1 Reply Latest reply: Jun 4, 2012 7:17 PM by handat RSS

    Sunone webserver(proxy) --SSL-> weblogic

    854938
      In our environment we are using Sunone webserver 7.0.9 as a proxy server to forward the request to the weblogic server 10.3.3. Now the requirement is to secure the communication between the proxy and weblogic server. As a standard way we can configure the proxy server to use SSL in obj.conf as below:

      <Object name=”weblogic” ppath=”*/DefaultWebApp/*”>
      Service fn=wl_proxy WebLogicHost=”myIP WebLogicPort=”mySSLPort SecureProxy=”ON” Debug=”ALL” WLLogFile=”/home/support/IPlanet60SP5/server/logsupport.txt” TrustedCAFile=”/home/support/IPlanet60SP5/TrustedCA.pem” RequireSSLHostMatch=”true”
      </Object>

      My question is when we have installed a self signed certificate on weblogic, how do we trust that certificate in the proxy server. If it was a third party certificate we can get the root CA certificate that can be added as trust entry in the obj.conf. But in self signed case we do not have a intermediate or root certificate. So how do we trust the self signed server certificate in the proxy server.
        • 1. Re: Sunone webserver(proxy) --SSL-> weblogic
          handat
          851935 wrote:
          In our environment we are using Sunone webserver 7.0.9 as a proxy server to forward the request to the weblogic server 10.3.3. Now the requirement is to secure the communication between the proxy and weblogic server. As a standard way we can configure the proxy server to use SSL in obj.conf as below:

          <Object name=”weblogic” ppath=”*/DefaultWebApp/*”>
          Service fn=wl_proxy WebLogicHost=”myIP WebLogicPort=”mySSLPort SecureProxy=”ON” Debug=”ALL” WLLogFile=”/home/support/IPlanet60SP5/server/logsupport.txt” TrustedCAFile=”/home/support/IPlanet60SP5/TrustedCA.pem” RequireSSLHostMatch=”true”
          </Object>

          My question is when we have installed a self signed certificate on weblogic, how do we trust that certificate in the proxy server. If it was a third party certificate we can get the root CA certificate that can be added as trust entry in the obj.conf. But in self signed case we do not have a intermediate or root certificate. So how do we trust the self signed server certificate in the proxy server.
          Just import the self signed cert as trusted.