Tuesday Jun 18, 2013

Importing server and private key in Oracle wallet

You want to create a wallet containing your server cert and private key provided by your PKI administrator as a yourcert.p12 file.

Use keytool and orapki. But make sure your wallet and the private key passwords match.

[Read More]

Thursday Oct 20, 2011

EPM 11.1.2 - SSL Offloading flavors

While EPM documentation clearly lists the different SSL flavors available in 11.1.2.1 (http://download.oracle.com/docs/cd/E17236_01/epm.1112/epm_security_11121.pdf - termination at web server, ssl offloading, full ssl, 2 way ssl...), it requires additional information to adapt further depending on your environment.

Three main elements to know about:

  • Some EPM pages generate HTTPS links in their web pages based on request scheme. An http request will generate an http link, and an https request will generate an https link. This is the standard behavior of the request.getScheme servlet api method. The solution to let Weblogic know it has to use HTTPS in link is through a header named WL-Proxy-SSL true or false. This header has to be set by layers fronting Weblogic.
  • The Weblogic plugin (in Oracle Http Server, or IIS) has 2 parameters to add or propagate this header: WLProxySSL and WLProxyPassThrough  http://download.oracle.com/docs/cd/E21764_01/web.1111/e14395/toc.htm and http://download.oracle.com/docs/cd/E21764_01/web.1111/e14395/plugin_params.htm#WLPLG475)

quoting from above url: When WLProxySSL is set to ON, the location header returned to the client from WebLogic Server specifies the HTTPS protocol.

If you have a chained proxy setup, where a proxy plug-in or HttpClusterServlet is running behind some other proxy or load balancer, you must explicitly enable the WLProxyPassThrough parameter. Enabling this parameter allows the plug-in to trust the proxy fronting it, under the assumption that the network between them is trusted so user certs and so forth can be passed along.

This also means the WL-Proxy-SSL header amongst other headers are not going to be removed by the weblogic plugin when it receives headers from SSL Offloader.

About

A blog focused on Tips & Tricks about Oracle Business Intelligence (OBI), Oracle Exalytics and Oracle Enterprise Performance Management (EPM) products.
[Blog Admin: ahmed awan]

Search

Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
9
10
11
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today