`
MicroJoey
  • 浏览: 87066 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

How To Configure Apache With SSL Certificates To Forward Requests To WebLogic Se

阅读更多
Applies to:
Oracle Weblogic Server – Version: 8.1 to 10.3.3
Information in this document applies to any platform.

Goal
Detailed steps to configure Apache with SSL in a WLS environment.

This process will successfully setup SSL communication between the client (browser) and the Apache Web Server as well as SSL (https) communication between the Apache Web Server and the WebLogic Server.

At a high level, the following steps are implemented:

Create a valid certificate from Verisign
Configure Apache plugin to use SSL using the new certificate
Configure WLS to use the new certificate
Test SSL proxy request to WLS
Solution
Apache configuration
Install apache 2.2.
Include the following in httpd.conf file:
LoadModule weblogic_module modules/mod_wl_22.so
Copy the mod_wl_22.so from the folder: <WebLogic_Home>\server\plugin\win\32 to
<Apache_Home>\modules.
Uncomment LoadModule ssl_module modules/mod_ssl.so in httpd.conf
Include Include conf/extra/httpd-ssl.conf must be uncommented.
Now run the following commands in apache:
>> set OPENSSL_CONF=F:\apache2.2\conf\openssl.cnf
>> openssl genrsa -des3 -out localhost.key 1024
Enter pass phrase:
>> openssl req -new -key localhost.key -out localhost.csr
It will generate the csr file. Place the csr file in a particular folder.

Goto verisign website and enter personal information. It will ask for csr. Pls enter the above csr and the root CN information.
Verisign will send a mail with intermediate certificate, public certificate and root CA.
Once included, you must comment for windows.
#SSLPassPhraseDialog builtin
Include the following:
SSLCertificateFile “<dir>/public.crt” => save this from the email sent by verisign
SSLCertificateKeyFile “<dir>/localhost.key”
SSLCertificateChainFile “<dir>/intermediate.crt”
And comment other similar entries.
Test https://localhost/index.html: it will work.
WebLogic Server Configuration
Generate a private key
jdk_home\bin\keytool -genkey -alias <your_alias_name> -keyalg RSA -keystore <your_keystore_filename>
Generate a certificate request (csr file)
jdk_home\bin\keytool -certreq -keyalg RSA -alias <your_alias_name> -file certreq.csr -keystore <your_keystore_filename>
Paste the csr file and get the trail certificate(save as public.pem) and intermediate CA (save
as intermediate.pem) and Root CA(save as CA.pem) from the email sent from Verisign website.
Import root CA into keystore:
keytool -import -alias verisignCA -file CA.pem -keystore <your_keystore_filename> -trustcacerts
Import intermediate CA into keystore:
keytool -import -alias verisignIntermediateCA -file Intermediate.pem -keystore <your_keystore_filename> -trustcacerts
Import the public key into your keystore. It will go on the same alias as the private key:
keytool -import -alias <your_alias_name> -file public.pem -keystore <your_keystore_filename> -trustcacerts
To view the keystore:
keytool -list -keystore mykeystore.jks -v
From the Admin console, go to your server page, and in the Keystore & SSL tab choose:
Custom Identity and Custom Trust
Custom Identity
Custom Identity Key Store File Name: <your_keystore_filename>
Custom Identity Key Store Type: jks
Custom Identity Key Store Pass Phrase: <your password>
Confirm Custom Identity Key Store Pass Phrase: <your password>
Custom Trust
Custom Trust Key Store File Name: <your_keystore_filename>
Custom Trust Key Store Type: jks
Custom Trust Key Store Pass Phrase: <your password>
Confirm Custom Trust Key Store Pass Phrase: <your password>
Private Key Alias: <your_alias_name>
Passphrase: password
Confirm Passphrase: password
Restart your server and now try https://localhost:7002/console
You should see the following while server starts up:
<Aug 4, 2009 7:19:17 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000298>
<Certificate expires in 14 days: [
[
Version: V3
Subject: CN=localhost, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=oracle,
O=oracle, L=BANG, ST=KA, C=IN
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 1024 bits
modulus:
1005070948376358074374236852403785592182590705370591472921278852507162691666556315447504840297044217
406796806
8632923437196828010145594050195432044329126731123133367158479667242853741709746093197774813648593717
91639176198708507422
56868100626678565588940082002286028558797528920106552889565563824202336798115363
public exponent: 65537
Validity: [From: Tue Aug 04 05:30:00 GMT+05:30 2009,
To: Wed Aug 19 05:29:59 GMT+05:30 2009]
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at
https://www.verisign.com/cps/testca (c)09, OU="For
Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
SerialNumber: [ 5f8db365 ede6fd4b fbd717f2 48b0804f]

Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 62 30 60 A1 5E A0 5C 30 5A 30 58 30 56 16 09 .b0`.^.\0Z0X0V..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 4B 6B B9 28 96 06 0C BB .+......Kk.(....
0030: D0 52 38 9B 29 AC 4B 07 8B 21 05 18 30 26 16 24 .R8.).K..!..0&.$
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 31 sign.com/vslogo1
0060: 2E 67 69 66 .gif

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 17 13 8A BD D6 A2 B5 DC 06 2C B7 B6 8E DA 10 (.........,.....
0010: 66 60 6E E5 f`n.
]

]

[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRTrial-G2-crl.verisign.com/SVRTrialG2.crl]
]]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.21]

Click the lock icon in the bottom right of the screen and view the certificate.
Goto certification Path and select Root Certificate. View the certificate and copy to file MyWeblogicCAToTrust.cer in a particular location, say location1.
WebLogic Web Server Apache Plugin Configuration
Configure the following in apache httpd configuration.
<IfModule mod_weblogic.c>
WebLogicHost myip
WebLogicPort myport
SecureProxy ON
TrustedCAFile "<location1>\MyWeblogicCAToTrust.cer"
RequireSSLHostMatch false
EnforceBasicConstraints OFF
Debug ALL
WLLogFile <location>/wl_log.log
</IfModule>

<Location /weblogic>
SetHandler weblogic-handler
</Location>

<Location /console>
SetHandler weblogic-handler
</Location>

Access http://localhost:7001/console
Import the CA.pem for apache and weblogic in the browser using content-> certificate->
Import-> Autoselect store based on type of cert- option.
分享到:
评论

相关推荐

    How to configure DCM UDS with the DEXT Editor.pdf

    How to configure DCM UDS with the DEXT Editor.pdf

    How to configure ODBC DSN to access local DB2 for Windows

    This article introduces how to configure ODBC DSN in Server to access local DB2 for windows in detail. Then I give a sample how to access local DB2 database with ODBC by DB Query Analyzer expediently.

    How to configure ODBC DSN in Client to access DB2 for Windows.

    This article introduces how to configure ODBC DSN in Client to access remote DB2 for windows in detail. Then I give a sample how to access remote DB2 database with ODBC by DB Query Analyzer ...

    apache 无法加载ssl模块的问题

    2. **配置**:`./configure --enable-ssl --with-ssl=/path/to/openssl-src-dir` 3. **编译**:`make` 4. **安装**:`sudo make install` 对于“mod_ssl_etc”这个文件名,这可能是指 Apache 的 SSL 相关配置文件,...

    apache配置ssl

    2. **安装Apache HTTP Server**:同样需要从Apache官网下载对应版本的源代码,然后执行`./configure`进行配置,启用SSL模块(`--enable-ssl`),并指定OpenSSL的安装路径(`--with-ssl=/usr/local/ssl`)。...

    How To Guide - Configure SSL in ABAP System.pdf

    官方操作手册,该手册内包含操作截图,完整的指导用户如何使用SAP ABAP系统。内含SSL证书部署的步骤

    How to Configure Odoo 13 on Pycharm Ubuntu 18(1).mp4

    How to Configure Odoo 13 on Pycharm Ubuntu 18 ubuntu18下安装ODOO13 pycharm配置ODOO13开发环境

    Apache-mod_ssl-PHP-Howto

    根据给定的文件信息,以下是对“Apache-mod_ssl-PHP-Howto”配置与安装流程的知识点详述,尤其关注于嵌入式Linux环境下的应用。 ### 一、概述 在嵌入式Linux环境中,Apache作为流行的Web服务器,结合mod_ssl模块及...

    apache的SSL配置手册

    ./configure --prefix=/usr/local/apache2 --enable-so --enable-ssl=static --with-ssl=/usr/local/ssl --enable-mods-shared=all ``` 这里,`--with-ssl=/usr/local/ssl`参数告诉Apache2使用哪个OpenSSL安装。 #...

    apache反向代理weblogic

    这种配置允许Apache作为面向公众的入口点,处理SSL加密、负载均衡和静态内容服务,而WebLogic则专注于处理动态应用程序逻辑。以下是对这一主题的详细说明: 1. **Apache 安装**: - 解压Apache HTTP Server的...

    Apache&weblogic;安装及配置反向代理转发

    Apache 和 Weblogic 安装及配置反向代理转发 在本文中,我们将详细介绍如何安装和配置 Apache 和 Weblogic,以实现反向代理转发。该配置可以将 Weblogic 服务器的内容转发到 Apache 服务器上,从而提高网站的性能和...

    apache2配置ssl

    - `./configure --prefix=/usr/local/apache2 --with-apr=/path/to/apr --with-apr-util=/path/to/apr-util --with-pcre=/path/to/pcre --with-ssl` - `make` - `sudo make install` 完成安装后,你需要配置...

    apachessl-install.zip

    ./configure --prefix=/usr/local/apache2 --with-ssl=/path/to/openssl --with-apr=/path/to/apr --with-apr-util=/path/to/apr-util --with-pcre=/path/to/pcre make && sudo make install ``` 3. **配置SSL**...

    AUTOSAR XCP详细配置流程 How to configure XCP

    这份应用说明文档提供了在 RTA-CAR 9.1.0 VRTA Starter Kit 上配置 XCP(测量和校准协议)的详细步骤。XCP 配置涉及对 DBC 和 DBF 文件的更新,ECU 配置的更新,XCP BSW 模块的配置,BswM 动作列表的初始化,SWC 的...

    linux下集成Apache与weblogic

    ### Linux下集成Apache与WebLogic知识点详解 #### 一、集成背景及假设条件 在Linux环境下集成Apache与WebLogic,主要是为了实现WebLogic服务器作为后端应用服务器,而Apache作为前端反向代理服务器的一种架构模式。...

    linux下apache页面认证+ssl

    ./configure --prefix=/apache/httpd --enable-ssl=static --with-ssl=/usr/local/ssl --enable-so make make install ``` 其中`--prefix`用于指定Apache的安装路径,`--enable-ssl=static`与`--with-ssl`选项则...

    Apache Spark 2.x Cookbook

    Install and configure Apache Spark with various cluster managers & on AWS Set up a development environment for Apache Spark including Databricks Cloud notebook Find out how to operate on data in Spark...

Global site tag (gtag.js) - Google Analytics