Forum Discussion
francis_30400
Nimbostratus
NimbostratusSSL Connection Configuration between Apache Web server and Weblogic server
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL is configured
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: SSL configured successfully
Thu Nov 03 09:36:41 2011 <182413202842013> Using Uri /favicon.ico
Thu Nov 03 09:36:41 2011 <182413202842013> After trimming path: '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> The final request string is '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> SEARCHING id=[ebwdsk298.ebworx.com:7002] from current ID=[ebwdsk298.ebworx.com:7002]
Thu Nov 03 09:36:41 2011 <182413202842013> The two ids matched
Thu Nov 03 09:36:41 2011 <182413202842013> @@@FOUND...id=[ebwdsk298.ebworx.com:7002], server_name=[10.122.50.218], server_port=[80]
Thu Nov 03 09:36:41 2011 <182413202842013> attempt 0 out of a max of 5
Thu Nov 03 09:36:41 2011 <182413202842013> general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/favicon.ico'
Thu Nov 03 09:36:41 2011 <182413202842013> New SSL URL: match = 0 oid = 22
Thu Nov 03 09:36:41 2011 <182413202842013> Connect returns -1, and error no set to 10035, msg 'Unknown error'
Thu Nov 03 09:36:41 2011 <182413202842013> EINPROGRESS in connect() - selecting
Thu Nov 03 09:36:41 2011 <182413202842013> Setting peerID for new SSL connection
Thu Nov 03 09:36:41 2011 <182413202842013> 0a7a 3230 5a1b 0000 .z20Z...
Thu Nov 03 09:36:41 2011 <182413202842013> Local Port of the socket is 2121
Thu Nov 03 09:36:41 2011 <182413202842013> Remote Host 10.122.50.48 Remote Port 7002
Thu Nov 03 09:36:41 2011 <182413202842013> general list: created a new connection to '10.122.50.48'/7002 for '/favicon.ico', Local port:2121
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Connection]=[keep-alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> URL::sendHeaders(): meth='GET' file='/favicon.ico' protocol='HTTP/1.1'
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Host]=[10.122.50.218]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept]=[*/*]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Connection]=[Keep-Alive]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-SSL]=[false]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-Forwarded-For]=[10.122.50.48]
Thu Nov 03 09:36:41 2011 <182413202842013> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: No session match found
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: No CA was trusted, validation failed
Thu Nov 03 09:36:41 2011 <182413202841921> INFO: DeleteSessionCallback
Thu Nov 03 09:36:41 2011 <182413202842013> ERROR: SSLWrite failed
Thu Nov 03 09:36:41 2011 <182413202842013> SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp
Thu Nov 03 09:36:41 2011 <182413202842013> Marking 10.122.50.48:7002 as bad
Thu Nov 03 09:36:41 2011 <182413202842013> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 790 of ../nsapi/URL.cpp]: at line 3078
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Closing SSL context
Thu Nov 03 09:36:41 2011 <182413202842013> INFO: Error after SSLClose, socket may already have been closed by peer
Thu Nov 03 09:36:41 2011 <182413202842013> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()
1. Create a keystore(
SSLkey.jks
) for weblogic use.
2. Create a certificate signing request(certreq.pem) and sent to the trusted certificate authority.
3. Download Root CA(rootca.cer)
and signed certificate(supportcert.pem)
from certificate authority.
4. Import rootca.cer into a custom trust key store(supporttrust.jks).
5. Configure the Weblogic console -> keystores and ssl -> Custom identity and custom trust.
6. use SSLkey.jks as custom identity keystore and supporttrust as custom trust keystore.
7. Extract the trusted CA file from supporttrust.jks to trustedcafile.der
8. Convert trustedcafile.der into trustedcafile.pem
9. Copy trustedcafile.pem into
10. Configure httpd.conf in apache
LoadModule weblogic_module modules/mod_wl_20.so
Notes: replace [ to <
[IfModule mod_weblogic.c]
WebLogicHost abc
WebLogicPort 7002
SecureProxy ON
TrustedCAFile conf/ssl/trustedcafile.pem
RequireSSLHostMatch false
Debug ALL
WLLogFile logs/proxy.log
[/Ifmodule]
[
Location /secureWebAuth]
SetHandler weblogic-handler
[/Location]
Can anyone tell me what should i do in order to correct this error? Your help is kindly appreciate!!! Please~
- Chris_Miller
Altostratus
What's your traffic flow here? User -> LTM -> Apache -> Weblogic or User -> LTM -> Apache -> LTM -> Weblogic? Which parts do you want encrypted?
