My Oracle Support Banner

How to Use the Channel Setting and Virtual Host Setting to Make Two Way SSL Effective Only on the Virtual Host (Doc ID 2128931.1)

Last updated on SEPTEMBER 12, 2023

Applies to:

Oracle WebLogic Server - Version 12.1.2.0.0 and later
Information in this document applies to any platform.

Goal

To use Virtual Hosts to control the below scenario:

 

Scenario 1:

  • User A sends the request to server Server 1 using URL (e.g https://<hostname.domain>:<port1>/<app_name>/<loginpage>.jsp)
  • It must check the client certificate (two way SSL)

NOTE: In the URL above, <hostname.domain> is the virtual host name representing the localhost.  The IP address is different from the IP address used in Scenario 2

  

Scenario 2:

  • User B sends a request to server Server1 Using URL(e.g https://<ip_address>:<port1>/<app_name>/<loginpage>.jsp)
  • It will not check the client certificate (one way ssl)

NOTE: <ip_address> is the real IP address

 

Both of these scenarios can be configured by setting up the [Virtual Host] and [Channel] correctly.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
 1. Create two way SSL (If this was done previously, this step can be skipped)
 1.1 Configure WebLogic Server for One-Way SSL
 1.2 Two-way setup: Import the Trusted CA into the Keystore (e.g. create the client certificate)
 1.3 Configure Client Authentication for Weblogic
 1.4 Test you can access Weblogic via SSL
 2. Confirm one-way SSL is configured for the server
 3. Create network channels (e.g channel-0) for the use of two-way SSL(client-certificate-enforced)
 4, create a virtual host of WebLogic Server and set the network-access-point created in step 3


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.