How to Terminate SSL at LBR, Another HTTP Server, Web Cache or OHS 11g - Including Steps for WLS Plugin (mod_wl_ohs) (Doc ID 1569732.1)

Last updated on MARCH 15, 2017

Applies to:

Oracle HTTP Server - Version 11.1.1.2.0 and later
Web Cache - Version 11.1.1.2.0 and later
Oracle WebLogic Server - Version 10.3.2 and later
Oracle Fusion Middleware - Version 11.1.1.2.0 and later
Information in this document applies to any platform.

Goal

How to Terminate SSL at Load Balancer, Web Cache or OHS 11g - Including Steps for WLS Plugin (mod_wl_ohs)

 

Disclaimer:
Steps in this document were not formally tested by all Oracle product or application teams. Therefore, there may be issues and it may not be supported in all cases. Especially older products and applications where error correction support has expired and bugs cannot be filed.  Where Oracle HTTP Server is concerned, it was only tested using OHS 11.1.1.7 where WLS version is 10.3.6 and appears to work for most applications. Some applications may make use of other redirection and dynamic generation mechanisms to produce incorrect URLs during processing. Known issues tracked at bottom of this document. If there are issues with applications built by Oracle, open a Service Request with the product/application team.

Oracle Documentation
Oracle Support has worked with Oracle Doc team to have this topology or security configuration officially documented:

Oracle Fusion Middleware Administering Oracle HTTP Server 11g (11.1.1.9)
8.4 Terminating SSL Requests
https://docs.oracle.com/middleware/11119/webtier/administer-ohs/security.htm#CDDHFDBE

Oracle Fusion Middleware Administering Oracle HTTP Server 12c (12.1.3)
8.6 Terminating SSL Requests
http://docs.oracle.com/middleware/1213/webtier/HSADM/man_logs.htm#HSADM1265

Oracle Fusion Middleware Administering Oracle HTTP Server 12c (12.2.1)
8.7 Terminating SSL Requests
http://docs.oracle.com/middleware/1221/webtier/administer-ohs/man_logs.htm#HSADM1265

New Doc Bug:
<Bug 21884288> - TERMINATING SSL STEPS FOR 12c ARE IN LOGGING CHAPTER

  
         

Overview and Prerequisites

In order to terminate SSL, you must consider your entire topology. This includes OHS in general and the WLS Plugin. In most cases, 11g users are also using the WLS PLugin. A Load Balancer (LBR), Oracle WebLogic Server (WLS) and the application being processed may have an extra requirement to ensure the processing stays https, as intended. You may also be serving pages from OHS using other modules, you may have Oracle Web Cache.

The reasons to terminate SSL are for performance when an internal network is otherwise protected with no risk of a third-party intercepting data within the communication. The first question to ask is what is the entire request flow in your topology and where you would like SSL terminated, meaning where https communication will stop and only http will be used.

It is assumed the following is understood and accomplished beforehand as you need a working page on OHS using mod_wl_ohs where a Java application is deployed to WLS:   

    

1. If you are going to terminate SSL at OHS, ensure Oracle HTTP Server 11g is properly configured and working with SSL (mod_ossl):


    <Note 1226933.1> Configuring Oracle HTTP Server to use SSL in Fusion Middleware 11g (11.1.1.x)

 

2. Ensure Oracle HTTP Server 11g is properly configured and working with the WLS Plugin (mod_wl_ohs):

    <Note 1316142.1> How To Configure mod_wl_ohs with Oracle HTTP Server and Oracle WebLogic Server

3. You may need to simplify your requests at first and then determine other application requirements. The following may be used to set up a basic application:

    <Note 1377400.1> Install Sanity Check: How To Deploy A Basic J2EE Application To Confirm Your WebLogic Domain Is Functional





 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms