Discussions
Categories
- 385K All Categories
- 2.6K Data
- 595 Big Data Appliance
- 2K Data Science
- 452.1K Databases
- 222.4K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 32 Multilingual Engine
- 576 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 575 SQLcl
- 4K SQL Developer Data Modeler
- 187.7K SQL & PL/SQL
- 21.5K SQL Developer
- 12 Data Integration
- 12 GoldenGate
- 297.7K Development
- 3 Application Development
- 18 Developer Projects
- 140 Programming Languages
- 294.3K Development Tools
- 118 DevOps
- 3.1K QA/Testing
- 646.5K Java
- 30 Java Learning Subscription
- 37K Database Connectivity
- 185 Java Community Process
- 107 Java 25
- 22.2K Java APIs
- 138.3K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 22 Java Essentials
- 174 Java 8 Questions
- 86K Java Programming
- 82 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 206 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 584 LiveLabs
- 41 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.6K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 191 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 240 Portuguese
SSL in Oracle Forms
Hi,
I am running Forms 12.2.1.3.0.
I have enabled SSL in OHS with the required certs and I can now able to access my forms application through 4443 port.
Now I have both the ports (9001 and 4443) opened. Is there any way I can restrict the end users to not use 9001 port and use only secured https port.
Best Answers
-
In the firewall, block 9001 between the user and OHS.
-
Unless you have a technical dependency on using OHS (e.g. need to use WebGate for SSO, hosting non-java web content), using OHS really does nothing more than add another layer to administer. Of course, using it does add another security layer (if configured properly) by giving another layer (proxy) of separation between the user and the middle tier. It's mostly just use-case specific. If you need it, use it. If you don't need it, don't use it.
Regarding how to configure it, the exact steps may vary based on the type of cert you obtain and want to use. But here is the doc. There likely are MyOracleSupport Notes, but I don't have any specific numbers I can share at the moment.
https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/secmg/ssl.html
Answers
-
In the firewall, block 9001 between the user and OHS.
-
Thanks for your answer @Michael Ferrante-Oracle.
If I understood correctly, It will be a firewall config and have to do nothing with forms right?
Is there a report in EM which shows the port usage (9001 and 4443) separately?
Regards,
Soofi
-
There are probably numerous ways in which you can block users from using a particular port. I just suggested firewall because that likely would be the easiest and most secure.
Regarding Fusion Middleware Control, yes it shows which ports are being used. You may need to "show" additional columns, but the various ports are presented.
-
Is there a way I can check the total inbound request to Oracle Forms application through 9001 port Vs. Request via Ohs secured port (4443)? In short HTTP Vs. HTTPS.
-
In answer to your question, "kind of". You could compare the access logs for both OHS and Forms, but that would be a bit tedious and not something that could be easily automated (if that's what you meant).
If your main goal is to just enable SSL and not necessarily use OHS as a proxy, why not just enable SSL on the Forms managed server (i.e. WLS_FORMS) and not use OHS? Note that OHS would be required if you are using Single Signon.
-
I am curious to know the downside of using OHS as a proxy rather than enabling SSL in Weblogic Forms Managed Server.
Also, Is there any document briefing how to enable SSL in Forms Managed Server through Enterprise Manager?
FYI, We point to our application via F5 Load Balancer.
-
Unless you have a technical dependency on using OHS (e.g. need to use WebGate for SSO, hosting non-java web content), using OHS really does nothing more than add another layer to administer. Of course, using it does add another security layer (if configured properly) by giving another layer (proxy) of separation between the user and the middle tier. It's mostly just use-case specific. If you need it, use it. If you don't need it, don't use it.
Regarding how to configure it, the exact steps may vary based on the type of cert you obtain and want to use. But here is the doc. There likely are MyOracleSupport Notes, but I don't have any specific numbers I can share at the moment.
https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/secmg/ssl.html
-
@Michael Ferrante-Oracle In load balancer, I have two ports configured one is 9001 and the other is 4443. I haven't imported my certs to any of my servers present in LB.
But when calling url with 9001 port I am getting Error 404--Not Found whereas I am getting Oracle HTTP Server 12c Homepage when the port in the url is changed to 4443.
I thought, to get Oracle HTTP Server 12c Homepage we need to import certs and configure ssl in the servers. Dont we?
-
Sorry but I don't understand what you are trying to do. Assuming the port references you made are the default ports then you can't load balance between a server that will be using SSL and one that will not.
-
My apologies, let me rephrase it. I have two different load balancer setup.
Setup-1
Has a virtual IP which points to Application servers through 9001 port (non secured)
(https://<virtual ip>:9001) -> (http://<multiple app server ips>:9001)
Setup-2
Uses the same virtual ip but instead of using 9001 port uses 4443 to call Application server
(https://<virtual ip>:4443) -> (https://<multiple app server ips>:4443)
I haven't started configuring ssl in any of the application servers but I am getting Oracle HTTP Server 12c Page when I call (https://<virtual ip>:4443) .
I tested all app server ips (https://<multiple app server ips>:4443) none of them returns Oracle HTTP Server 12c Page. I cant able to get what's happening.