1. Install Apache HTTP server (Version 2.2.29).
Note - Installation might need 'root'
Here is the Apache reference doc for Installation (http://httpd.apache.org/docs/2.2/install.html)
Download required version of Apache software distribution from nearest mirror site (Mirror I used)
http://mirrors.sonic.net/apache/httpd/httpd-2.2.29.tar.gz
2. Configure
./configure --prefix=/opt/apache2.x --with-ldap --enable-mods-shared="all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache isapi suexec" --enable-rewrite=shared --enable-mime-magic --enable-info --enable-speling --enable-usertrack --enable-example --enable-maintainer-mode
Error - You may face below Error..
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
configure:
configure: Configuring Apache Portable Runtime library...
configure:
checking for APR... no
configure: error: APR not found. Please read the documentation.
Solution -
You got to download and place .APR files (Apache Portable Runtime Project files) into 'srclib' dir.
1.
cd srclib/
[root@localhost srclib]# wget http://www-us.apache.org/dist//apr/apr-1.5.2.tar.gz
--2016-05-26 13:54:21-- http://www-us.apache.org/dist//apr/apr-1.5.2.tar.gz
Resolving www-us.apache.org... 140.211.11.105
Connecting to www-us.apache.org|140.211.11.105|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1031613 (1007K) [application/x-gzip]
Saving to: “apr-1.5.2.tar.gz”
100%[===================================================================================================================================================>] 1,031,613 1.37M/s in 0.7s
2016-05-26 13:54:22 (1.37 MB/s) - “apr-1.5.2.tar.gz” saved [1031613/1031613]
Download & Repeat the same process for APR-Util if it complaints.
checking for APR-util... no
configure: error: APR-util not found. Please read the documentation.
wget http://www-us.apache.org/dist//apr/apr-util-1.5.4.tar.gz
mv apr-util-1.5.4 apr-util
First download and install the dependencies as follows-
Download and install apr-
Wget http://apache.osuosl.org//
mkdir -p ./srclib/apr
tar vxfz apr-1.4.6.tar.gz -C ./srclib/apr
cd srclib/apr
./configure
make
make install
Download and install apr-util-
mkdir ./srclib/apr-util
wget http://apache.petsads.us//
tar xfj apr-util-1.4.1.tar.bz2 –C ./srclib/apr-util
cd srclib/apr-util
./configure --with-apr=/usr/local/apr
make
make install
download and install pcre-
wget http://sourceforge.net/pro
tar xfj pcre-8.30.tar.bz2
cd pcrc-8.30
./configure
make
make install
(I had a problem installing pcre.. I downloaded the gcc-c++ compiler which I believe is what fixed it "yum install -y gcc-c++". I also downloaded/updated libtools "yum install -y libtools" so that possibly could be it, but I'm pretty sure it was the gcc-c++ compiler that did the trick. Had to run ./configure again after.)
Error - configure: error: no acceptable C compiler found in $PATH
When we run into the above issue says C compiler or other required system level binaries or libraries are missing which required to compile and configure apache sources.
Recommend to install all development tools -
yum groupinstall "Development Tools"
Now for Apache itself..
Download and unpack apache-
wget http://download.nextag.com
tar xjfv httpd-2.4.2.tar.bz2
cd httpd-2.4.2
./configure
make
make install
3. make
4. make install
Note - When we re-run the Apache installation with updated modules, sometimes you may run into libtool error
Error :
Solution : run below command before 'make install'
make clean
Issue#2 : you may run into below error while starting Apache instance after loaded weblogic shared Object files:
[root@NA9F2RFV1 bin]# ./apachectl -k start
httpd: Syntax error on line 126 of /opt/thirdparty/Middleware/apache2.x/conf/httpd.conf: Cannot load /opt/thirdparty/Middleware/apache2.x/modules/mod_wl_22.so into server: libstdc++.so.5: cannot open shared object file: No such file or directory
[root@NA9F2RFV1 bin]# yum install libstdc++.sh.5
Solution :
Run below Command to install dependent libraries.
For Reference - http://vdudi.blogspot.com/2013/06/ugrade-apache-from-1x-to-22-and-bea.html
sudo yum install compat-libstdc++-33.x86_64
>Installing : compat-libstdc++-33-3.2.3-69.el6.x86_64 1/1
>Verifying : compat-libstdc++-33-3.2.3-69.el6.x86_64 1/1
>Installed:
>compat-libstdc++-33.x86_64 0:3.2.3-69.el6
Issue 3:
you may see below error while restart Apache.
[root@NA9F2RFV1 bin]# ./apachectl -k stop
httpd: Could not reliably determine the server's fully qualified domain name, using NA9F2RFV1.localdomain for ServerName
Solution :
you need to add 'hostname' to /etc/hosts file
127.0.0.1 NA9F2RFV1.localdomain localhost localhost4 localhost4.localdomain4
::1 NA9F2RFV1.localdomain localhost localhost6 localhost6.localdomain6
5. vi $APACHE_HOME/conf/httpd.conf
a) Load weblogic module
copy shared object file into $Apache_Home/modules directory. choose the correct .so file based on the Apache version and OS (32 bit/64 bit)
you can copy these .so files from weblogic distribution ($WLS_HOME/wlserver_10.3/server/plugin/)
LoadModule weblogic_module modules/mod_wl_22.so
6. Define IF module for Weblogic
<IfModule mod_weblogic.c>
WebLogicHost 192.168.56.101
WebLogicPort 7001
MatchExpression /console
MatchExpression *.jsp
MatchExpression *.html
ConnectTimeoutSecs 10
ConnectRetrySecs 2
WLIOTimeoutSecs 300
Idempotent ON
KeepAliveEnabled ON
#WLProxySSL ON/OFF ( ON for opening apache to access SSL - via Https)
Debug ALL
WLLogFile /opt/apache2.x/logs/wl-proxy.log
</IfModule>
http://www.thegeekstuff.com/2011/03/install-apache2-ssl/
http://www.thegeekstuff.com/2009/07/linux-apache-mod-ssl-generate-key-csr-crt-file/
Note - After you generate certs and configure Apache to access over https, you may see below issue in browser.
*******************************
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
*******************************
To have HTTP (non-ssl working) between apache plugin and weblogic, you need to enable this option
"WebLogic Plug-In Enabled" using weblogic console under Servers > AdminServer > General > Advanced.
1. Generate a private key
jdk_home\bin\keytool -genkey -alias <your_alias_name> -keyalg RSA -keystore <your_keystore_filename>
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -genkey -alias sslcert -keyalg RSA -keysize 2048 -keystore mykeystore.jks
Note – use key size 2048, Sometimes it may complain based on new cryptography rules.
2. Generate a certificate request (CSR file).
jdk_home\bin\keytool -certreq -keyalg RSA -alias <your_alias_name> -file certreq.csr -keystore <your_keystore_filename>
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -certreq -keyalg RSA -alias sslcert -file certreq.csr -keystore mykeystore.jks
3. Get CSR signed by trusted Authority (Verisign in this case)
Paste the csr file and get the trail certificate(save as public.pem) and intermediate CA (save as intermediate.pem) and Root CA (save as rootCA.pem) from the email sent from Verisign website( http://www.symantec.com/ssl-certificates/?inid=vrsn_symc_ssl_index&searchdomain=google.com&searchterms=
4. Import Certificates into keystores:
1. Import CA into keystore:
keytool -import -alias verisignCA -file CA.pem -keystore <your_keystore_filename> -trustcacerts
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -import -alias rootCA -file rootCA.pem -keystore mykeystore.jks –trustcacerts
2. Import intermediate CA into keystore:
keytool -import -alias verisignIntermediateCA -file Intermediate.pem -keystore <your_keystore_filename> -trustcacerts
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -import -alias intermediateCA -file intermediateCA.pem -keystore mykeystore.jks –trustcacerts
3. Import the public key into your keystore. It will go on the same alias as the private key:
keytool -import -alias <your_alias_name> -file public.pem -keystore <your_keystore_filename> -trustcacerts
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -import -alias localhost -file public.pem -keystore mykeystore.jks –trustcacerts
4. To view the keystore:
keytool -list -keystore mykeystore.jks -v
5. keystore configuration in weblogic console.
From the Admin console, go to your server page, and in the Keystore & SSL tab choose:
Custom Identity and Custom Trust
Custom Identity
Custom Identity Key Store File Name: <your_keystore_filename> ( Ex -/opt/thirdparty/Middleware/Oracle/certs/myKeystore.jks)
Custom Identity Key Store Type: jks
Custom Identity Key Store Pass Phrase: <your password>
Confirm Custom Identity Key Store Pass Phrase: <your password>
Custom Trust
Custom Trust Key Store File Name: <your_keystore_filename> ( Ex -/opt/thirdparty/Middleware/Oracle/certs/myKeystore.jks)
Custom Trust Key Store Type: jks
Custom Trust Key Store Pass Phrase: <your password>
Confirm Custom Trust Key Store Pass Phrase: <your password>
Go to SSL TAB :
Private Key Alias: <your_alias_name>
Passphrase: password
Confirm Passphrase: password
<Aug 4, 2009 7:19:17 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000298>
<Certificate expires in 14 days: [
[
Version: V3
Subject: CN=localhost, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=oracle,
O=oracle, L=BANG, ST=KA, C=IN
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus:
1005070948376358074374236852403785592182590705370591472921278852507162691666556315447504840297044217
406796806
8632923437196828010145594050195432044329126731123133367158479667242853741709746093197774813648593717
91639176198708507422
56868100626678565588940082002286028558797528920106552889565563824202336798115363
public exponent: 65537
Validity: [From: Tue Aug 04 05:30:00 GMT+05:30 2009,
To: Wed Aug 19 05:29:59 GMT+05:30 2009]
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at
https://www.verisign.com/cps/testca (c)09, OU="For
Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
SerialNumber: [ 5f8db365 ede6fd4b fbd717f2 48b0804f]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 62 30 60 A1 5E A0 5C 30 5A 30 58 30 56 16 09 .b0`.^.Z0X0V..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 4B 6B B9 28 96 06 0C BB .+......Kk.(....
0030: D0 52 38 9B 29 AC 4B 07 8B 21 05 18 30 26 16 24 .R8.).K..!..0&.$
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 31 sign.com/vslogo1
0060: 2E 67 69 66 .gif
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 17 13 8A BD D6 A2 B5 DC 06 2C B7 B6 8E DA 10 (.........,.....
0010: 66 60 6E E5 f`n.
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRTrial-G2-crl.verisign.com/SVRTrialG2.crl]
]]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.21]
Goto certification Path and select Root Certificate. View the certificate and copy to file MyWeblogicCAToTrust.cer in a particular location, say (/opt/thirdparty/Middleware/Oracle/certs)
6. Convert this .crt into .pem
openssl x509 -inform der -in MyWeblogicCAToTrust.cer -out MyWeblogicCAToTrust.pem
Apache Plugin Configuration:
In My httpd.conf file, Please have these parameters.
<IfModule mod_weblogic.c>
WebLogicHost 192.168.56.101
WebLogicPort 7002 (SSL Port)
MatchExpression /console
MatchExpression *.jsp
MatchExpression *.html
ConnectTimeoutSecs 10
ConnectRetrySecs 2
WLIOTimeoutSecs 300
Idempotent OFF
KeepAliveEnabled ON
#WLProxySSL ON/OFF ( ON for opening apache to access SSL – via Https)
SecureProxy ON
TrustedCAFile /opt/thirdparty/Middleware/Oracle/certs/MyWeblogicCAToTrust.pem
RequireSSLHostMatch false
EnforceBasicConstraints OFF
WLProxySSL ON
Debug ALL
WLLogFile logs/wlproxy.log
</IfModule>
Error
You might notice below error in Apache error log while accessing https: apache url
[Wed Dec 10 13:55:26 2014] [error] [client 192.168.56.1] ap_proxy: trying GET /console at backend host '192.168.56.101/7002; got exception 'WRITE_ERROR_TO_SERVER [os error=0, line 806 of ../nsapi/URL.cpp]: '
Solution :
Convert this .crt into .pem
openssl x509 -inform der -in MyWeblogicCAToTrust.cer -out MyWeblogicCAToTrust.pem
Note : Import the CA.pem for apache and weblogic in the browser using content-> certificate-> Import-> Autoselect store based on type of cert- option.
Configuration Complete!!
Apache-Weblogic SSL
- Srikanth Govada
Note - Installation might need 'root'
Here is the Apache reference doc for Installation (http://httpd.apache.org/docs/2.2/install.html)
Download required version of Apache software distribution from nearest mirror site (Mirror I used)
http://mirrors.sonic.net/apache/httpd/httpd-2.2.29.tar.gz
2. Configure
./configure --prefix=/opt/apache2.x --with-ldap --enable-mods-shared="all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache isapi suexec" --enable-rewrite=shared --enable-mime-magic --enable-info --enable-speling --enable-usertrack --enable-example --enable-maintainer-mode
Error - You may face below Error..
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
configure:
configure: Configuring Apache Portable Runtime library...
configure:
checking for APR... no
configure: error: APR not found. Please read the documentation.
You got to download and place .APR files (Apache Portable Runtime Project files) into 'srclib' dir.
1.
cd srclib/
[root@localhost srclib]# wget http://www-us.apache.org/dist//apr/apr-1.5.2.tar.gz
--2016-05-26 13:54:21-- http://www-us.apache.org/dist//apr/apr-1.5.2.tar.gz
Resolving www-us.apache.org... 140.211.11.105
Connecting to www-us.apache.org|140.211.11.105|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1031613 (1007K) [application/x-gzip]
Saving to: “apr-1.5.2.tar.gz”
100%[===================================================================================================================================================>] 1,031,613 1.37M/s in 0.7s
2016-05-26 13:54:22 (1.37 MB/s) - “apr-1.5.2.tar.gz” saved [1031613/1031613]
2.
Extract the .gz
tar xvfz apr-1.5.2.tar.gz
3. Rename apr-1.5.2 to apr
mv apr-1.5.2 apr
Download & Repeat the same process for APR-Util if it complaints.
checking for APR-util... no
configure: error: APR-util not found. Please read the documentation.
wget http://www-us.apache.org/dist//apr/apr-util-1.5.4.tar.gz
mv apr-util-1.5.4 apr-util
First download and install the dependencies as follows-
Download and install apr-
Wget http://apache.osuosl.org//
mkdir -p ./srclib/apr
tar vxfz apr-1.4.6.tar.gz -C ./srclib/apr
cd srclib/apr
./configure
make
make install
Download and install apr-util-
mkdir ./srclib/apr-util
wget http://apache.petsads.us//
tar xfj apr-util-1.4.1.tar.bz2 –C ./srclib/apr-util
cd srclib/apr-util
./configure --with-apr=/usr/local/apr
make
make install
download and install pcre-
wget http://sourceforge.net/pro
tar xfj pcre-8.30.tar.bz2
cd pcrc-8.30
./configure
make
make install
(I had a problem installing pcre.. I downloaded the gcc-c++ compiler which I believe is what fixed it "yum install -y gcc-c++". I also downloaded/updated libtools "yum install -y libtools" so that possibly could be it, but I'm pretty sure it was the gcc-c++ compiler that did the trick. Had to run ./configure again after.)
Error - configure: error: no acceptable C compiler found in $PATH
When we run into the above issue says C compiler or other required system level binaries or libraries are missing which required to compile and configure apache sources.
Recommend to install all development tools -
yum groupinstall "Development Tools"
Now for Apache itself..
Download and unpack apache-
wget http://download.nextag.com
tar xjfv httpd-2.4.2.tar.bz2
cd httpd-2.4.2
./configure
make
make install
3. make
4. make install
Note - When we re-run the Apache installation with updated modules, sometimes you may run into libtool error
Error :
libtool: install: error: cannot install `libaprutil-1.la' to a directory not
ending in /usr/local/apache2/libSolution : run below command before 'make install'
make clean
Issue#2 : you may run into below error while starting Apache instance after loaded weblogic shared Object files:
[root@NA9F2RFV1 bin]# ./apachectl -k start
httpd: Syntax error on line 126 of /opt/thirdparty/Middleware/apache2.x/conf/httpd.conf: Cannot load /opt/thirdparty/Middleware/apache2.x/modules/mod_wl_22.so into server: libstdc++.so.5: cannot open shared object file: No such file or directory
[root@NA9F2RFV1 bin]# yum install libstdc++.sh.5
Solution :
Run below Command to install dependent libraries.
For Reference - http://vdudi.blogspot.com/2013/06/ugrade-apache-from-1x-to-22-and-bea.html
sudo yum install compat-libstdc++-33.x86_64
>Installing : compat-libstdc++-33-3.2.3-69.el6.x86_64 1/1
>Verifying : compat-libstdc++-33-3.2.3-69.el6.x86_64 1/1
>Installed:
>compat-libstdc++-33.x86_64 0:3.2.3-69.el6
Issue 3:
you may see below error while restart Apache.
[root@NA9F2RFV1 bin]# ./apachectl -k stop
httpd: Could not reliably determine the server's fully qualified domain name, using NA9F2RFV1.localdomain for ServerName
Solution :
you need to add 'hostname' to /etc/hosts file
127.0.0.1 NA9F2RFV1.localdomain localhost localhost4 localhost4.localdomain4
::1 NA9F2RFV1.localdomain localhost localhost6 localhost6.localdomain6
5. vi $APACHE_HOME/conf/httpd.conf
a) Load weblogic module
copy shared object file into $Apache_Home/modules directory. choose the correct .so file based on the Apache version and OS (32 bit/64 bit)
you can copy these .so files from weblogic distribution ($WLS_HOME/wlserver_10.3/server/plugin/)
LoadModule weblogic_module modules/mod_wl_22.so
6. Define IF module for Weblogic
<IfModule mod_weblogic.c>
WebLogicHost 192.168.56.101
WebLogicPort 7001
MatchExpression /console
MatchExpression *.jsp
MatchExpression *.html
ConnectTimeoutSecs 10
ConnectRetrySecs 2
WLIOTimeoutSecs 300
Idempotent ON
KeepAliveEnabled ON
#WLProxySSL ON/OFF ( ON for opening apache to access SSL - via Https)
Debug ALL
WLLogFile /opt/apache2.x/logs/wl-proxy.log
</IfModule>
Configure SSL for Apache
http://www.thegeekstuff.com/2011/03/install-apache2-ssl/
http://www.thegeekstuff.com/2009/07/linux-apache-mod-ssl-generate-key-csr-crt-file/
Note - After you generate certs and configure Apache to access over https, you may see below issue in browser.
*******************************
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
*******************************
To have HTTP (non-ssl working) between apache plugin and weblogic, you need to enable this option
"WebLogic Plug-In Enabled" using weblogic console under Servers > AdminServer > General > Advanced.
Configure SSL between Apache and Weblogic11g (Using Trusted CA)
Web Logic Server Configuration
1. Generate a private key
jdk_home\bin\keytool -genkey -alias <your_alias_name> -keyalg RSA -keystore <your_keystore_filename>
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -genkey -alias sslcert -keyalg RSA -keysize 2048 -keystore mykeystore.jks
Note – use key size 2048, Sometimes it may complain based on new cryptography rules.
2. Generate a certificate request (CSR file).
jdk_home\bin\keytool -certreq -keyalg RSA -alias <your_alias_name> -file certreq.csr -keystore <your_keystore_filename>
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -certreq -keyalg RSA -alias sslcert -file certreq.csr -keystore mykeystore.jks
3. Get CSR signed by trusted Authority (Verisign in this case)
Paste the csr file and get the trail certificate(save as public.pem) and intermediate CA (save as intermediate.pem) and Root CA (save as rootCA.pem) from the email sent from Verisign website( http://www.symantec.com/ssl-certificates/?inid=vrsn_symc_ssl_index&searchdomain=google.com&searchterms=
4. Import Certificates into keystores:
1. Import CA into keystore:
keytool -import -alias verisignCA -file CA.pem -keystore <your_keystore_filename> -trustcacerts
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -import -alias rootCA -file rootCA.pem -keystore mykeystore.jks –trustcacerts
2. Import intermediate CA into keystore:
keytool -import -alias verisignIntermediateCA -file Intermediate.pem -keystore <your_keystore_filename> -trustcacerts
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -import -alias intermediateCA -file intermediateCA.pem -keystore mykeystore.jks –trustcacerts
3. Import the public key into your keystore. It will go on the same alias as the private key:
keytool -import -alias <your_alias_name> -file public.pem -keystore <your_keystore_filename> -trustcacerts
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -import -alias localhost -file public.pem -keystore mykeystore.jks –trustcacerts
4. To view the keystore:
keytool -list -keystore mykeystore.jks -v
5. keystore configuration in weblogic console.
From the Admin console, go to your server page, and in the Keystore & SSL tab choose:
Custom Identity and Custom Trust
Custom Identity
Custom Identity Key Store File Name: <your_keystore_filename> ( Ex -/opt/thirdparty/Middleware/Oracle/certs/myKeystore.jks)
Custom Identity Key Store Type: jks
Custom Identity Key Store Pass Phrase: <your password>
Confirm Custom Identity Key Store Pass Phrase: <your password>
Custom Trust
Custom Trust Key Store File Name: <your_keystore_filename> ( Ex -/opt/thirdparty/Middleware/Oracle/certs/myKeystore.jks)
Custom Trust Key Store Type: jks
Custom Trust Key Store Pass Phrase: <your password>
Confirm Custom Trust Key Store Pass Phrase: <your password>
Go to SSL TAB :
Private Key Alias: <your_alias_name>
Passphrase: password
Confirm Passphrase: password
- Restart your server and now try https://localhost:7002/console
- You should see the following while server starts up:
<Aug 4, 2009 7:19:17 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000298>
<Certificate expires in 14 days: [
[
Version: V3
Subject: CN=localhost, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=oracle,
O=oracle, L=BANG, ST=KA, C=IN
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus:
1005070948376358074374236852403785592182590705370591472921278852507162691666556315447504840297044217
406796806
8632923437196828010145594050195432044329126731123133367158479667242853741709746093197774813648593717
91639176198708507422
56868100626678565588940082002286028558797528920106552889565563824202336798115363
public exponent: 65537
Validity: [From: Tue Aug 04 05:30:00 GMT+05:30 2009,
To: Wed Aug 19 05:29:59 GMT+05:30 2009]
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at
https://www.verisign.com/cps/testca (c)09, OU="For
Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
SerialNumber: [ 5f8db365 ede6fd4b fbd717f2 48b0804f]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 62 30 60 A1 5E A0 5C 30 5A 30 58 30 56 16 09 .b0`.^.Z0X0V..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 4B 6B B9 28 96 06 0C BB .+......Kk.(....
0030: D0 52 38 9B 29 AC 4B 07 8B 21 05 18 30 26 16 24 .R8.).K..!..0&.$
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 31 sign.com/vslogo1
0060: 2E 67 69 66 .gif
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 17 13 8A BD D6 A2 B5 DC 06 2C B7 B6 8E DA 10 (.........,.....
0010: 66 60 6E E5 f`n.
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRTrial-G2-crl.verisign.com/SVRTrialG2.crl]
]]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.21]
- Click the lock icon in the bottom right of the screen and view the certificate.
Goto certification Path and select Root Certificate. View the certificate and copy to file MyWeblogicCAToTrust.cer in a particular location, say (/opt/thirdparty/Middleware/Oracle/certs)
6. Convert this .crt into .pem
openssl x509 -inform der -in MyWeblogicCAToTrust.cer -out MyWeblogicCAToTrust.pem
Apache Plugin Configuration:
In My httpd.conf file, Please have these parameters.
<IfModule mod_weblogic.c>
WebLogicHost 192.168.56.101
WebLogicPort 7002 (SSL Port)
MatchExpression /console
MatchExpression *.jsp
MatchExpression *.html
ConnectTimeoutSecs 10
ConnectRetrySecs 2
WLIOTimeoutSecs 300
Idempotent OFF
KeepAliveEnabled ON
#WLProxySSL ON/OFF ( ON for opening apache to access SSL – via Https)
SecureProxy ON
TrustedCAFile /opt/thirdparty/Middleware/Oracle/certs/MyWeblogicCAToTrust.pem
RequireSSLHostMatch false
EnforceBasicConstraints OFF
WLProxySSL ON
Debug ALL
WLLogFile logs/wlproxy.log
</IfModule>
Error
You might notice below error in Apache error log while accessing https: apache url
[Wed Dec 10 13:55:26 2014] [error] [client 192.168.56.1] ap_proxy: trying GET /console at backend host '192.168.56.101/7002; got exception 'WRITE_ERROR_TO_SERVER [os error=0, line 806 of ../nsapi/URL.cpp]: '
Solution :
Convert this .crt into .pem
openssl x509 -inform der -in MyWeblogicCAToTrust.cer -out MyWeblogicCAToTrust.pem
Note : Import the CA.pem for apache and weblogic in the browser using content-> certificate-> Import-> Autoselect store based on type of cert- option.
Configuration Complete!!
Apache-Weblogic SSL
- Srikanth Govada
Reblogged this on SutoCom Solutions.
ReplyDelete