https://blogs.oracle.com/ateamsoab2b/entry/configuration_notes_for_offloading_of
So I wanted to enable ssl between my F5 and ohs and between ohs and my weblogic.
I needed to do this because we redirect 80 to https on the F5 and I had a couple of external web services deployed. When you deploy the web service and are using https only on the F5 and http pass through to the rest your wsdl url will be secure but you may not be able to easily generate services from the wsdl (because the content of the wsdl will all point to http which we blocked).
IMPORT your certificates into a new wallet - using orapki - http://docs.oracle.com/cd/E11882_01/network.112/e10746/asoappf.htm
So on your F5
Make sure you point to the ohs on the secure socket port (4443 by default).
Easiest way to block http is with a https redirect iRule (http://fixmyitsystem.com/2012/11/handy-simple-f5-redirect-irules.html)
OHS
mod_wl_ohs I added on my web service location
WLProxySSLPassThrough ON
I also pointer to the SSL ports
ssl.conf I added
RequestHeader set IS_SSL ssl
RequestHeader set WL-Proxy-SSL true
SSLEngine on
Weblogic
Set WebLogic Plugin Enabled (see initial link)
Enable SSL (enviroment>servers>yourserver> tick ssl listen port enabled)
*Shortcut for slackers*
Fool ohs into thinking you have a secure connection instead of setting up ssl everwhere (8892 is webcenter http port):
WebLogicCluster serverName:8892,serverName:8892
SetHandler weblogic-handler
WLProxySSLPassThrough ON
RequestHeader set IS_SSL ssl
RequestHeader set WL-Proxy-SSL true
No comments:
Post a Comment