0 Replies Latest reply: Sep 13, 2013 2:54 PM by 1004640 RSS

    OHS - SSL Configuration Error Prompts for Certificate Tile Twice

    1004640

      Has anyone configured OHS to verify client certificates but had the browser prompt for a cert tile multiple times before getting into your site?  I am trying to configure a legacy mod_plsql web application to establish SSL with client certs. When I configure OHS on my test site to verify client certificates by setting SSLVerifyClient to optional or require in ssl.conf I'm always prompted for the certificate tile twice before getting access to the site.  I used the ssl.conf file out of the box, pasted below, so I'm not sure what I've missed.  Any info or suggestions are appreciated.

       

      Thanks,

      Scott

      # OHS Listen Port
      Listen 443
      <IfModule ossl_module>
      ##
      ##  SSL Global Context
      ##
      ##  All SSL configuration in this context applies both to
      ##  the main server and all SSL-enabled virtual hosts.
      ##
      
      #  Some MIME-types for downloading Certificates and CRLs
          AddType application/x-x509-ca-cert .crt
          AddType application/x-pkcs7-crl    .crl
      
      #   Pass Phrase Dialog:
      #   Configure the pass phrase gathering process.
      #   The filtering dialog program (`builtin' is a internal
      #   terminal dialog) has to provide the pass phrase on stdout.
          SSLPassPhraseDialog  builtin
      
      #   Inter-Process Session Cache:
      #   Configure the SSL Session Cache: First the mechanism
      #   to use and second the expiring timeout (in seconds).
          SSLSessionCache "shmcb:${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_scache(512000)"
          SSLSessionCacheTimeout  300
      
      #   Semaphore:
      #   Configure the path to the mutual exclusion semaphore the
      #   SSL engine uses internally for inter-process synchronization.
          <IfModule mpm_winnt_module>
            SSLMutex "none"
          </IfModule>
          <IfModule !mpm_winnt_module>
            SSLMutex pthread
          </IfModule>
      ##
      ## SSL Virtual Host Context
        <VirtualHost *:443>
          <IfModule ossl_module>
           #  SSL Engine Switch:
           #  Enable/Disable SSL for this virtual host.
           SSLEngine on
           SSLVerifyClient optional
      
           #  SSL Protocol Support:
           #  List the supported protocols.
           SSLProtocol nzos_Version_1_0 nzos_Version_3_0
      
           #  SSL Cipher Suite:
           #  List the ciphers that the client is permitted to negotiate.
           SSLCipherSuite   
      SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
      
           # SSL Certificate Revocation List Check
           # Valid values are On and Off
           SSLCRLCheck Off
      
           #Path to the wallet
           SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/"
      
           BrowserMatch ".*MSIE.*" \
           nokeepalive ssl-unclean-shutdown \
           downgrade-1.0 force-response-1.0
          </IfModule>
        </VirtualHost>
      </IfModule>