tag:blogger.com,1999:blog-2592381182145606344.post8833636968477044240..comments2023-11-08T11:39:39.159+01:00Comments on Maxence's technical corner: How to configure WebLogic to use SSL with Apache ?Maxence Buttonhttp://www.blogger.com/profile/03432797928549149364noreply@blogger.comBlogger19125tag:blogger.com,1999:blog-2592381182145606344.post-35376981124254576072016-06-09T12:31:30.354+02:002016-06-09T12:31:30.354+02:00can you tell me, from where you get server.pem fil...can you tell me, from where you get server.pem file used in httpd.confARVINDhttps://www.blogger.com/profile/09800416180182904738noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-14699292787556678572015-08-05T10:05:23.426+02:002015-08-05T10:05:23.426+02:00Elaine,
I am also getting the same error, did you...Elaine,<br /><br />I am also getting the same error, did you resolve the problem? Please let me know how to fx this.<br /><br />Thank Youmiddlewareinfohttps://www.blogger.com/profile/01677706510237089381noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-27320447609371174012015-07-06T17:46:48.051+02:002015-07-06T17:46:48.051+02:00anyone know about this error??
I'm using Thawt...anyone know about this error??<br />I'm using Thawte Trial Version and I'm hitting the below issue<br /><br />Hdrs to WLS:[X-WebLogic-Request-ClusterInfo]=[true]<br />Mon Jul 6 20:02:40 2015 <1587814361841601> INFO: SSL certificate chain validation failed: -6986<br />Mon Jul 6 20:02:40 2015 <1587814361841601> trusted certs = 1<br />Mon Jul 6 20:02:40 2015 <1587814361841601> dumping cert chain<br />Mon Jul 6 20:02:40 2015 <1587814361841601> commonName is thawte Trial Secure Server Root CA<br />Mon Jul 6 20:02:40 2015 <1587814361841601> commonName is thawte Trial Secure Server CA - G2<br />Mon Jul 6 20:02:40 2015 <1587814361841601> commonName is testcomp<br />Mon Jul 6 20:02:40 2015 <1587814361841601> ERROR: SSLWrite failed<br />Mon Jul 6 20:02:40 2015 <1587814361841601> SEND failed (ret=-1) at 805 of file ../nsapi/URL.cpp<br />Mon Jul 6 20:02:40 2015 <1587814361841601> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 806 of ../nsapi/URL.cpp<br />Mon Jul 6 20:02:40 2015 <1587814361841601> Marking 172.16.3.120:7061 as bad<br />Mon Jul 6 20:02:40 2015 <1587814361841601> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 806 of ../nsapi/URL.cpp]: at line 3152<br />Mon Jul 6 20:02:40 2015 <1587814361841601> INFO: Closing SSL context<br />Mon Jul 6 20:02:40 2015 <1587814361841601> Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()Anonymoushttps://www.blogger.com/profile/17056767071523020524noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-28889980782259046292012-11-04T14:45:06.900+01:002012-11-04T14:45:06.900+01:00Thank you Max...Has been trying 2 way ssl ihs7-wl1...Thank you Max...Has been trying 2 way ssl ihs7-wl10350 quite some time(embarrassed to say how much)..This worrkkked like charm...first attempt!!!<br />Thanks a lot!!<br /><br />regards,<br />ranjith...Anonymoushttps://www.blogger.com/profile/05515433788792460102noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-91630002183169389602011-11-03T06:40:47.361+01:002011-11-03T06:40:47.361+01:00Hi Max,
Can this be apply on Weblogic 8.1? I'...Hi Max,<br /><br />Can this be apply on Weblogic 8.1? I'm tried to configure the weblogic 8.1 with apache web server 2.0.64 right now but got some problems. My proxy log shows that:<br /><br />INFO: SSL is configured<br />SSL Main Context not set. Calling InitSSL<br />INFO: Initializing SSL library<br />Loaded 1 trusted CA's<br />INFO: Successfully initialized SSL<br />INFO: SSL configured successfully<br />Using Uri /secureWebAuth/<br />After trimming path: '/secureWebAuth/'<br />The final request string is '/secureWebAuth/'<br />Host extracted from serverlist is [10.122.50.48]<br />Initializing lastIndex=0 for a list of length=1<br />getListNode: created a new server node: id='10.122.50.48:7002' server_name='winxp-sgg2', port='443'<br />general list: trying connect to '10.122.50.48'/7002/7002 at line 2696 for '/secureWebAuth/'<br />New SSL URL: match = 0 oid = 22<br />Connect returns -1, and error no set to 10035, msg 'Unknown error'<br />EINPROGRESS in connect() - selecting<br />Setting peerID for new SSL connection<br />0a7a 3230 5a1b 0000 .z20Z...<br />Local Port of the socket is 1601<br />Remote Host 10.122.50.48 Remote Port 7002<br />general list: created a new connection to '10.122.50.48'/7002 for '/secureWebAuth/', Local port:1601<br />Hdrs from clnt:[Host]=[winxp-sgg2]<br />Hdrs from clnt:[Connection]=[keep-alive]<br />Hdrs from clnt:[Cache-Control]=[max-age=0]<br />Hdrs from clnt:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]<br />Hdrs from clnt:[Accept]=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]<br />Hdrs from clnt:[Accept-Encoding]=[gzip,deflate,sdch]<br />Hdrs from clnt:[Accept-Language]=[en-US,en;q=0.8]<br />Hdrs from clnt:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]<br />Hdrs from clnt:[Cookie]=[JSESSIONID=hMQYTx8Gd821vfdvF4z5cqtQVRXyMCCDG7yphrCzKpCpnX3GyCg1!1355456249]<br />URL::sendHeaders(): meth='GET' file='/secureWebAuth/' protocol='HTTP/1.1'<br />Hdrs to WLS:[Host]=[winxp-sgg2]<br />Hdrs to WLS:[Cache-Control]=[max-age=0]<br />Hdrs to WLS:[User-Agent]=[Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1]<br />Hdrs to WLS:[Accept]=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]<br />Hdrs to WLS:[Accept-Encoding]=[gzip,deflate,sdch]<br />Hdrs to WLS:[Accept-Language]=[en-US,en;q=0.8]<br />Hdrs to WLS:[Accept-Charset]=[ISO-8859-1,utf-8;q=0.7,*;q=0.3]<br />Hdrs to WLS:[Cookie]=[JSESSIONID=hMQYTx8Gd821vfdvF4z5cqtQVRXyMCCDG7yphrCzKpCpnX3GyCg1!1355456249]<br />Hdrs to WLS:[Connection]=[Keep-Alive]<br />Hdrs to WLS:[WL-Proxy-SSL]=[true]<br />Hdrs to WLS:[WL-Proxy-Client-IP]=[10.122.50.218]<br />Hdrs to WLS:[Proxy-Client-IP]=[10.122.50.218]<br />Hdrs to WLS:[X-Forwarded-For]=[10.122.50.218]<br />Hdrs to WLS:[X-WebLogic-Force-JVMID]=[unset]<br /><b>INFO: No session match found</b><br /><b>INFO: No CA was trusted, validation failed</b><br /><b>INFO: DeleteSessionCallback</b><br /><b>ERROR: SSLWrite failed</b><br />SEND failed (ret=-1) at 789 of file ../nsapi/URL.cpp<br />*******Exception type [WRITE_ERROR_TO_SERVER] raised at line 790 of ../nsapi/URL.cpp<br />Marking 10.122.50.48:7002 as bad<br />got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0, line 790 of ../nsapi/URL.cpp]: at line 3078<br />INFO: Closing SSL context<br />INFO: Error after SSLClose, socket may already have been closed by peer<br />Failing over after WRITE_ERROR_TO_SERVER exception in sendRequest()<br /><br /><br />What should i do to fix this problem?Francishttps://www.blogger.com/profile/10381748315013766486noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-25135858107405691942010-07-31T21:39:46.545+02:002010-07-31T21:39:46.545+02:00I am also facing the same issues faced by Tony, I ...I am also facing the same issues faced by Tony, I tried whatever Alex has mentioned. Still I am getting page cannot be displayed pageUnknownhttps://www.blogger.com/profile/03745443902751799959noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-86147449868845052122010-03-18T16:36:36.749+01:002010-03-18T16:36:36.749+01:00Hi, I am having some issue when I installed and co...Hi, I am having some issue when I installed and configured SSL on weblogic 10.3.2. The problem is when I installed it appears that it is installed properly as I can see it installed using keytool command but when i started weblogic to work in SSL mode I am getting this error:<br /><br /> in keystore /.keystore on server AdminServer> <br /><br /><br />any clues as to why am I getting these?Unknownhttps://www.blogger.com/profile/00897318670349754126noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-71472830818671577482009-10-02T14:12:38.683+02:002009-10-02T14:12:38.683+02:00@Ananth : so you tried a configuration like that ?...@Ananth : so you tried a configuration like that ?<br /><br />**********************************<br /><br />>IfModule mod_weblogic.c<<br /><br />>Location /app1<<br /> SetHandler weblogic-handler<br /> WebLogicHost localhost<br /> WebLogicPort 7001 <br /> <br /> # DEBUG<br /> WLLogFile wlproxy.log<br /> Debug ALL<br /> DebugConfigInfo ON<br />>/Location<<br /><br />>Location /App2<<br /> SetHandler weblogic-handler<br /> WebLogicHost localhost<br /> WebLogicPort 7003 <br /> <br /> # DEBUG<br /> WLLogFile wlproxy.log<br /> Debug ALL<br /> DebugConfigInfo ON<br />>/Location<<br /><br />>/IfModule<<br /><br />**********************************<br /><br />Well, to be honest, I don't see any reason why it wouldn't work. In order to give you a proper answer, could you post a lil part of your httpd.conf ? (or send it to my email@)<br /><br />Regards.Maxence Buttonhttps://www.blogger.com/profile/03432797928549149364noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-27100812152677123242009-10-02T11:42:34.914+02:002009-10-02T11:42:34.914+02:00@Alex : yes there are several possibilities as for...@Alex : yes there are several possibilities as for the Apache configuration. <br /><br />Yours is correct but note it will use SSL for each and every call, no matter what the path is.<br /><br />Dtermining a specified path allows to configure a different behavior for every path (= every application). <br /><br />Depends on your needs but it could be worth it.Maxence Buttonhttps://www.blogger.com/profile/03432797928549149364noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-59746450655328725982009-09-29T21:17:53.652+02:002009-09-29T21:17:53.652+02:00Max,
I have weird problem. I have two instances(n...Max,<br /><br />I have weird problem. I have two instances(non-clustered) in two domains(port 7001 and 7003). I would like to configure Apache plugin to forward to both applications.<br /><br />For eg,<br />Domain 1 has app1 on 7001<br />Domain 2 has App2 on 7003<br /><br />In the browser, when i hit<br /><br />http://localhost/app1 it should go to domain 1(port 7001)<br /><br />If I hit, http://localhost/app2 it should go to domain 2(port 7003)<br /><br />But unfortunately, httpd.conf allows only one weblogic host to configure.<br /><br />Do you have any idea if i can configure two instances which is running in different port?Ananthhttps://www.blogger.com/profile/01014064398352414331noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-54542852164550285652009-09-29T17:44:17.114+02:002009-09-29T17:44:17.114+02:00Tony,
If you are not planning to proxy by path, y...Tony,<br /><br />If you are not planning to proxy by path, you don't need the location tag. You only need to use a MatchExpression. See http://download.oracle.com/docs/cd/E13222_01/wls/docs92/plugins/apache.html<br /><br />Here's what I've used and it works for me. Its a slight variation of what Max has:<br /><br />?IfModule mod_weblogic.c?<br /> WebLogicHost WL_Server<br /> WebLogicPort 7002 <br /> MatchExpression *<br /><br /> # SSL<br /> SecureProxy ON<br /> WLProxySSL ON<br /> RequireSSLHostMatch false<br /> TrustedCAFile C:\PROGRA~1\APACHE~1\Apache2.2\WL_Server_TrustedCA.pem<br /> EnforceBasicConstraints false <br />?IfModule?<br /><br /><br />Notice that I don't have the Location tag. Instead I have everything inside the IfModule tags (BTW, I had to replace the XML tags with "?" because blogger does not allow those tags). Also instead of a PathTrim, I use MatchExpression.<br /><br />Max, correct me if I'm wrongAlexnoreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-71424974935203814102009-08-11T12:20:17.860+02:002009-08-11T12:20:17.860+02:00hello...
I was testing the steps u mentioned...
...hello...<br /><br />I was testing the steps u mentioned...<br /><br />After all the configuration whne we try to access the console http://localhost/console it is not giving me the console page(page cannot be displayed) ..but it is logging ssl successful in wlsproxy.log.<br /><br />Any suggestions....<br /><br />Regards,<br />Tony<br />Is the waAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-74330110475428994912009-08-10T17:02:27.852+02:002009-08-10T17:02:27.852+02:00Thx a lot for your clarification MAX.....
RENJANThx a lot for your clarification MAX.....<br /><br />RENJANAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-51831190425755723772009-08-10T16:45:36.241+02:002009-08-10T16:45:36.241+02:00The trim function seems to be called on each reque...The trim function seems to be called on each request, even if you did not configure it.<br /><br />That's why you can observe that message in your log : it's called but does nothing.Maxence Buttonhttps://www.blogger.com/profile/03432797928549149364noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-85793404204345862682009-08-10T15:33:50.372+02:002009-08-10T15:33:50.372+02:00Hi Max,
I know abt the functionality of pathtrim....Hi Max,<br /><br />I know abt the functionality of pathtrim...but here in the httpd.conf we are not mentioning the pathtrim parameter.So i am confused how the Pathtrim will owrk here ???<br /><br />IfModule mod_weblogic.c <br /> Location /console<br /> SetHandler weblogic-handler<br /> WebLogicHost localhost<br /> WebLogicPort 7002 <br /> <br />Also it will be great if u could tel me the flow of the request how it works when we hit the URL http://localhost/console here with respect to pathtrim.....Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-21289850319878031562009-08-10T15:02:07.179+02:002009-08-10T15:02:07.179+02:00Hi, the Path Trim is useful when you want to alter...Hi, the Path Trim is useful when you want to alter the original URL before hitting the server.<br /><br />More details :<br />http://e-docs.bea.com/wls/docs81/plugins/plugin_params.html#1157965<br /><br />Hurry up, by the end of the month, this link won't be valid anymore and you'll have to search on OTN :)Maxence Buttonhttps://www.blogger.com/profile/03432797928549149364noreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-49789033022201991952009-08-10T14:06:17.449+02:002009-08-10T14:06:17.449+02:00Hi Max,
In WLSProxy log i can see the below :-
U...Hi Max,<br /><br />In WLSProxy log i can see the below :-<br /><br />Using Uri /console<br />Tue Nov 11 00:08:43 2008 <502412263585231> After trimming path: '/console'<br />Tue Nov 11 00:08:43 2008 <502412263585231> The final request string is '/console'<br /><br />Can u tel me what exactly that message indicates????Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-75290904520065180502009-01-15T00:33:00.000+01:002009-01-15T00:33:00.000+01:00Nice job, but was does this error mean? Connect re...Nice job, but was does this error mean? <BR/><BR/>Connect returns -1, and error no set to 10035, msg 'Unknown error'Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2592381182145606344.post-34889181635763376192008-11-14T18:51:00.000+01:002008-11-14T18:51:00.000+01:00Thanks! It is really helpful.Thanks! It is really helpful.Anonymousnoreply@blogger.com