Terminated/Simulated SSL with Apache 2.2

[JosephBertram]

Hi everyone,

I’m new to Apache so I apologize ahead of time if I don’t word this question correctly.

I’m trying to configure Terminated (Simulated) SSL with Apache 2.2. I used to work with Oracle Application Server which came bundled with Oracle HTTP Server. Oracle HTTP Server is kind of a repackaged version of Apache. It came with a shared module called mod_certheaders,.so that would allow for easy configuration of terminated SSL connections.

Well now we upgraded to Oracle’s new Fusion middleware suite and they no longer package their HTTP server with it. So I downloaded the latest version of Apache and I’ve been trying to configure terminated SSL.

Apache 2.2 doesn’t come with the mod_certheaders.so so I cannot configure the terminated SSL the same way I did with Oracle HTTP Server.

Does anyone know how to configure terminated SSL with Apache 2.2?

I definitely would appreciate any pointers!

-Joe

 

[plunkett]

When you say "terminated ssl", do you mean that the SSL requests are terminating at the apache level? What were the directives you were using with mod_certheaders?

 

[JosephBertram]

Hi plunkett,

Here's how our setup is *hoping* to look like:

Client Browser -> (HTTPS) -> Net Scaler LBR -> (HTTP) -> Oracle HTTP Server/Apache 2.2 -> (HTTP) -> Weblogic (Application Server) -> (HTTP) -> Application.

In the old environment, we were using the below directives:
AddCertHeader HTTPS
SimulateHttps On

I've done some research and Oracle offers a plugin called mod_wl.so that seems to have some newer directives that integrate directly with the Weblogic Application server. These directives are:
WLProxySSLPassThrough ON
WLProxySSL ON

Terminated SSL seems like a common practice, but I am surprised I can't find too much information on it.

Is it not as common as I thought?

Thanks!

-=Joe

 

[plunkett]

I'm almost 100% positive that Oracle includes OHS with WebLogic... are you using 11g 10.3.5? The latest version includes it with the Fusion Middleware Web Tier Utilities package.

 

[JosephBertram]

You may be right. OHS may come with the standard Weblogic 1gg install.

I actually was installing their Business Intelligence Fusion Middleware Apllication. It has a pretty large footprint and includes an install of WebLogic, however, through Oracle support I found out that it did not include an install of OHS.

They gave me a choice of install OHS or Apache. They are almost the same, so I went with the Apache, but later found out that there are so shared object files I needed from OHS. So I had to backout apache and just go with OHS.

It took me some time and an additional SR with Oracle to find the documentation I needed to finish the setup. The document that was the most helpful was 1316142.1.

Once I had that document it was a cake walk. But finding the document was the tough part. Amusingly enough, the document even notes that "Oracle Documentation for these steps is hard to find, but an enhancement has been filed to improve the organization in the future".

Man, I hope they make it easier to find so it's not so much of a pain for others.

-=Joe