OHS acts as webserver where your site static content can be deployed
Weblogic acts as Applicaion server where your business logic can be deployed
Yes, you can just enable SSL at OHS
OHS acts as a reversed proxy for Weblogic. It enables you to route endpoints from one URL/Host to different Weblogic Servers and different endpoint URI's.
It also does ssl offloading which means that it unencrypts the TLS traffic and sends it plain to weblogic.
So you can indeed enable only SSL at OHS. However, note that Weblogic can/will do redirects to load additional content. Since the requests are received by Weblogic over http, Weblogic will do the redirects over HTTP.
Weblogic need to be 'told' that it is fronted by a reversed proxy. There for you need to use the weblogic proxy plugin (enabled in OHS by default) and set the Weblogic proxy plugin attribute to "Yes" on either the cluster or the managed server. See also http://www.ateam-oracle.com/wls-plugin-enabled/ for further explanation.