Routing OHS to WLS and using Ports for OHS /SSL less than 1024 Causes OHS Start Error 'Cannot Load library: libopmnoraclessl.so'

(Doc ID 1081770.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Fusion Middleware - Version: 11.1.1.1.0 to 11.1.1.2.0
Information in this document applies to any platform.

Symptoms

When using FMW 11.1.1.2.0 to route outbound OHS SSL requests to WLS,  HTTP Server fails to start when OHS ports in httpd.conf or SSL ports in ssl.conf are less than 1024; the error_log shows the following errors:

ERROR
-----------------------
Oracle-HTTP-Server/2.2.13, Interface: mod_ssl/11.0.0.0.0
[Tue Mar 02 15:13:21 2010] [notice] Oracle WebLogic plugin build date/time:
Oct 28 2009 23:22:56. Change Number: 1013
[Tue Mar 02 15:13:21 2010] [info] mod_weblogic: init_mod: mpm is threaded.
[Tue Mar 02 15:13:21 2010] [notice] (20014)Internal error: OHS:410
mod_weblogic: ssl error: Cannot Load library: libopmnoraclessl.so\n

STEPS
-----------------------
The issue can be reproduced with the following steps:
1. Install Webtier with no WebLogic domain
2. Create a directory for your wallet
3. Create the new wallet with orapki:
4. Create a self signed certificate and store it in the new wallet:
5. Modify the SSLWallet in ssl.conf to point to the wallet directory.
6. Stop/Restart OHS
7. Test OHS from browser and this works.
8. Modify the mod_wl_ohs.conf
# This empty block is needed to save mod_wl related configuration from EM to
this file when changes are made at the Base Virtual Host Level

<IfModule weblogic_module>
   WebLogicHost <hostname.domain>
   WebLogicPort <wlsport>
   MatchExpression /*
   SecureProxy ON
  WLProxySSL ON
   WlSSLWallet "<wallet_location>"
   Debug ALL
   DebugConfigInfo ON
   WLLogFile <location to log file> weblogic.log
</IfModule>

9. Change httpd.conf and ssl.conf to have ports less than 1024, then modify
the .apachectl script to be root and modify permissions to be 6750.
10. Stop/Restart OHS
11. HTTP Server fails to start.

BUSINESS IMPACT
-----------------------
Due to this issue, the HTTP Server can not start and OHS can not be used.

Changes

The ports for OHS and SSL are less than 1024, and the .apachectl script is owned by root and the permissions are 6750.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms