cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issues in ssl configuration with apache server (using reverse proxy)

Former Member

on ‎05-22-2006 7:15 PM

0 Kudos

Hi,

I am able to use apache server as a reverse proxy to connect to Portal. When I enter the web server url as https://mywebserver.com, I am able to connect to the http url of the Portal. But the moment I try to connect to the https url of Portal with this https url, I am not able to connect to the Portal. Thus I am not able to use apache as a proxy server for https connections it makes. What must I do. I read that mod_proxy_connect needs to be used, but how do I use this?

The second problem is that I need to use more than one kind of mapping.

For example I must be redirected to the Portal even if I use http://webserver.com , or even if I use https://webserver.com or even if I use http://webserver.com/irj or https://webserver.com/irj or http://ipaddress-websserver/irj etc

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
‎05-23-2006 10:07 AM
0 Kudos

Hi,

Can I know where I must place this j2ee certificate in apache server?

Regards,

Harish

Show replies
Show replies
Former Member
‎05-24-2006 1:29 PM
0 Kudos

Hi,

I added the things specified by huseyin bilgen.

Now the error log has changed.

It now says-

(20014)Error string not specified: proxy :pass request body failed to server

Can you please let me know what I must do.

Please also tell me how I must add j2ee engine certificate to the apache.

sslcertificatechain file, what kind of certificate should I put for this.

Please help!

HuseyinBilgen
Active Contributor
‎05-24-2006 3:04 PM
0 Kudos

Hi,

sorry for late answer but have lots of things to do.

Here is the description and way to find the SSL files. We've 3 files;

SSLCertificateFile ssl/CertificateFile

SSLCertificateKeyFile ssl/CertificateKeyFile

SSLCertificateChainFile ssl/CertificateChainFile

If you've PFX file generated from IIS or somewhere else then copy it onto reverseproxy machine and execute the following command;

openssl pkcs12 -in <certificate>.pfx -out pfxoutput.txt

You'll need to enter the password at least once. The first password will be the one you gave during PFX generation.

Load pfxoutput.txt into a text editor and save each certificate as a separate file.

<b>SSLCertificateFile</b>is the certificate which is sent to you by CA, as a response to your request file.

<b>SSLCertificateKeyFile</b> is the one which you have to copy and paste into CertificateKeyFile from pfxoutput.txt

. Copy the content between

-

BEGIN RSA PRIVATE KEY-----

and

-

END RSA PRIVATE KEY-----

into CertificateKeyFile.

Copy all

-

BEGIN CERTIFICATE-----

and

-

END CERTIFICATE-----

sections into CertificateChainFile from pfxoutput.txt. The may be more than one section.

And thats all.

On the other hand let me tell you how we did it.

1. We've created the request file via IIS6.0.

2. Imported the response file came from Globalsign CA into IIS

3. Import Root certificates of Globalsign according to their docs.

4. Export the PFX file and Private Key files via Windows Tools

5. Copy them into Apache Server which is Suse and run it.

I've cheched the contents of each file requested for SSL with the IIS Outputs and openssl outputs and they match.

I mean both procedures are correct.

Hope solves your problem

regards

Former Member
‎05-24-2006 3:39 PM
0 Kudos

I have SSLCertificateFile and

and SSLCertificateKeyFile .

My problem is with regard to ssl/CertificateChainFile?

what is this? Also how do I upload my J2EE Certificate into apache.

The problem is with Apache handshake is not happening.

I am forwarding the entire log during . I have put what I consider important in bold.Please have a look.

<b>----

-

-

</b>

Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1769): OpenSSL: Handshake: start

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: before/connect initialization

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv2/v3 write client hello A

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 7/7 bytes from BIO#629160 [mem: 47855a8] (BIO dump follows)

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 16 03 01 04 1a 02 ...... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1488): | 0007 - <SPACES/NULS>

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 1048/1048 bytes from BIO#629160 [mem: 47855af] (BIO dump follows)

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 00 36 03 01 44 74 67 cb-38 b5 8e 42 3b 59 c3 6c .6..Dtg.8..B;Y.l |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0010: 23 5c 07 d0 8b 24 89 89-11 2e 0d 80 ed 1a 06 ea #
...$.......... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0020: 1d 10 b0 59 10 28 7c b4-02 cb d6 08 a8 e4 ea 5a ...Y.(|........Z |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0030: e5 88 5c 5d 90 00 39 00-0b 00 01 cc 00 01 c9 00 ..
]..9......... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0040: 01 c6 30 82 01 c2 30 82-01 2b a0 03 02 01 02 02 ..0...0..+...... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0050: 04 36 0b 23 72 30 0d 06-09 2a 86 48 86 f7 0d 01 .6.#r0...*.H.... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0060: 01 04 05 00 30 14 31 12-30 10 06 03 55 04 03 13 ....0.1.0...U... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0070: 09 6c 6f 63 61 6c 68 6f-73 74 30 1e 17 0d 30 33 .localhost0...03 |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0080: 31 30 30 32 30 37 32 35-30 30 5a 17 0d 30 35 31 1002072500Z..051 |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0090: 30 30 32 30 37 32 35 30-30 5a 30 14 31 12 30 10 002072500Z0.1.0. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00a0: 06 03 55 04 03 13 09 6c-6f 63 61 6c 68 6f 73 74 ..U....localhost |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00b0: 30 81 9f 30 0d 06 09 2a-86 48 86 f7 0d 01 01 01 0..0...*.H...... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00c0: 05 00 03 81 8d 00 30 81-89 02 81 81 00 ef d6 ff ......0......... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00d0: a6 39 e1 64 a5 d3 fb 16-de 4e ee 1d 81 84 31 bc .9.d.....N....1. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00e0: e6 b7 96 07 3e 81 b9 94-d1 c1 e0 f9 00 3a 84 e8 ....>........:.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00f0: 7a 30 11 cd 41 26 d6 6c-95 90 93 95 17 e0 1a b7 z0..A&.l........ |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0100: 00 0f 59 33 7d 1d f3 a0-83 17 c5 f3 7e b3 ad ed ..Y3}.......~... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0110: c9 60 ac af 9e 31 d2 ec-42 71 f9 c3 98 2e 93 f9 .`...1..Bq...... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0120: 9d c3 c4 3d b3 7d 9b 97-83 1c 6b bd c0 75 cc 96 ...=.}....k..u.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0130: dc b9 a0 1b 00 79 85 e4-19 1f 61 42 54 db 91 94 .....y....aBT... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0140: d8 1d 72 13 08 36 22 49-3b fb 05 dc 33 02 03 01 ..r..6"I;...3... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0150: 00 01 a3 21 30 1f 30 1d-06 03 55 1d 0e 04 16 04 ...!0.0...U..... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0160: 14 ed ed 02 af 94 13 59-1c 42 e6 69 40 e5 80 dd .......Y.B.i@... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0170: a4 e9 33 91 02 30 0d 06-09 2a 86 48 86 f7 0d 01 ..3..0...*.H.... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0180: 01 04 05 00 03 81 81 00-2c 22 08 bd 71 b6 80 43 ........,"..q..C |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0190: 5a 2a 8b e8 62 34 b4 b4-84 8a 47 4b 97 5e bf dd Z*..b4....GK.^.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01a0: 17 4c 0a 1c b7 0e cd c5-d1 cc d8 77 cd 38 10 ef .L.........w.8.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01b0: 22 02 f0 02 7f a2 39 2b-53 eb 31 b6 18 49 37 a0 ".....9+S.1..I7. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01c0: 50 47 f2 34 ab 33 eb 5f-ec 5a f9 f7 53 5f 27 eb PG.4.3._.Z..S_'. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01d0: 02 7f b4 28 3e e8 b1 c7-59 df 2c 93 25 c5 34 14 ...(>...Y.,.%.4. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01e0: 7a 34 7c 45 b4 eb 6b 34-93 26 98 51 37 d3 e6 b0 z4|E..k4.&.Q7... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01f0: 7f 83 e3 a9 04 d3 47 b3-3d de 43 57 27 45 82 c0 ......G.=.CW'E.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0200: 4d 48 bf c0 a7 2f 66 0c-0c 00 02 08 00 80 af 76 MH.../f........v |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0210: 1f f5 f6 48 a0 01 0f ed-55 4c 53 9a 7c 07 7a ba ...H....ULS.|.z. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0220: c7 9d 77 e8 8b c7 66 8f-80 03 18 c5 1f 4f 2a a0 ..w...f......O*. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0230: 08 6f 9f e3 13 94 30 56-e7 2f 96 7c 26 97 ba 12 .o....0V./.|&... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0240: aa fd 3e 43 e1 46 c2 d1-32 94 56 45 52 c0 24 6f ..>C.F..2.VER.$o |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0250: 38 e0 93 0f 3a f8 0a 7c-41 0e 4c 54 4f 5a 7e d4 8...:..|A.LTOZ~. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0260: 62 e6 71 cd a0 dc 1e 9b-17 e5 10 71 3c 9d c6 39 b.q........q<..9 |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0270: 05 50 b6 15 37 0b 68 4f-24 50 74 47 13 1c 74 d8 .P..7.hO$PtG..t. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0280: 81 27 81 71 3a 4a c5 26-7d b8 e6 21 b3 d9 00 80 .'.q:J.&}..!.... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0290: 4f 6f 5d e6 2d dc 77 46-e6 77 b1 94 3d 65 5b b0 Oo].-.wF.w..=e[. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02a0: 3d 39 7a 6c a2 c7 0b e3-27 08 fa 48 8d 75 1a fe =9zl....'..H.u.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02b0: 32 e6 13 d1 31 65 7d d5-11 34 21 78 38 d1 11 fb 2...1e}..4!x8... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02c0: ea 59 8e 24 79 5a 4b c2-f7 98 22 51 9f a7 4d 2b .Y.$yZK..."Q..M+ |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02d0: 15 98 fe d4 43 4b 34 25-b3 9b b3 ae 57 d1 ea 69 ....CK4%....W..i |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02e0: 6e 02 7e 61 d7 80 b6 73-6a 3e ac eb 69 38 67 8f n.~a...sj>..i8g. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02f0: a9 2a dc 93 3d 22 f3 6e-6a 5d 51 1f b1 b1 10 5e .*..=".nj]Q....^ |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0300: 82 28 48 0d 5a 78 f8 17-61 e0 c5 43 61 7a 42 6a .(H.Zx..a..CazBj |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0310: 00 80 42 fa 7e 11 b2 77-3a 8c de f1 52 5a e1 18 ..B.~..w:...RZ.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0320: d4 e7 8f ee 2c e0 06 ef-d5 37 87 62 07 14 d1 5a ....,....7.b...Z |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0330: ca 30 be fd dd 76 47 8f-ed f4 5f f3 64 6c 32 a9 .0...vG..._.dl2. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0340: d5 07 e2 9b f1 29 a3 bf-33 4a ed 72 6b 2e c3 0f .....)..3J.rk... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0350: 30 bd 13 a1 42 d8 f7 1d-58 8a 1c 53 d6 c3 c8 6e 0...B...X..S...n |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0360: 0e 51 e3 f5 a0 37 68 0d-04 c6 0e c4 4d cc ed 7c .Q...7h.....M..| |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0370: ef 8f 81 b3 52 34 0c 60-eb f8 01 19 cc 95 31 55 ....R4.`......1U |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0380: 7d 16 bf 0c df b8 e0 3d-8f 7c 7a 4a 64 98 93 59 }......=.|zJd..Y |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0390: eb ae 00 80 ef cb bc 38-ab 16 0e a2 b2 2d fa 0f .......8.....-.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03a0: da 55 2d 67 a8 b8 34 1b-bf 39 d9 d6 da 65 f2 8f .U-g..4..9...e.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03b0: 6f a2 b1 1d db bb d5 dd-ab cf 9e 63 00 e4 57 a5 o..........c..W. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03c0: 18 4a dc 60 b0 97 5d 67-34 96 bf a2 43 2b 7d 70 .J.`..]g4...C+}p |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03d0: d6 99 d2 31 d2 11 f4 f2-19 b8 0c 41 7d bf b1 7c ...1.......A}..| |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03e0: fb 31 cb 3e c2 0a e2 26-1a 7e 63 50 9b 62 c3 82 .1.>...&.~cP.b.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03f0: ca cd 36 82 0c 56 5f 26-f6 cc c6 6f 03 92 cc f5 ..6..V_&...o.... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0400: 6b 55 1a d6 92 f9 5b 59-18 c2 62 21 eb d8 a4 ea kU....[Y..b!.... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0410: fd b6 3e f7 0e ..>.. |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1488): | 1048 - <SPACES/NULS>

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server hello A

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server certificate A

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server key exchange A

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server done A

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write client key exchange A

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write change cipher spec A

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write finished A

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 flush data

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 5/5 bytes from BIO#629160 [mem: 47855a8] (BIO dump follows)

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 15 03 01 00 02 ..... |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 2/2 bytes from BIO#629160 [mem: 47855ad] (BIO dump follows)

Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 02 28 .( |

[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1782): OpenSSL: Read: SSLv3 read finished A

[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1801): OpenSSL: Exit: failed in SSLv3 read finished A

[Wed May 24 07:03:54 2006] [info] SSL Proxy connect failed

[Wed May 24 07:03:54 2006] [info] SSL Library Error: 336151568 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

[Wed May 24 07:03:54 2006] [info] Connection to child 249 closed with abortive shutdown(server apacheserver:443, client j2eeserver)

[Wed May 24 07:03:54 2006] [error] (20014)Error string not specified yet: proxy: pass request body failed to j2eeserver:50001 (j2eeserver)

[<b>Wed May 24 07:03:54 2006] [error] (20014)Error string not specified yet: proxy: pass request body failed to j2eeserver:50001 (j2eeserve) from apacheserver ()

[Wed May 24 07:04:10 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O error, 5 bytes expected to read on BIO#612610 [mem: 62ac80]

[Wed May 24 07:04:10 2006] [info] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : SSL input filter read failed.

[Wed May 24 07:04:10 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Write: SSL negotiation finished successfully

[Wed May 24 07:04:10 2006] [info] Connection to child 249 closed with standard shutdown(server apacheserver:443, client apacheserver)

</b>

Former Member
‎05-23-2006 8:37 AM
0 Kudos

Hi

Piyush not able to open the sap note link.I get acccess denied.I have any way followed the steps in the second blog for ssl.

Huseyin,

I have activated the ssl url of the Portal in visual admin and I am able to access it- https://portaladdress:50001/irj

What is CertificateChainFile. I dont have this entry.

Do I have to make any other configurarion in apache server.

Also I am make port mapping in http provider of j2ee engine in order to mask the Portal Url.

Is there something else I can do without making port mapping in j2ee.

I had followed the procedure in the second blog listed above.

Regards,

Harish

Show replies
Show replies
HuseyinBilgen
Active Contributor
‎05-23-2006 8:44 AM
0 Kudos

Hi,

give me an email address and I"ll send you a SAP Guide related to this subject 'Apache Reverse Proxy Configuration

for J2EE 6.20 & 6.40 Web Applications'

Former Member
‎05-23-2006 8:47 AM
0 Kudos

Hi ,

I have sent u an email, let me know in case u have receieved my mail id.

You can send me to that id or the email id on my business card.

Regards,

Harish

Former Member
‎05-23-2006 8:57 AM
0 Kudos

Hi Harish,

What port is enabled for https in your http provider ?

Regards,

Piyush

Former Member
‎05-23-2006 8:59 AM
0 Kudos

50001

Former Member
‎05-23-2006 9:06 AM
0 Kudos

So your https port works fine but you are presented with a certificate while accessing at this port ?

If yes, that means you will have to export the j2ee ssl certificate and then import it on Apache. I guess that step is missing. This is basically used for SSL Handshake between Apache (client in this case) and J2EE Engine(server).

Regards,

Piyush

ps: please mark for useful answers

HuseyinBilgen
Active Contributor
‎05-23-2006 8:19 AM
0 Kudos

Hi Harish,

ENABLE PORTAL FOR SSL

-

-

1. If you use J2SE 1.4 or higher, then you also have to install and use the unlimited

strength jurisdiction policy files from your J2SE vendor to be able to use the strong

cryptography functions used by the Secure Storage and SSL Provider services.

(Per default, only limited policy files are delivered with the J2SE 1.4 packages.)

http://java.sun.com/j2se/1.4.2/download.html -> Other Downloads -> Java Cryptography Extension (JCE)

Unlimited Strength Jurisdiction Policy Files 1.4.2

- download file

- extract file

- copy local_policy.jar and US_export_policy.jar into C:j2sdk1.4.2_08jrelibsecurity

2. Download SAP Cryptographic Toolkit from service.sap.com/swdc -> Download -> SAP Cryptographic Software ->

SAP JAVA CryptoToolkit (J2EE Engine as of Release 6.30)

- Unpack SAP JAVA CryptoToolkit

- Using the SDM Remote GUI, connect to the SAP J2EE Engine and deploy the SAP Java

Cryptographic Toolkit SDA that applies to your J2SE version (1.3.x or 1.4.x) and

deploy archive.

- You can now change the startup mode for the SSL Provider so that it automatically

starts when the server is started. Use the Configuration Adapter in the Visual Administrator

and set the startup mode to Always instead of Manual.

Changing the Startup Mode for the SSL Provider Locate the document in its SAP Library structure

1. Choose Server ® Services ® Configuration Adapter.

2. Expand Configurations ® cluster_data ® :50001/irj/portal

ENABLE APACHE REVERSEPROXY TO SUPPORT SSL

-

-

#Reverse Proxy Settings

ServerName :50001/irj/$1

RewriteRule ^/webdynpro/(.*) https://:50001/webdynpro/$1

RewriteRule ^/logon/(.*) https://:50001/logon/$1

ErrorLog logs/EP.80.error.log

CustomLog logs/EP.80.custom.log common

:50001/irj/$1

RewriteRule ^/webdynpro/(.*) https://:50001/$1

RewriteRule ^/logon/(.*) https://:50001/logon/$1

ErrorLog logs/EP.443.error.log

CustomLog logs/EP.443.custom.log common

</VirtualHost>

hope helps.

Show replies
Show replies
Former Member
‎05-23-2006 7:39 AM
0 Kudos

Hi Harish,

have you activated the ssl provider in the j2ee engine? (via visual admin) the startup mode is by default set to manual start, so you should change it to start always.

Regards,

Pascal

Show replies
Show replies
Former Member
‎05-23-2006 6:39 AM
0 Kudos

Hi Harish,

you can go through these weblogs.

SAP Note

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes/ep/~form/handler

Regards,

Piyush

ps: please award points if useful.

Show replies
Show replies
Ask a Question