Forum Discussion
NimbostratusF5 and oracle HTTPS server
Hi ,
Currently I am facing issue for oracle HTTPS web server and F5 LTM.Oracle HTTPS webserver configured to run on port 4443.
In F5 I have created virtual IP with 443 to load balance the traffic to port 4443.Pool member shows green colour and show UP. I have configured monitors TCP 4443 and it shows UP .However when we hit the traffic to port 443 in loadbalancer it does not diverting traffic to port 4443 in oracle web server.
when i try to access the webpage ----->F5 (SSL termination)-----no web page displayed in the client browser..i suspect oracle HTTPS server is using self signed cert and hence no proper decryption and encryption is not performed at F5.
I can notice the incoming traffic to load balancer under statistics page.All pool members are shown up.Monitor and http profile are configured.Certificate also imported and F5 throwing certificate to client browser successfully.
Please help...Thanks in advance
7 Replies
What_Lies_Bene1Cirrostratus
Is the OHS server expecting HTTPS connections? If so, have you configured a ServerSSL profile and assigned it to the Virtual Server too?To create wallet refer to : http://docs.oracle.com/cd/E25054_01/core.1111/e10105/wallets.htmCHDGIJDC
Further reference: http://docs.oracle.com/cd/E25054_01/core.1111/e10105/sslconfig.htmCBDGIJDF
You can create a new wallet with CSR (certificate signing req)
Send this to your certificate authority and get the signed server certificate.
Import the signed server cert and the trusted root cert in to the wallet that you created newly.
Modify ssl.conf to point to the new wallet location.
Hope this helps!
Regards,
Holly- nitass
Employee
when i try to access the webpage ----->F5 (SSL termination)-----no web page displayed in the client browsercan you post the virtual server and pool configuration?
tmsh list ltm virtual
tmsh list ltm pool 
Abuhasan_116587Thanks Steve.
Yes OHS server expecting HTTPS connections.It running on port https 4443.
I have noticed default server ssl profile is with no certificate and no key .Do i need to select this in the virtual server.
In this case F5 will act as SSL client and sending data to the web server.Again re-encryption takes place.If yes Appliance performance also shoots up.Am Am I correct?
webserver is using self signed certificate.
- nitassI have noticed default server ssl profile is with no certificate and no key .Do i need to select this in the virtual server.certificate and key in serverssl profile is used when server expects client (bigip) to present client certificate (client certificate authentication). if server does not perform client certificate authentication, setting it to none would work fine.
sol11220: Overview of the Server SSL profile
http://support.f5.com/kb/en-us/solutions/public/11000/200/sol11220.html - What_Lies_Bene1OK, so you definitely need to configure the VS with a ServerSSL profile. The default one should work just fine as is, as Nitass says, no need for a cert and key in this instance.
I'm not sure what your traffic level is so it's hard to be 100% sure but this shouldn't have a material impact on CPU and RAM resources, if you have a h/w appliance all the SSL processing is offloaded to a dedicated card. 
Rasool1224Dear All, I have oracle ebusiness server with only http and when i make redirection with https and 8000 port, then it does not properly and it is not redirected and also reports are not working with https
does any one has this kind of problem and solution thank you
