Forum Stats

  • 3,874,662 Users
  • 2,266,761 Discussions
  • 7,911,933 Comments

Discussions

SSL in Oracle Forms

Soofi
Soofi Member Posts: 492 Bronze Badge

Hi,

I am running Forms 12.2.1.3.0.

I have enabled SSL in OHS with the required certs and I can now able to access my forms application through 4443 port.

Now I have both the ports (9001 and 4443) opened. Is there any way I can restrict the end users to not use 9001 port and use only secured https port.

Tagged:

Best Answers

«13

Answers

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,489 Employee
    Answer ✓

    In the firewall, block 9001 between the user and OHS.


    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

  • Soofi
    Soofi Member Posts: 492 Bronze Badge

    Thanks for your answer @Michael Ferrante-Oracle.

    If I understood correctly, It will be a firewall config and have to do nothing with forms right?

    Is there a report in EM which shows the port usage (9001 and 4443) separately?

    Regards,

    Soofi

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,489 Employee

    There are probably numerous ways in which you can block users from using a particular port. I just suggested firewall because that likely would be the easiest and most secure.

    Regarding Fusion Middleware Control, yes it shows which ports are being used. You may need to "show" additional columns, but the various ports are presented.



    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

  • Soofi
    Soofi Member Posts: 492 Bronze Badge

    Is there a way I can check the total inbound request to Oracle Forms application through 9001 port Vs. Request via Ohs secured port (4443)? In short HTTP Vs. HTTPS.

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,489 Employee

    In answer to your question, "kind of". You could compare the access logs for both OHS and Forms, but that would be a bit tedious and not something that could be easily automated (if that's what you meant).

    If your main goal is to just enable SSL and not necessarily use OHS as a proxy, why not just enable SSL on the Forms managed server (i.e. WLS_FORMS) and not use OHS? Note that OHS would be required if you are using Single Signon.


    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

  • Soofi
    Soofi Member Posts: 492 Bronze Badge

    I am curious to know the downside of using OHS as a proxy rather than enabling SSL in Weblogic Forms Managed Server.

    Also, Is there any document briefing how to enable SSL in Forms Managed Server through Enterprise Manager?


    FYI, We point to our application via F5 Load Balancer.

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,489 Employee
    Answer ✓

    Unless you have a technical dependency on using OHS (e.g. need to use WebGate for SSO, hosting non-java web content), using OHS really does nothing more than add another layer to administer. Of course, using it does add another security layer (if configured properly) by giving another layer (proxy) of separation between the user and the middle tier. It's mostly just use-case specific. If you need it, use it. If you don't need it, don't use it.

    Regarding how to configure it, the exact steps may vary based on the type of cert you obtain and want to use. But here is the doc. There likely are MyOracleSupport Notes, but I don't have any specific numbers I can share at the moment.

    https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/secmg/ssl.html


    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

  • Soofi
    Soofi Member Posts: 492 Bronze Badge

    @Michael Ferrante-Oracle In load balancer, I have two ports configured one is 9001 and the other is 4443. I haven't imported my certs to any of my servers present in LB. 

    But when calling url with 9001 port I am getting Error 404--Not Found whereas I am getting Oracle HTTP Server 12c Homepage when the port in the url is changed to 4443.

    I thought, to get Oracle HTTP Server 12c Homepage we need to import certs and configure ssl in the servers. Dont we?

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,489 Employee

    @Soofi

    Sorry but I don't understand what you are trying to do. Assuming the port references you made are the default ports then you can't load balance between a server that will be using SSL and one that will not.


    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

  • Soofi
    Soofi Member Posts: 492 Bronze Badge

    @Michael Ferrante-Oracle

    My apologies, let me rephrase it. I have two different load balancer setup.

    Setup-1

    Has a virtual IP which points to Application servers through 9001 port (non secured)

    (https://<virtual ip>:9001) -> (http://<multiple app server ips>:9001)


    Setup-2

    Uses the same virtual ip but instead of using 9001 port uses 4443 to call Application server

    (https://<virtual ip>:4443) -> (https://<multiple app server ips>:4443)


    I haven't started configuring ssl in any of the application servers but I am getting Oracle HTTP Server 12c Page when I call (https://<virtual ip>:4443) .

    I tested all app server ips (https://<multiple app server ips>:4443) none of them returns Oracle HTTP Server 12c Page. I cant able to get what's happening.