applications are usi[More]

Deploy Oracle Mobile Server on Weblogic?

Category:DefaultRelease time:2015-10-11Views:130

Hello, We currently have a client-server application which communicates over HTTP with a BEA Weblogic 8 server on Solaris, and are assessing the feasibility of creating an offline client using Oracle Lite. Ideally, we would like to install the mobile[More]

How to integrate Oracle Http Server with Weblogic

Category:DefaultRelease time:2015-10-11Views:130

Weblogic supports Apache web server 2.0 and 2.2 to be a proxy server. Oracle Http Server (OHS) is based on Apache 2.0. I am trying to configure Weblogic to use OHS that comes with OAS install as proxy on Linux environment. I am unable to get the WLS[More]

How to use LDAP authentication in Oracle Linux

Category:DefaultRelease time:2015-10-11Views:130

Hi All, In Oracle Linux 2.6.18-194 el5, goes to system->Administration->Authentication, enabled LDAP in both User Information and Authentication, tried to use network user account information to log in the linux machine but it did not work. The logi[More]

Slow performance with oracle http server connecting weblogic

Category:DefaultRelease time:2015-10-11Views:130

I have a performance issue while using Oracle HTTP server as a proxy with weblogic server. It takes 10-15 seconds to pass the requests. I also received the error related to SSL in my error logs even though i havent configured the SSL. please find the[More]

New install of SQL 2014 Std MSDN. Get "The SQL Server product key is not valid. To proceed, re-enter the product key values from the Certificate of Authenticity (COA) or SQL Server packaging."

Category:DefaultRelease time:-0001-11-30Views:130

Trying to install a new version of SQL 2014 Std 64 or x86. Installing on Windows 8.1Pro 64bit machine. I get: "TITLE: SQL Server Setup failure. SQL Server Setup has encountered the following error: The SQL Server product key is not valid. To proceed,[More]

Certificates from Oracle Security Server

Category:DefaultRelease time:-0001-11-30Views:130

Hi everyone Has anyone been able to genereate a certificate using the Oracle Security Server (OSS) and been able to use that to set up a HTTP listener to use SSL with that? If so, how???? OAS documentation goes on and on about how to install a certif[More]

Hot
Hi, If any requirment is given ,Based on what conditions we decide which  data target(i.e a cube or dso) to be used ? As of my knowledge, 1) DSO has the property of Over write option and cube have additive property. 2) DSO  can have delta records and [More]
I have migrated AD from a 2003 SBS SP2 server to a 2008 R2 SP1 server using the following article: http://technet.microsoft.com/en-us/library/dd379526.aspx I realize now that this was not the right article as it is for 2003 SP2 Standard, however I do [More]
Since transferring data from my desktop to my laptop, i am now having problems copying and pasting details from my bank website in to a word document, the formatting is all over the place. This didnt happen before, when i pasted the details in to the [More]
Dymasearch comes up CONSTANTLY when using the Firefox search toolbar. I'm not bothered with those weasels in any other browser. How do I solve this dilemma. God only knows how many malware and virus programs I've run - All to no avail. Thanx.Check th [More]
I'm using adf/jsf, jdev 10.1.3.4. I'm trying to use the af:menuBar component in conjunction with the af dialog/popup functionality. More specifically, when the user clicks a menu item to navigate, if there are changes to the data on the current page [More]
How ca raw files be imported into elements from a nikon d810If the images are in iPhoto for iOS use the Share to iTunes feature. Then connect your iPad to the computer you normally sync with, open iTunes, select your iPad in the left column of iTunes [More]
I have exported Integration Content into test system. All works OK in Dev. When I executed test scenario (test xi instance) half of mappings works OK. With another I get error:  <i><SAP:Code area="MAPPING">JCO_SYSTEM_FAILURE</SAP: [More]
Hi All, i am using Eclipse 3.2 to create an EJB module. i created a new EJB project......in it in ejbModule, i created a package and a JAVA class in it........... when in the JAVA class, i wrote import javax.ejb.SessionBean; it gave error on javax.ej [More]
We are preparing to migrate 2500 workstation clients from one 2012 R2 hierarchy to another. How can we preserve UDA so that we don't have to wait for it to be automatically generated? This would impact our ability to provide support.I would say Power [More]
Hi, Using (still) Framemaker 8, Structured. I have documents that use the non-breaking hyphen. I would like to save these to XML, then use XSLT to translate the documents to a new form. When I encounter the non-breaking hyphen I would like to transla [More]