Using ssl on WebLogic, not on Apache

Hi Folks,
This is probably a really obvious question, though I can't seem to figure it.
Does anyone know if Apache plug-in supports SSL between the browser and WebLogic
? For example, can it then get a session id from the request, so it can keep
sticky sessions ?
Maybe it can work if session id's go into URL instead of cookie, or such.
thanks in advance!
John

Hi, I have the exact same setup and the exact same error message in the logs. It does not seem to mather if I use the module that offers 128bit encryption or the standard one.
Group/User permisions do not make any diffrence.
So me being the weird person I am tried libs that come with service pack 3. This solved the problem.
It seems that this service pack 5 has a little problem with this version of redhat and or with this version of apache...
I hope this works for you as well.

Similar Messages

  • HTTP adapter using SSL through a reverse proxy (Apache)

    I've configured SSL on the PI Server (Double_Stack) and it is working fine.  I need to configure an Apache server to act as a reverse proxy which will accept client certificates.  Is there a how to or SDN post on this?  I have been searching but no luck.  I have found info on www.apache.org but it is confusing.  Web Dispatcher is not an option in this case (mandated Apache).  Thanks for the help.

    Didn't need to use Apache.

  • Precondition Failed problem with apache plugin using SSL

    I got a "Precondition Failed" while trying to use apache + mod_ssl + mod_wl128_20.so.
    I am using Apache 2.0.52 & WebLogic 8.1 SP4 on Windows 2K Server.
    The web.xml is something like this:
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Secured</web-resource-name>
    <url-pattern>/appmanager/Portal/desktop</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    While the httpd.conf is:
         <IfModule mod_weblogic.c>
              SetHandler weblogic-handler
              WebLogicHost localhost
              WebLogicPort 7001
              MatchExpression *
         </IfModule>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    <VirtualHost localhost:443>
         <IfModule mod_weblogic.c>
              DEBUG ALL
              SetHandler weblogic-handler
              SecureProxy ON
              TrustedCAFile C:/bea81/weblogic81/server/lib/CertGenCA.der
              RequireSSLHostMatch FALSE
              WebLogicHost localhost
              WebLogicPort 7002
              KeepAliveEnabled false
              MatchExpression *
         </IfModule>
    The proxy of http is fine and I can also use port virtualhost 443 map to weblogic http (port 7001).
    But when I use 443 map to 7002 (SSL), I got an error:
         Precondition Failed
         The precondition on the request for the URL /MyPortal/appmanager/Portal/desktop evaluated to false.
    When I turned on the DEBUG ALL in httpd.conf, I find an error message:
         ================New Request: [GET /MyPortal/appmanager/Portal/desktop HTTP/1.1] =================
         Thu Aug 11 14:29:44 2005 INFO: SSL is configured
         Thu Aug 11 14:29:44 2005 SSL Main Context not set. Calling InitSSL
         Thu Aug 11 14:29:44 2005 ERROR: SSL initialization failed
    Can anyone help me? Please email me by [email protected]
    Thanks very much!

    I got past the initial problem. You need to run der2pem and use the pem file not the der file.

  • Apache Proxy Plugin with SSL in Weblogic Cluster

    Hi,
    I have configured a weblogic cluster and configured SSL. Then I configured the apache plugin to work with the cluster machines with non ssl and worked succesfull but when I configured the ssl communication between apache and weblogic I´m having problems.
    The actual configuration is:
    <Location /spmlws>
    SetHandler weblogic-handler
    WLLogFile /var/log/httpd/tmpweblogic1.log
    DebugConfigInfo ON
    Debug ALL
    KeepAliveEnabled ON
    KeepAliveSecs 15
    WebLogicPort 7002
    SecureProxy ON
    TrustedCAFile /opt/freeware/etc/httpd/conf/trustedCA35cert.pem
    TrustedCAFile /opt/freeware/etc/httpd/conf/trustedCA36cert.pem
    WLProxySSL ON
    RequireSSLHostMatch false
    WebLogicCluster machine35:7002,machine36:7002
    EnforceBasicConstraints false
    </Location>
    The problem is that the plugin always takes the last TrustedCAFile. In this way if machine36 is down the plugin tries to send all the request to machine35 but it takes the TrustedCAFile for the machine36 (/opt/freeware/etc/httpd/conf/trustedCA36cert.pem) hence the apache complains
    [Wed Jun 30 11:13:56 2010] [error] [client 10.19.232.249] ap_proxy: trying GET /spmlws/OIMProvisioning at backend host '10.19.232.97/7002; got exception 'WRITE_ERROR_TO_SERVER [os error=0,  line 796 of ../nsapi/URL.cpp]: '
    What can I do to have multiple TrustedCAFile or to have working the communication between apache and weblogic cluster using SSL?
    thanks in advance

    Acording to the documentation this is not possible.
    One way to achieve the load balancing of n-weblogic servers in cluster using ssl is to configure de HttpClusterServlet.

  • IAS does not start when using SSL

    Hello all,
    I hope I hit the correct board for this question and search did find anything useful for my Problem.
    We have a couple of Oracle Databases which are using IAS to serve a PL/SQL and Perl based WepApp. The Databases are 10g (10.2.0.3), and the Servers are running Novell SLES 9 x86_64 (SP 3). We need https on these Machines, so I configured the Server for SSL, created a Certificate using Wallet Manager and so on, exactly as described in the Documentation.
    However when I try to start the HTTP Server with "ssl-enabled" in opmn.xml to enable SSL it does not start any more. It simply cannot load the "mod_ossl.so" Library:
    Logfile says:
    /opt/oracle/product/10.2.0/http_1/Apache/Apache/bin/apachectl startssl: execing httpd
    Syntax error on line 246 of /opt/oracle/product/10.2.0/http_1/Apache/Apache/conf/httpd.conf:
    Cannot load /opt/oracle/product/10.2.0/http_1/Apache/Apache/libexec/mod_ossl.so into server: /opt/oracle/product/10.2.0/http_1/Apache/Apache/libexec/mod_ossl.
    so: undefined symbol: dbm_firstkey
    I have googled and searched Metalink but did not find anything useful. I assume that "dbm_firstkey" refers to the GNU database routines (gdbm), but I am kinda stuck right now. Has anyone stumped upon this maybe?
    Kind Regards
    Maik

    Two issues:
    - this does not look like OracleAS, but like the HTTP Server from the database;
    - you seem to be loading a 32 bit process (apache/httpd) into a 64 bit shell.
    try starting it within 'linux32 bash' instead.

  • Jax-ws: Encrypt at message level, not using SSL

    Hello everyone,
    I have a non functional requisite that is very hard to accomplish. I have an architecture like the following: a Tomcat (web) that calls webservices that runs in a Weblogic or JBoss. The easiest solution for encrypting the communication I think is using SSL with an integration user (login/password).
    Well, the client wants the following: encrypt and sign the message at message level, not at transport level. I am using jax-ws as webservice technology.
    I am trying with Metro, but it is difficult to make it work in weblogic (and I suppose worse in JBoss).
    Any ideas?
    Thanks in advance.

    Hi David,
    Many thanks! I appear to have completely missed that artical while seaching for a solution.  I have run through the steps, and the replica appears to be using SSL OK, in as much I can connect to it using SSL.
    I have looked at the communication between the master & replica, and it appears that they are still using port 389 for comms, which surgests that replication traffic between the two servers is still unencrypted, which seems a little odd, again have I missed something?
    Regards
    Matt

  • Apache Plugin using SSL

    Hi,
    I'm using weblogic 8.1 SP4 and using demo certificate and https works fine on the APP server, I created a .PEM file and copied the same onto the apache2 webserver Httpd.conf,
    When I try to access the appserver from the web HTTP works but using HTTPS doent work,
    Regards

    I got past the initial problem. You need to run der2pem and use the pem file not the der file.

  • I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server.

    I can't set up gmail in my iPad 2. Keep on saying ' can't connect with SSL and ask me whether to connect without using SSL, then I press 'yes' and it said again IMAP is not working and tell me to see network connection and incoming mail server. No idea how to do anymore. Already tried to figure out. But not work. Can anyone pls help me?

    Nope, doesn't pass verification. I get the spinner for a minute or so, then the alert about setting it up without SSL. Are you suggesting I disable Fetch and Push BEFORE I enter the account details? Because I never get past the account details screen, unless I choose "Set up without SSL" after the warning.

  • Norton Internet Security cannot scan emails the use SSL. How do I insure that I do not get a virus or malware by opening an email in Thunderbird?

    Norton Internet Security cannot scan emails the use SSL. How do I insure that I do not get a virus or malware by opening an email in Thunderbird? I have read that you don't have to click on a link to get malware but that some email can trigger malware just by opening and reading. Any suggestions to keep my emails from triggering malware? AOL Desktop software has it's own built-in email scanner but I'm trying to get away from using their software and rely just on TB.
    Thanks

    There are many aspects to this question.
    First, using SSL or TLS to send and receive email is important because it prevents others from sniffing your email login. Particularly if you are using a device over wi-fi or on untrusted networks, this is critical because if others obtain your email login, bad things can happen.
    Of course, using SSL or TLS with your mail server also protects the content of your email from being captured by others, so that's good too.
    Second, you are correct that there can be security threats in email other than the attachments, although the attachments generally are the most dangerous. Your antivirus should protect you from bad attachments because in order to open them, they need to be written to disk in a temporary folder, and your AV software leaps into action whenever a new file is added to disk. You also can hedge your bets by using a two-step approach: first save the attachment to disk and only after it survives the real-time AV scan then launch it in the appropriate application.
    Sometimes content in the message body can trigger a vulnerability in your email software or a plugin. As these vulnerabilities become known, Mozilla updates its software, but there seem to always be new issues discovered and there will never be perfect security. I'm not sure how helpful email scanning is for this problem.

  • HT4864 "Note: If you receive errors using SSL, try using TLS instead."

    My outgoing mail server works with .me when I enable TLS, but not SSL, any security issues?

    Appreciate your reply. Please help me in my further questions.
    We were using SSL to connect to their server till now, now they want to upgrade it, so they want us to use TLS1.0
    In the link I see that TLS1.0 and others are installed but I do not see them on our server. I will have them install it. 
    Once we have TLS installed and enabled does Biztalk HTTP adapter use TLS 1.0 as default to connect to external system automatically or do I have to change the HTTP send receive port which has a certificate in it.
    Also with which tool can I check if Biztalk is actually using TLS or SSL.

  • AIM Server Settings "Use SSL" option not staying checked

    In order to login to AIM on my network, I need to use SSL (not sure of the reason, but SSL works). But whenever I check "Use SSL" in the AIM account "Server Settings" panel, I find that it unchecks itself after a day. At night, I go home, and use a different Wi-Fi network with my MacBook Pro, and I'm not sure if changing the network has anything to do with it, but when I come into work the next morning, "Use SSL" is unchecked in the iChat Preferences.
    Do anyone know what's going on here? I'd like to configure AIM to always use SSL but it doesn't seem to be sticking.

    This seems to be an issue when sitting behind a Wi-Fi hotspot with a click-through landing page (where HTTP connections are redirected to an intermediary page). SSL isn't maintained after the redirect, and iChat seems to reset this setting after failing to connect via SSL and failing.

  • Using SSL with Apache Virtual Hosts

    I am configuring Apache to use 3 virtual Host(Named base virtual Host).
    I would like to run SSL on two of the 3 virtual host.
    Do I need to gen a certificate for each virtual host or can I just use 1?

    William,
    I thought I'd give my 2 cents on this...
    Is there any particular reason as to why you are using named based virtual hosts?
    Apache recommends using IP based virtual hosts over name based virtual hosts.
    Go to http://httpd.apache.org/docs/dns-caveats.html and read the discussion on IP based virtual hosts and name based virtual hosts. The document describes the drawbacks to using the name-based approach.
    Hope this helps!
    -Manjeet

  • Enabling ssl on Weblogic server 5.1 using Verisign certificate.

    "Hi,I am trying to enable ssl in Weblogic server 5.1The properties set in my properties file areweblogic.security.certificate.server=servercert.pem(sent from the verisign via email)weblogic.security.key.server=cp8212-2d2-key.der(generated by the Certificate Servlet of Weblogic Server)

    "Hi,I am trying to enable ssl in Weblogic server 5.1The properties set in my properties file areweblogic.security.certificate.server=servercert.pem(sent from the verisign via email)weblogic.security.key.server=cp8212-2d2-key.der(generated by the Certificate Servlet of Weblogic Server)

  • Is it possible to use SSL with LDAP, but not rest of Hyperion environment?

    Hello Experts,
    We need to encrypt the user credentials passed between LDAP and Shared Services. For this, I believe, we need to use SSL. And for that, we need to SSL enable the Web App Server that Shared Services runs off? If we enable SSL on this, is it possible to continue using non-SSL versions of App & Web servers in the rest of the Hyperion environment? This is because SSL will cause a negative impact to performance, and we want to reduce that impact as much as possible.
    Environment:
    Shared Services 9.3.1.0.7 on WebSphere Application Server 6.0.2.11 on Windows 2003
    Planning 9.3.1.1
    Essbase 9.3.1
    HFM 9.3.1
    BI+ 9.3.1
    Please Suggest. Thanks in advance.
    Regards,
    Sonu

    Both windows and osx do a few things that can cause problems, they do what you say, they assume that you will connect to the same network you last connected and try to use the same configuration, they try to skip most steps like dhcp and arp and it will probably work fine if it actually is the same network and no one else got the same IP otherwise they will have to go through all the steps.
    I have seen a blog post describing the differences a while ago but now I can't find it and I don't remember how I got there, I guess that if you search long enough you might stumble upon some description of this. From what I remember, the short story is that on linux programs go by the book and try to be good neighbors, windows and osx don't and they can cause trouble just for the sake of shaving a few seconds of the time to get connected, the thing is most of the times it works fine

  • Web Service Using SSL issue

    I have a web service that has been working fine using http. Just switched over to SSL using the <WLHttpsTransport> tag on the jwsc ant command. Now I get the following error at runtime: Any ideas/suggestions? Thanks in advance - Craig
    16:22:27,953 INFO [STDOUT] Caused by: java.lang.NoClassDefFoundError: org/apache/tools/ant/BuildException
    16:22:27,953 INFO [STDOUT] at weblogic.wsee.bind.buildtime.internal.TylarJ2SBindingsBuilderImpl.<init>(TylarJ2SBindingsBuilderImpl.java:87)
    16:22:27,953 INFO [STDOUT] at weblogic.wsee.bind.buildtime.J2SBindingsBuilder$Factory.newInstance(J2SBindingsBuilder.java:30)
    16:22:27,953 INFO [STDOUT] at weblogic.wsee.util.ExceptionUtil.<clinit>(ExceptionUtil.java:48)
    16:22:27,953 INFO [STDOUT] at weblogic.wsee.util.FaultUtil.exception2Fault(FaultUtil.java:230)
    16:22:27,953 INFO [STDOUT] at weblogic.wsee.message.soap.SoapMessageContext.setFault(SoapMessageContext.java:102)

    I thought I would post an update since I found a solution. The problem was a ClassCast exception in a part of the SSL stack, that wanted to use the ant BuildException class. This has the effect of hiding the real issue which was that the SSL connection was not successfully occuring. The real problem was that the SSL connection started with a WSDL retrieved via SSL, but the connection for the port was through a username/password. When a username/password is used to create a port, the WL stack falls back to http and causes a ClassCast exception on weblogic.wsee.connection.transport.http.HttpTransportInfo. The solution is to create an https transport object when the service impl is created:
    HttpsTransportInfo transport = new HttpsTransportInfo ();
    transport.setUsername (user.getBytes ());
    transport.setPassword (pass.getBytes ());
    gServiceImpl = new PersistenceManagerService_Impl (url, transport);
    and to create the port without parameters:
    port = getServiceImpl ().getPersistenceManagerServicePort ();
    This allows one-way SSL with username/password for the connection.

Maybe you are looking for

  • I just want to sync the calendar

    Ever since I turned on iCloud, it has been a calendar nightmare.  I have tried to turn off iCloud and go back to syncing the way that actually works, with a wire. Several things: 1.  When I got my calendar events all re-entered for the second time, I

  • Installing Tomcat Connector (mod_jk)

    I just upgraded to Leopard (not the server version, but this seemed the most logical place to post this), and I'm trying to get everything working that was working under Tiger. I have always kept the most recent version of mod_jk installed so I could

  • What are you ping speeds?

    I am a bigger gamer and as such need connections with the lowest possible ping speed. I am considering changing from my regular broaband where I getting a 5.7MB down / 0.9MB up connection with 12ms on fastpath and 24ms with interleaved. (Getting BT t

  • How to align an anchor point with an object?

    I have a shape I made with the pen tool, and now I want to align one anchor point of the shape with the middle of a rectangle. How can I do this? It doesn't seem like I can do what I do for objects, which is select both objects, click the object I wa

  • WebLogic 5.1 + Cocoon

    Hi all, I am posting the steps involved in integrating Cocoon 1.7.4 with Weblogic 5.1 -- in the hope that it will be useful for some of the XML gang. I received some good help from Philip Aston, Jim Typrowitz, James Scott et al. from the Cocoon maili