Monday, August 11, 2014

OHS 12c (12.1.3) and OHS 11g mod_wl_ohs.conf - SSL proxy setup

In this post , I will cover an important difference between OHS 11g and 12c mod

_wl_ohs.conf which which is used to establish ssl proxy for the backend services.


this is how 11g mod_wl_ohs.conf looks like for SSL proxy setup

------------------------------------------------------------------------------------------------------------------


<Proxy *>

Order deny,allow

Allow from all

</Proxy>


SSLProxyEngine on

#SSLProxyWallet /var/oracle/webserver/instances/ohsinstance/config/OHS/ohs1/keystores/ssl-proxy

SSLProxyWallet /app/oracle/ohswallets/apiwallet



<Location /appContext>

ProxyPass https://host1:ssl_port/appContext

ProxyPassReverse https://host1:ssl_port/appContext

</Location>

 ------------------------------------------------------------------------------------------------------------------


in 12c SSL v3 protocol is not supported by default so we have to use to TLS v1 to establish SSL connectivity with backend services.




SSLProxyEngine on

SSLProxyWallet /path_to_wallet_folder

SSLProxyProtocol TLSv1



<Location /appContext>

ProxyPass https://host1:ssl_port/appContext

ProxyPassReverse https://host1:ssl_port/appContext

</Location>



The above proxy config uses apache proxy but if we want to switch to oracle weblogic ohs proxy then the following config will be required


<IfModule weblogic_module>
<Location /app1/path1>
WLSRequest On
WebLogicHost hostname
WebLogicPort port
SecureProxy On
WLProxySSL On
WLSSLWallet "/path_to_wallet_folder"
</Location>
</IfModule>