HTTP adapter using SSL through a reverse proxy (Apache)

I've configured SSL on the PI Server (Double_Stack) and it is working fine.  I need to configure an Apache server to act as a reverse proxy which will accept client certificates.  Is there a how to or SDN post on this?  I have been searching but no luck.  I have found info on www.apache.org but it is confusing.  Web Dispatcher is not an option in this case (mandated Apache).  Thanks for the help.

Didn't need to use Apache.

Similar Messages

  • Using plain http adapter using (SIN)---Most urgent please help me

    Hi Experts,
    all we need to do is call the pipeline directly using plain http adapter using (SIN) and get the output from the pipeline to the local file folders. This can help developers to verify the interfaces that have been migrated to XI , to compare the out put results generated in XI with the original output captured using existing middle ware solutions.
    Could anyone help me out this Urgent

    Hi Experts,
    all we need to do is call the pipeline directly using plain http adapter using (SIN) and get the output from the pipeline to the local file folders. This can help developers to verify the interfaces that have been migrated to XI , to compare the out put results generated in XI with the original output captured using existing middle ware solutions.
    Could anyone help me out this Urgent

  • HTTPS authentication using SSL in SOAP Sender adapter

    Hi,
    We are currently doing a SOAP to RFC synchronous scenario in PI 7.0. Our client wants to ensure that the data security is maintained at the transport level. So, we have planned to implement the HTTPS without client authentication using SSL certificates. Our Basis team has promised us that they will take care of the cerficate generation and installation part in the server. Now i am confused at the PI communication channel setup level.
    1) Do i have to specify the certificate installed path in the channel or in any other object ? If so, where do i have to configure the path ?
    2) What is the exact path that has to be carried by a PI developer once the certificates are installed in the server ?
    I have attached my communnication channel screenshot below,
    http://i41.tinypic.com/mk49h.jpg
    Please let me know what i have to configure in the Sender SOAP channel to receive data securely once the certificates are installed in the system.
    Thanks & Regards,
    Sherin Jose P

    Hi,
    1.for transport level security you should assign the HTTPS connection created in SM59 to the SOAP communication channel.
    The HTTPS connection should use the certificates imported in t-code STRUST.
    have you seen below thread,
    SSL / X.509 In SOAP Sender/Receiver Adapter
    Please go through below blog,
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b2e7020d-0d01-0010-269c-a98d3fb5d16c?overridelayout=true
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2ba66?QuickLink=index&overridelayout=true
    http://help.sap.com/saphelp_nwpi71/helpdata/de/14/ef2940cbf2195de10000000a1550b0/content.htm
    2. you nedd to check the message flow between the sender and receiver through PI .
    regards,
    ganesh.

  • What is the alternative to TMG/ISA For SSL-Bridging-Capable Reverse Proxy For System Center 2012 R2 IBCM?

    When I look up alternatives to TMG many other answers say something like "Don't worry about it. TMG 2010 is under support until 2020."
    Well, we don't have TMG and can't buy it since it is off the market.  Can it still be legitimately purchased through any resellers?
    We need a reverse proxy that specifically supports SSL-Bridging so that device certificate authentication is not broken when the connection passes through the proxy.
    Which reverse proxies that are currently on the market are known to work successfully with System Center Config Manager Internet-Based Client Management and also with other Microsoft products such as Lync 2010 and RD Gateway 2012 R2?
    Do any Cisco ASA or ACE models support the required functionality for machine certificate authentication?
    We have ISA 2006 licenses available, but I would hate to roll that out and then have to replace it in only 2 years rather than using something that can stay in place long term.  Maybe we could use ISA 2006 temporarily as a stopgap if the next version
    released of Windows Server Web Application Proxy would meet the requirements and can be deployed in production before ISA 2006 is completely EOL.
    I hate that Microsoft keeps discontinuing all the related products to this before they have their replacements ready.

    Hi,
    You are correct, all TMG product sales officially ended in December 2012.
    In addition, an ISA Server and a TS Gateway server can be used together to enhance security for remote connections to internal network resources. However, it
    seems that ISA 2006 cannot support that on Windows Server 2012 R2. For more detailed information:
    Configuring the TS Gateway ISA Server Scenario
    Personally, Web application proxy would be an alternate. In addition, for the question related to Cisco product, you can contact Cisco for assistance.
    Best regards,
    Susie

  • HTTP Adapter outbound (SSL) processing

    I am trying to send a XML message (an Invoice) from XI to an external Customer via HTTP Adapter.
    The site I am posting the message to is SSL.
    I have installed the Customer's Certificate via STRUST under SSL Client (Standard) and can see it in the
    certificate list.
    Within the Communication Channel for HTTP Adapter I have tried Addressing Type of URL
    and also with a HTTP (SM59) destination.  Both do not work.
    The setting used for both are
    host : workflw.externalcustomer.xxx.com  Service: 443
    Path : /SubmitInvoiceUAT/SubmitInvoice.asmx/SubmitCXML
    HTTP Proxy : internetproxy.mycompany.com
    Proxy Servuce : 80
    SSL Active : SSL Client Certificate ANONYM SSL Client(Anonymous).  As no client cert is used for logon
    I have attempted a connection test within SM59 for the HTTP Destination and I receive the error
    ICM_HTTP_SSL_ERROR.
    1) If the SSL Client Certificate ONLY for logon then how does XI know what cert to encyrption with?.
    2) Should Verisign/Thawte etc CA certs be also installed in STRUST ?
    Does that "public" key for encryption need to be placed anywhere (eg STRUST) or will XI just do
    3) this when it does the handshake with the external HTTPS site it is posting to ?
    4) Also the transaction STRUST may (or may not depending on how the documentation is interpreted) need the installation of some certs into its PSE (Personal Security Environment).  But exactly what they mean is a mystery.  I have created what I thought was the servers cert but cannot see to create a dev.connector.boc.com named certificate.  Perhaps that is not needed.
    Here is the help <a href="http://help.sap.com/saphelp_nw70/helpdata/en/e8/1f1041a0f6f16fe10000000a1550b0/frameset.htm">SAPHelp on  PI HTTPS Config</a>
    5) Also OSS note 510007 it advises to check a number of settings.  I have had a look at what I can ..namely via transaction RZ10  and I can see one parameter and should that be changed to include a HTTPS ? .i,e  currently it is set to     <i>icm/server_port_0  PROT=HTTP,PORT=80$$,PROCTIMEOUT=3600</i>

    Hello
    As a process you have done well. I suspect the problem could be with " SSL Client Certificate  ". Check weather the SSL Client Certificate  is Valid version.
    Best practice.
       Alway when we are communicating with HTTP outbound. It is better to have a STANDALONE ftp location for both SENDER and RECEIVE xml DATA transfter files.
             I hope I answered your question. It was nice answering your question. Feel free to reach SDN if you have any questions.
    Regards

  • SSL Issue with reverse proxy module

    Hi there,
    I'm hoping someone can help me. I am using Sun ONE Web Server 6.1SP7 Reverse Proxy Plugin to connect to a backend server over SSL.
    However the backend server is reporting errors on the SSL handshake: SSL_ERROR_NO_CYPHER_OVERLAP
    I have installed ssldump and can see the following set of cipher suites are offered by the client (in this case, the reverse proxy module:
    New TCP connection #6: dptettsw02(62951) <-> dptdevss01(31006)
    6 1 0.0105 (0.0105) C>S SSLv2 compatible client hello
    Version 3.1
    cipher suites
    SSL2_CK_RC4
    SSL2_CK_RC2
    SSL2_CK_3DES
    SSL2_CK_DES
    SSL2_CK_RC4_EXPORT40
    SSL2_CK_RC2_EXPORT40
    TLS_RSA_WITH_RC4_128_MD5
    Unknown value 0xfeff
    TLS_RSA_WITH_3DES_EDE_CBC_SHA
    Unknown value 0xfefe
    TLS_RSA_WITH_DES_CBC_SHA
    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
    TLS_RSA_EXPORT_WITH_RC4_40_MD5
    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
    How do I configure the reverse proxy module to use a different cipher suite?
    Any help would be greatly appreciated and please let me know if anything is unclear
    Thanks!
    Kev

    Hi there.
    The server.xml file is below:
    <?xml version="1.0" encoding="UTF-8"?>
    <!--
    Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
    Use is subject to license terms.
    -->
    <!DOCTYPE SERVER PUBLIC "-//Sun Microsystems Inc.//DTD Sun ONE Web Server 6.1//EN" "file:///opt/SUNWwbsvr/servers/bin/https/dtds/sun-web-server_6_1.dtd">
    <SERVER qosactive="no" qosmetricsinterval="30" qosrecomputeinterval="100">
    <PROPERTY name="docroot" value="/opt/iplanet/servers/docs"/>
    <PROPERTY name="user" value=""/>
    <PROPERTY name="group" value=""/>
    <PROPERTY name="chroot" value=""/>
    <PROPERTY name="nice" value=""/>
    <PROPERTY name="dir" value=""/>
    <PROPERTY name="accesslog" value="/opt/SUNWwbsvr/servers/https-ETT03WEB02/logs/accessSSL"/>
    <LS id="group1" ip="0.0.0.0" port="2080" acceptorthreads="1" blocking="no" security="off" defaultvs="https-ETT03WEB02" servername="dptettsw02"/>
    <LS id="ls2_default" ip="0.0.0.0" port="20443" acceptorthreads="1" blocking="no" security="on" defaultvs="https-ETT03WEB02" servername="ptpcam-ptpett-drs.dwpptp.londondc.com">
    <SSLPARAMS servercertnickname="Server-Cert" ssl2="off" ssl2ciphers="&#43;rc4,&#43;rc4export,&#43;rc2,&#43;rc2export,&#43;desede3,&#43;des" ssl3="on" ssl3tlsciphers="-rsa_rc4_128_sha,-rsa_rc4_128_md5,-rsa_rc4_56_sha,-rsa_rc4_40_md5,-rsa_3des_sha,-rsa_des_sha,-rsa_des_56_sha,-rsa_rc2_40_md5,&#43;rsa_null_md5,-fortezza,-fortezza_rc4_128_sha,&#43;fortezza_null,-fips_3des_sha,-fips_des_sha" tls="on" tlsrollback="off" clientauth="off"/>
    </LS>
    <MIME id="mime1" file="mime.types"/>
    <ACLFILE id="acl1" file="/opt/SUNWwbsvr/servers/httpacl/generated.https-ETT03WEB02.acl"/>
    <VSCLASS id="defaultclass" objectfile="obj.conf" rootobject="default" acceptlanguage="off">
    <PROPERTY name="docroot" value="/opt/iplanet/servers/docs"/>
    <PROPERTY name="user" value=""/>
    <PROPERTY name="group" value=""/>
    <PROPERTY name="chroot" value=""/>
    <PROPERTY name="nice" value=""/>
    <PROPERTY name="dir" value=""/>
    <VS id="https-ETT03WEB02" connections="group1" urlhosts="dptettsw02" mime="mime1" aclids="acl1" state="on">
    <USERDB id="default" database="default"/>
    </VS>
    <VS id="ETT03WEB02_SSL" connections="ls2_default" urlhosts="ptpcam-ptpett-web.dwpptp.londondc.com" mime="mime1" aclids="acl1" state="on">
    <USERDB id="default" database="default"/>
    </VS>
    </VSCLASS>
    <JAVA javahome="/opt/SUNWwbsvr/servers/bin/https/jdk" serverclasspath="/opt/SUNWwbsvr/servers/bin/https/jar/webserv-rt.jar:${java.home}/lib/tools.jar:/opt/SUNWwbsvr/servers/bin/https/jar/webserv-ext.jar:/opt/SUNWwbsvr/servers/bin/https/jar/webserv-jstl.jar:/opt/SUNWwbsvr/servers/bin/https/jar/ktsearch.jar" classpathsuffix="" envclasspathignored="true" debug="false" debugoptions="" dynamicreloadinterval="2">
    <JVMOPTIONS>-Dorg.xml.sax.parser=org.xml.sax.helpers.XMLReaderAdapter</JVMOPTIONS>
    <JVMOPTIONS>-Dorg.xml.sax.driver=org.apache.crimson.parser.XMLReaderImpl</JVMOPTIONS>
    <JVMOPTIONS>-Djava.security.policy=/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/server.policy</JVMOPTIONS>
    <JVMOPTIONS>-Djava.security.auth.login.config=/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/login.conf</JVMOPTIONS>
    <JVMOPTIONS>-Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager</JVMOPTIONS>
    <JVMOPTIONS>-Xmx256m</JVMOPTIONS>
    <JVMOPTIONS>-Xrs</JVMOPTIONS>
    <SECURITY defaultrealm="file" anonymousrole="ANYONE" audit="false">
    <AUTHREALM name="file" classname="com.iplanet.ias.security.auth.realm.file.FileRealm">
    <PROPERTY name="file" value="/opt/SUNWwbsvr/servers/https-ETT03WEB02/config/keyfile"/>
    <PROPERTY name="jaas-context" value="fileRealm"/>
    </AUTHREALM>
    <AUTHREALM name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
    <PROPERTY name="directory" value="ldap://localhost:389"/>
    <PROPERTY name="base-dn" value="o=isp"/>
    <PROPERTY name="jaas-context" value="ldapRealm"/>
    </AUTHREALM>
    <AUTHREALM name="certificate" classname="com.iplanet.ias.security.auth.realm.certificate.CertificateRealm"/>
    </SECURITY>
    <RESOURCES/>
    </JAVA>
    <LOG file="/opt/SUNWwbsvr/servers/https-ETT03WEB02/logs/errors" loglevel="finest" logtoconsole="true" usesyslog="false" createconsole="false" logstderr="true" logstdout="true" logvsid="false"/>
    </SERVER>

  • SMP 3.0 (using Agentry): Requirements for Reverse Proxy

    All.
    We are in the process of designing our landscape for SMP 3.0, where we will expose Agentry functionality, and are currently looking at the Reverse Proxy technology to use.
    From the document
    Common Requirements for Reverse Proxies - Landscape Planning and Design - SAP Library
    it is stated that any reverse proxy used:
    Does not remove any HTTP headers.
    Sets a timeout period, if used, that is greater than the timeout used by the clients.
    Is this all the requirements that must be fulfilled for a reverse proxy ?
    We are looking into installing a common Reverse Proxy technology, that can handle reverse proxy requirements for multiple platforms.
    Hence I need to specify the requirements, in relation to SMP, for this technology.
    I hope someone can help.
    Thanks.
    Søren Hansen.

    Thanks Bill and Steve.
    I got it now - for Agentry support we need WebSockets.
    What about everything else on SMP 3.0 ?
    From this document:
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/200d7500-2605-3210-9d91-a24cfb6523ba?QuickLink=index&…
    it is stated on page 4 that different technologies needs different platforms.
    Application          Reverse Proxy
    Native                 Apache
    Hybrid                 Apache
    Agentry               Nginx
    MBO                   RelayServer
    Is there no one Reverse Proxy platform that can act for all application types in front of SMP 3.0 ?
    And what should the entire list of demands be ?
    Søren Hansen

  • Lync mobility and HTTP authentication test failed. Is reverse proxy required?

    I currently have the following setup.
    1 x 2013 edge server lync1.local.com
    has 3 dmz ips for external names 
    has 1 internal ip
    2 x 2013 std front end servers lync2 & lync3.local.com
    Ive read that in 2013 the mobility service is installed automatically on the front end servers and i do see it running on both.
    All my clients can connect from the windows and mac clients(internally and externally) but not from phone or windows app store client (internally or externally)
    running the exchangeconnectivity test on the website i get the following error
    Testing HTTP authentication methods for URL https://lyncdiscover.external.com/Autodiscover/AutodiscoverService.svc/root/user.
      HTTP authentication test failed.
    Additional Details
    A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
    HTTP Response Headers:
    X-MS-Server-Fqdn: lync1.local.com
    Connection: close
    Content-Length: 64
    Content-Type: text/plain
    Server: RTC/5.0
    Elapsed Time: 427 ms.
    After some reading I notice that many people refer to a reverse proxy when dealing with mobility.
    I do not have a reverse proxy server installed. Is this required for the mobility to work correctly? I cant just use the edge server?
    Thanks in advance for any help.

    Take a look at Georg Thomas' blog: http://www.lynced.com.au/2014/04/configure-citrix-netscaler-vpx-as.html also the Citrix official documentation: http://www.citrix.com/global-partners/microsoft/netscaler.html 
    Please mark posts as answers/helpful if it answers your question.
    Blog
    Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

  • Want to send information in Header dynamically using HTTP adapter using post method

    Hi ,
    I have a requirement to send below information in http Adapter header dynamically using post method. which will be authenticated by third party system.
    Authorization : WSSE realm="SDP", profile="UsernameToken", type="AppKey" X-WSSE : UsernameToken Username="XXXX", PasswordDigest="Qd0QnQn0eaAHpOiuk/0QhV+Bzdc=", Nonce="eUZZZXpSczFycXJCNVhCWU1mS3ZScldOYg==", Created="2013-09-05T02:12:21Z"
    I have followed below link to create UDF
    http://scn.sap.com/thread/3241568
    As if now my third party system is not available while sending request I am getting 504 gateway error. is there any approach I can validate my request is working fine?
    Regards,

    Hi Abhay,
    Correct me if I'm wrong but I think WSSE requires a SOAP Envelope. If that is the case, there are two approaches: the first one is to use SOAP Axis and the second one is just to build SOAP Envelope via Java mapping.
    You also need to test it successfully externally, capture the request and replicate it in XI.
    Hope this helps,
    Mark

  • SSL tunneling with reverse proxy

    Hi,
    I have configured reverse proxy on Sun Web Proxy server. Now I am trying to configure SSL tunneling .
    Steps followed :
    1. Server Manager tab -> my server instance -> Routing tab.
    2. Clicked the Enable/Disable Proxying link.
    3. Created a new regular expression connect://.*.5000 (as my content server listens for SSL connections on port 5000.
    4. Selected the connect://.*.5000 resource from the drop-down list.
    5. Selected Enable Proxying Of This Resource and clicked OK.
    But it doesn't seems to work, Is there a way to verify ? Does SSL tunneling applicable to reverse proxy ?
    Thanks,
    Nitin

    SSL tunneling is a forward proxy operation.

  • Reverse Proxy - Apache vs SAP Web Dispatcher

    Hi,
    my config consists in a portal (EP7.0 - DB/CI + AS) and an ECC system (ECC 6.0 - DB/CI + AS).
    Web developments are based on Abap Web Dynpro and are also located on ECC.
    To ensure load balancing there are 2 web dispatchers : one on EP DB/CI, one on ECC DB/CI.
    Those 2 systems are located in intranet. Intranet access are realized via http.
    Moreover I need to open this solution to internet. I need a component to filter access in DMZ and ensure reverse proxy + https functions.
    Technical target chain links are depicted below.
    internet access : browser (https) -
    >  (https) reverse proxy in DMZ (http) -
    > IS (Portal/ECC)
    intranet access : browser (http) -
    > IS (portal/ECC)
    At the moment two application gateway solutions have been identified :
    Apache (MOD_PROXY + MOD_HTTPS) - My configuration is based on Linux
    SAP Web Dispatcher ("cascading" implementation as described in OSS note 740234)
    I'm looking for PROs and CONs of those 2 solutions and I'm also seeking for the impact of ensuring https encryption/decryption at the application gateway level ("a priori" this usage is not transparent in term of server sizing - CPU/memory, do I require to implement an SSL accelerator ?).
    Regards.
    Frederic.

    Hi,
    PRO Webdispatcher:
    - Supports SAP Java + ABAP
    - Loadbalancing of SAP applications (stateful)
    - Supports load balancing (saplb_* cookie)
    - Free of costs
    - easy to set up (up & running in 2 minutes)
    - Supports HA solutions out-of-the-box (process HA)
    - Filter + Rules to modify the requests
    CONS Webdispatcher
    - not a full reverse proxy
    - Limited functionality
    - one more server/solution (normaly, a company already does have a reverse proxy solution in place)
    - limited user base (only SAP customers)
    PRO Apache
    - free
    - widly in use
    - full reverse proxy
    - allows more complex filtering / rewriting
    - can be used for more web solutions, reuse of existing apache reverse proxy
    CONS Apache
    - does not support SAP load balancing (connection to the message server port for load distribution)
    - can be more complex to set up
    - SAP specific technology / problems are more harder to fix (ABAP, Stateful connections, sap_lb*)
    Short: both will server well as a reverse proxy.
    Rule of thumb: If you go for Apache or Web Dispatcher should mainly depend on you current IT landscape. If you already do have an apache in use, use Apache. You already have the people / knowledge, try to foster it .
    If you start from scratch and have SAP Logon Groups or many WebDynpro ABAP applications, go for the Web Dispatcher.
    br,
    Tobias

  • SOAP Receiver Adapter using SSL - PI 7.0

    Hi all,
    i am currently faced with a .net WCF webservice integration using https via SOAP Receiver Adapter in PI 7.0.
    Can anybody tell me into which Visual Administrator view i have to import my certificate in order to get https working ?
    Thanks in advance,
    Martin

    It must be the View you have created for your partners. There is usually a Trusted view where you have your own certificate. And there are other views where partners cerificates are stored. There you have to store the certificate.
    Regards,
    Prateek

  • Using ssl on WebLogic, not on Apache

    Hi Folks,
    This is probably a really obvious question, though I can't seem to figure it.
    Does anyone know if Apache plug-in supports SSL between the browser and WebLogic
    ? For example, can it then get a session id from the request, so it can keep
    sticky sessions ?
    Maybe it can work if session id's go into URL instead of cookie, or such.
    thanks in advance!
    John

    Hi, I have the exact same setup and the exact same error message in the logs. It does not seem to mather if I use the module that offers 128bit encryption or the standard one.
    Group/User permisions do not make any diffrence.
    So me being the weird person I am tried libs that come with service pack 3. This solved the problem.
    It seems that this service pack 5 has a little problem with this version of redhat and or with this version of apache...
    I hope this works for you as well.

  • Example of a successful reverse proxy to APEX using Apache and Oracle HTTP

    If this helps anyone, I was able to set up a reverse proxy to APEX with Apache running on the reverse proxy server and Oracle HTTP server and APEX 3.2 on the APEX hosting server. I want to post this due to there is no
    documentation on this that I can find. Oracle Metalink could not produce any "How To" document either.
    On the reverse proxy server in the httpd.conf file:
    ProxyRequests Off
    SetEnv force-proxy-request-1.0.1
    SetEnv proxy-nokeepalive 1
    ProxyPassReverse /pls/apex/ http://apex_server:8080/pls/apex/
    ProxyPass /pls/apex/ http://apex_server:8080/pls/apex/
    ProxyPassReverse /i/ http://apex_server:8080/i/
    ProxyPass /i/ http://apex_server:8080/i/
    AddType text/xml .xbl
    AddType text/x-component .htc
    OR
    ProxyRequests off
    RewriteEngine On
    RewriteRule ^/pls/apex/(.*)$ http://apex_server:8080/pls/apex/$1 [P,NE]
    ProxyRequests off
    ProxyPassReverse /i/ http://apex_server:8080/i/
    RewriteEngine On
    RewriteRule ^/i/(.*)$ http://apex_server:8080/i/$1 [P,NE]
    And in the Oracle HTTP server httpd.conf file of the APEX hosting server:
    NameVirtualHost 999.99.99.9:8080
    <VirtualHost 999.99.99.9:8080>
    ServerAdmin [email protected]
    DocumentRoot "/u01/app/ora11g/product/11.1.0/http_1/ohs/htdocs"
    ServerName reverse_proxy_server.com
    </VirtualHost>

    Here is what I saw :
    I have one Web Server 7.0 instance with the following obj.conf :
    <Object name="default">
    <If $uri =~ "/xyz">
    NameTrans fn="map" from="/" name="reverse-proxy-/xyz" to="/"
    </If>
    <ElseIf $uri =~ "/abc">
    NameTrans fn="map" from="/" name="reverse-proxy-/abc" to="/"
    </ElseIf>
    </Object>
    <Object ppath="*">
    Service fn="proxy-retrieve" method="*"
    </Object>
    <Object name="reverse-proxy-/abc">
    Route fn="set-origin-server" server="http://server1.sun.com:80"
    </Object>
    <Object name="reverse-proxy-/xyz">
    Route fn="set-origin-server" server="http://server2.sun.com:80"
    </Object> ...When I send a request to URI :
    /abc/test1.html : the request gets served from server1 from docs/abc/test1.html.
    /xyz/test2.html : the request gets served from server2 from docs/xyz/test2.html
    Where as when you change obj.conf to (note the change in "from" parameter in "map" SAF)
    <Object name="default">
    <If $uri =~ "/xyz">
    NameTrans fn="map" from="/xyz" name="reverse-proxy-/xyz" to="/"
    </If>
    <ElseIf $uri =~ "/abc">
    NameTrans fn="map" from="/abc" name="reverse-proxy-/abc" to="/"
    </ElseIf>
    </Object>
    <Object ppath="*">
    Service fn="proxy-retrieve" method="*"
    </Object>
    <Object name="reverse-proxy-/abc">
    Route fn="set-origin-server" server="http://server1:80"
    </Object>
    <Object name="reverse-proxy-/xyz">
    Route fn="set-origin-server" server="http://server2:80"
    </Object> ...In this case when I send a request to URI :
    /abc/test1.html : the request gets served from server1 from docs/test1.html.
    /xyz/test2.html : the request gets served from server2 from docs/test2.html.

  • B2B-51075 Missing signer certificate receiving AS2 through reverse proxy

    We are setting up AS2 communication through B2B on 11.1.1.6.7,  Our reverse proxy configuration in the DMZ looks as shown:
    <Location /b2b/httpReceiver>
      WebLogicHost internalsoa.domain
       WebLogicPort 8001
       WLLogFile /dmz/logs/wl-proxy.log
       SetHandler weblogic-handler
    </Location>
    https://externaledi.domain/b2b/httpReceiver
    -Dhttp.proxySet=true -Dhttp.proxyHost=externaledi.domain -Dhttp.proxyPort=443
    When I go to the externally available URL, I receive the B2B Server is ready to accept HTTP messages from the Trading Partner message.
    In the TRACE:32 logging, I see:
    [2014-01-10T09:20:30.551-08:00] [soa_server1] [TRACE] [] [oracle.soa.b2b.engine] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c8ec097869f74d35:75fef00f:14379dde17a:-8000-0000000000080c34,0] [SRC_CLASS: oracle.tip.b2b.system.DiagnosticService] [APP: soa-infra] [SRC_METHOD: synchedLog_J] Utility:getAllCertsFromWallet:Loaded Certs 5
    [2014-01-10T09:20:30.553-08:00] [soa_server1] [ERROR] [] [oracle.soa.b2b.engine] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c8ec097869f74d35:75fef00f:14379dde17a:-8000-0000000000080c34,0] [APP: soa-infra] java.lang.NullPointerException[[
            at oracle.tip.b2b.packaging.SmimeSecureMessaging.verify(SmimeSecureMessaging.java:834)
            at oracle.tip.b2b.packaging.mime.MimePackaging.processSignedMultipartMessage(MimePackaging.java:1080)
            at oracle.tip.b2b.packaging.mime.MimePackaging.processMultipartMessage(MimePackaging.java:908)
            at oracle.tip.b2b.packaging.mime.MimePackaging.processMessageContent(MimePackaging.java:865)
            at oracle.tip.b2b.packaging.mime.MimePackaging.doUnpack(MimePackaging.java:780)
            at oracle.tip.b2b.packaging.mime.MimePackaging.unpack(MimePackaging.java:670)
            at oracle.tip.b2b.engine.Engine.processIncomingMessageImpl(Engine.java:1888)
            at oracle.tip.b2b.engine.Engine.processIncomingMessage(Engine.java:1654)
            at oracle.tip.b2b.transport.InterfaceListener.onMessageLocal(InterfaceListener.java:412)
            at oracle.tip.b2b.transport.InterfaceListener.onMessage(InterfaceListener.java:220)
            at oracle.tip.b2b.transport.basic.TransportServlet.doPost(TransportServlet.java:754)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
            at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
            at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
            at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
            at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
            at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
            at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
            at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
            at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
            at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
            at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
            at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
            at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
            at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
            at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
            at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
            at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
            at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    java.lang.NullPointerException
            at oracle.tip.b2b.packaging.SmimeSecureMessaging.verify(SmimeSecureMessaging.java:834)
            at oracle.tip.b2b.packaging.mime.MimePackaging.processSignedMultipartMessage(MimePackaging.java:1080)
            at oracle.tip.b2b.packaging.mime.MimePackaging.processMultipartMessage(MimePackaging.java:908)
            at oracle.tip.b2b.packaging.mime.MimePackaging.processMessageContent(MimePackaging.java:865)
            at oracle.tip.b2b.packaging.mime.MimePackaging.doUnpack(MimePackaging.java:780)
            at oracle.tip.b2b.packaging.mime.MimePackaging.unpack(MimePackaging.java:670)
            at oracle.tip.b2b.engine.Engine.processIncomingMessageImpl(Engine.java:1888)
            at oracle.tip.b2b.engine.Engine.processIncomingMessage(Engine.java:1654)
            at oracle.tip.b2b.transport.InterfaceListener.onMessageLocal(InterfaceListener.java:412)
            at oracle.tip.b2b.transport.InterfaceListener.onMessage(InterfaceListener.java:220)
            at oracle.tip.b2b.transport.basic.TransportServlet.doPost(TransportServlet.java:754)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
            at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
            at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
            at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
            at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
            at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
            at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
            at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
            at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
            at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
            at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
            at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
            at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
            at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
            at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
            at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
            at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
            at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
            at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
            at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    [2014-01-10T09:20:30.553-08:00] [soa_server1] [TRACE] [] [oracle.soa.b2b.engine] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c8ec097869f74d35:75fef00f:14379dde17a:-8000-0000000000080c34,0] [SRC_CLASS: oracle.tip.b2b.system.DiagnosticService] [APP: soa-infra] [SRC_METHOD: synchedLog_J] MimePackaging:processSignedMultipartMessage:Signature Verification failed
    [2014-01-10T09:20:30.585-08:00] [soa_server1] [TRACE] [] [oracle.soa.b2b.engine] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c8ec097869f74d35:75fef00f:14379dde17a:-8000-0000000000080c34,0] [SRC_CLASS: oracle.tip.b2b.system.DiagnosticService] [APP: soa-infra] [SRC_METHOD: synchedLog_J] Notification: notifyApp: payload = <Exception xmlns="http://integration.oracle.com/B2B/Exception" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">[[
      <correlationId>null</correlationId>
      <b2bMessageId>0A0A117A1437D2B5D520000017198417</b2bMessageId>
      <errorCode>B2B-51075</errorCode>
      <errorText>
      <![CDATA[Missing signer certificate.
      ]]>
    We used the following notes to guide the configuration:
    http://blog.darwin-it.nl/2012/11/b2b11g-with-apache-20-as-forward-proxy.html
    http://anuj-dwivedi.blogspot.sg/2010/10/enabling-ssl-on-oracle-b2b-11g.html
    Has anyone gotten AS2 communication to work through a reverse proxy?  We are not picking up any agreements or senders in the B2BConsole reports.
    Thanks,
    -Michael

    It turns out the trading partner provided the incorrect certificate.  Once they sent a new certificate (must be the one they use for signing), everything worked.

Maybe you are looking for

  • Error when open DMS document

    Dear DMS experts, After migration DMS server from one server to another an error has occurred in transaction CV03N when try open original document I got next error massage: File C:\temp\file_name cannot be created (Message no. 26172). This happens wh

  • Pairing iphone BT headset with Win XP Pro - questions

    Hi, i am trying to use my iphone headset with my windows XP computer to do VoIP. I am able to pair the BT headset with XP (at least it shows up connected in BT settings). But i cannot select it within my audio/microphone devices, also doesnt show up

  • Joining, NOT extending, a non-apple network

    I just bought an Airport Express (N) for the purpose of using it to do Airplay.  Just Airplay, no extending networks. I have a not-Apple network (ASUS router running Tomato), so I do not expect "extend" to work easily. When I ask airport utility (6.3

  • Date filed validation required..

    Hi All, I have date item like :P3_EVENT_START_DATE='02-FEB-2013' i need to do Validations for the following scenario example a):P3_EVENT_START_DATE=022-FEB-2013 =>DD IF Adding any number..need to throw error message.. b):P3_EVENT_START_DATE='02-FEBd-

  • LDAP and OID

    FYI: I am new to Oracle (<1 month), and new to APEX (<3 weeks) so forgive me if I am asking the obvious. I would like to have APEX authenticate against LDAP (active directory), and went about trying to set that up. Got all AD settings from our sys ad