Apache HTTP Server Plugin configuration to Weblogic 11g (10.3.5)
1. Install Apache HTTP server (Version 2.2.29).
Note – Installation might need ‘root’
Here is the Apache reference doc for Installation (http://httpd.apache.org/docs/2.2/install.html)
Download required version of Apache software distribution from nearest mirror site (Mirror I used)
http://mirrors.sonic.net/apache/httpd/httpd-2.2.29.tar.gz
2. Configure
./configure –prefix=/opt/apache2.x –with-ldap –enable-mods-shared=”all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache isapi suexec” –enable-rewrite=shared –enable-mime-magic –enable-info –enable-speling –enable-usertrack –enable-example –enable-maintainer-mode
3. make
4. make install
Note – When we re-run the Apache installation with updated modules, sometimes you may run into libtool error
Error :
libtool: install: error: cannot install `libaprutil-1.la’ to a directory not
ending in /usr/local/apache2/lib
Solution : run below command before ‘make install’
make clean
Issue#2 : you may run into below error while starting Apache instance after loaded weblogic shared Object files:
[root@NA9F2RFV1 bin]# ./apachectl -k start
httpd: Syntax error on line 126 of /opt/thirdparty/Middleware/apache2.x/conf/httpd.conf: Cannot load /opt/thirdparty/Middleware/apache2.x/modules/mod_wl_22.so into server: libstdc++.so.5: cannot open shared object file: No such file or directory
[root@NA9F2RFV1 bin]# yum install libstdc++.sh.5
Solution :
Run below Command to install dependent libraries.
sudo yum install compat-libstdc++-33.x86_64
>Installing : compat-libstdc++-33-3.2.3-69.el6.x86_64 1/1
>Verifying : compat-libstdc++-33-3.2.3-69.el6.x86_64 1/1
>Installed:
>compat-libstdc++-33.x86_64 0:3.2.3-69.el6
Issue 3:
you may see below error while restart Apache.
[root@NA9F2RFV1 bin]# ./apachectl -k stop
httpd: Could not reliably determine the server’s fully qualified domain name, using NA9F2RFV1.localdomain for ServerName
Solution :
you need to add ‘hostname’ to /etc/hosts file
127.0.0.1 NA9F2RFV1.localdomain localhost localhost4 localhost4.localdomain4
::1 NA9F2RFV1.localdomain localhost localhost6 localhost6.localdomain6
5. vi $APACHE_HOME/conf/httpd.conf
a) Load weblogic module
copy shared object file into $Apache_Home/modules directory. choose the correct .so file based on the Apache version and OS (32 bit/64 bit)
you can copy these .so files from weblogic distribution ($WLS_HOME/wlserver_10.3/server/plugin/)
LoadModule weblogic_module modules/mod_wl_22.so
6. Define IF module for Weblogic
WebLogicHost 192.168.56.101
WebLogicPort 7001
MatchExpression /console
MatchExpression *.jsp
MatchExpression *.html
ConnectTimeoutSecs 10
ConnectRetrySecs 2
WLIOTimeoutSecs 300
Idempotent ON
KeepAliveEnabled ON
#WLProxySSL ON/OFF ( ON for opening apache to access SSL – via Https)
Debug ALL
WLLogFile /opt/apache2.x/logs/wl-proxy.log
Configure SSL for Apache
How To Install Apache 2 with SSL on Linux (with mod_ssl, openssl)
How To Generate SSL Key, CSR and Self Signed Certificate For Apache
Note – After you generate certs and configure Apache to access over https, you may see below issue in browser.
*******************************
Bad Request
Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
*******************************
To have HTTP (non-ssl working) between apache plugin and weblogic, you need to enable this option
“WebLogic Plug-In Enabled” using weblogic console under Servers > AdminServer > General > Advanced.
Configure SSL between Apache and Weblogic11g (Using Trusted CA)
Web Logic Server Configuration
1. Generate a private key
jdk_home\bin\keytool -genkey -alias
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -genkey -alias sslcert -keyalg RSA -keysize 2048 -keystore mykeystore.jks
Note – use key size 2048, Sometimes it may complain based on new cryptography rules.
2. Generate a certificate request (CSR file).
jdk_home\bin\keytool -certreq -keyalg RSA -alias
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -certreq -keyalg RSA -alias sslcert -file certreq.csr -keystore mykeystore.jks
3. Get CSR signed by trusted Authority (Verisign in this case)
Paste the csr file and get the trail certificate(save as public.pem) and intermediate CA (save as intermediate.pem) and Root CA (save as rootCA.pem) from the email sent from Verisign website( http://www.symantec.com/ssl-certificates/?inid=vrsn_symc_ssl_index&searchdomain=google.com&searchterms=
4. Import Certificates into keystores:
1. Import CA into keystore:
keytool -import -alias verisignCA -file CA.pem -keystore
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -import -alias rootCA -file rootCA.pem -keystore mykeystore.jks –trustcacerts
2. Import intermediate CA into keystore:
keytool -import -alias verisignIntermediateCA -file Intermediate.pem -keystore
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -import -alias intermediateCA -file intermediateCA.pem -keystore mykeystore.jks –trustcacerts
3. Import the public key into your keystore. It will go on the same alias as the private key:
keytool -import -alias
Example:
/opt/thirdparty/Middleware/Oracle/jdk1.6.0_24/bin/keytool -import -alias localhost -file public.pem -keystore mykeystore.jks –trustcacerts
4. To view the keystore:
keytool -list -keystore mykeystore.jks -v
5. keystore configuration in weblogic console.
From the Admin console, go to your server page, and in the Keystore & SSL tab choose:
Custom Identity and Custom Trust
Custom Identity
Custom Identity Key Store File Name:
Custom Identity Key Store Type: jks
Custom Identity Key Store Pass Phrase:
Confirm Custom Identity Key Store Pass Phrase:
Custom Trust
Custom Trust Key Store File Name:
Custom Trust Key Store Type: jks
Custom Trust Key Store Pass Phrase:
Confirm Custom Trust Key Store Pass Phrase:
Go to SSL TAB :
Private Key Alias:
Passphrase: password
Confirm Passphrase: password
Restart your server and now try https://localhost:7002/console
You should see the following while server starts up:
WebLogicHost 192.168.56.101
WebLogicPort 7002 (SSL Port)
MatchExpression /console
MatchExpression *.jsp
MatchExpression *.html
ConnectTimeoutSecs 10
ConnectRetrySecs 2
WLIOTimeoutSecs 300
Idempotent OFF
KeepAliveEnabled ON
#WLProxySSL ON/OFF ( ON for opening apache to access SSL – via Https)
SecureProxy ON
TrustedCAFile /opt/thirdparty/Middleware/Oracle/certs/MyWeblogicCAToTrust.pem
RequireSSLHostMatch false
EnforceBasicConstraints OFF
WLProxySSL ON
Debug ALL
WLLogFile logs/wlproxy.log
Error
You might notice below error in Apache error log while accessing https: apache url
[Wed Dec 10 13:55:26 2014] [error] [client 192.168.56.1] ap_proxy: trying GET /console at backend host ‘192.168.56.101/7002; got exception ‘WRITE_ERROR_TO_SERVER [os error=0, line 806 of ../nsapi/URL.cpp]: ‘
Solution :
Convert this .crt into .pem
openssl x509 -inform der -in MyWeblogicCAToTrust.cer -out MyWeblogicCAToTrust.pem
Note : Import the CA.pem for apache and weblogic in the browser using content-> certificate-> Import-> Autoselect store based on type of cert- option.
Configuration Complete!!
Apache-Weblogic SSL
Recent Comments