This article provides detailed steps to configure Apache with SSL in a WLS environment.
This process will successfully setup SSL communication between the client (browser) and the Apache Web Server as well as SSL (https) communication between the Apache Web Server and the WebLogic Server.
At a high level, the following steps are implemented:
1. Create a valid certificate from Verisign.
2. Configure Apache plugin to use SSL using the new certificate.
3. Configure WLS to use the new certificate.
4. Test SSL proxy request to WLS.
Apache configuration
1. Install Apache 2.2.
2. Include the following in httpd.conf file:
LoadModule weblogic_module modules/mod_wl_22.so
Note that this filename is different in different versions of the WebLogic plug-in: change the filename as needed for your version.
3. Copy the mod_wl_22.so from the folder:
4. Note that this filename is different in different versions of the WebLogic plug-in: change the filename as needed for your version.
5. Uncomment LoadModule ssl_module modules/mod_ssl.so in httpd.conf
6. Uncomment include conf/extra/httpd-ssl.conf in httpd.conf.
7. Now run the following commands in apache:
set OPENSSL_CONF=F:\apache2.2\conf\openssl.cnf
> />openssl genrsa -des3 -out localhost.key 1024
Enter pass phrase:
> />openssl req -new -key localhost.key -out localhost.csr> />> />
It will generate the CSR file. Place the CSR file in a particular folder.
8. Go to the Verisign website and enter personal information. It will ask for the CSR. Please enter the above CSR and the root CN information.
9. Verisign will send a mail with intermediate certificate, public certificate and root CA.
10. Once included, you must comment for Windows:#SSLPassPhraseDialog builtin
11. Include the following:
SSLCertificateFile "
SSLCertificateKeyFile "
SSLCertificateChainFile "
And comment other similar entries.
12. Test https://localhost/index.html: it will work.
WebLogic Server Configuration
1. Generate a private key
2. Generate a certificate request (CSR file).
3. Paste the csr file and get the trail certificate(save as public.pem) and intermediate CA (save as intermediate.pem) and Root CA (save as CA.pem) from the email sent from Verisign website.
4. Import root CA into keystore:
5. Import intermediate CA into keystore:
6. Import the public key into your keystore. It will go on the same alias as the private key:
7. From the Admin console, go to your server page, and in the Keystore & SSL tab choose: Custom Identity and Custom Trust
8. Restart your server and now try https://localhost:7002/console
WebLogic Server Apache Plugin Configuration
1. Configure the following in Apache httpd configuration.
WebLogicHost myip
WebLogicPort myport
SecureProxy ON
TrustedCAFile "
RequireSSLHostMatch false
EnforceBasicConstraints OFF
Debug ALL
WLLogFile
SetHandler weblogic-handler
SetHandler weblogic-handler
2. Access http://localhost:7001/console
3. Import the CA.pem for apache and weblogic in the browser using content-> certificate-> Import-> Autoselect store based on type of cert- option.
Configuration Complete!!
No comments:
Post a Comment