Wednesday, August 14, 2013

Adventures in F5, OHS and weblogic

http://fusionsecurity.blogspot.com/2011/04/ssl-offloading-and-weblogic-server.html
https://blogs.oracle.com/ateamsoab2b/entry/configuration_notes_for_offloading_of

So I wanted to enable ssl between my F5 and ohs and between ohs and my weblogic.
I needed to do this because we redirect 80 to https on the F5 and I had a couple of external web services deployed. When you deploy the web service and are using https only on the F5 and http pass through to the rest your wsdl url will be secure but you may not be able to easily generate services from the wsdl (because the content of the wsdl will all point to http which we blocked).

IMPORT your certificates into a new wallet - using orapki - http://docs.oracle.com/cd/E11882_01/network.112/e10746/asoappf.htm

So on your F5
  Make sure you point to the ohs on the secure socket port (4443 by default).
  Easiest way to block http is with a https redirect iRule (http://fixmyitsystem.com/2012/11/handy-simple-f5-redirect-irules.html)

OHS

mod_wl_ohs I added on my web service location
  WLProxySSLPassThrough ON
I also pointer to the SSL ports

ssl.conf I added   

  RequestHeader set IS_SSL ssl 
  RequestHeader set WL-Proxy-SSL true
  SSLEngine on 





Weblogic

Set WebLogic Plugin Enabled (see initial link)
Enable SSL (enviroment>servers>yourserver> tick ssl listen port enabled)



*Shortcut for slackers*

Fool ohs into thinking you have a secure connection instead of setting up ssl everwhere (8892 is webcenter http port):


    WebLogicCluster serverName:8892,serverName:8892
    SetHandler weblogic-handler
    WLProxySSLPassThrough ON
    RequestHeader set IS_SSL ssl
    RequestHeader set WL-Proxy-SSL true



No comments:

Post a Comment