Skip to Main Content

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Enabling Client Authentication with Certificates on HTTP Server

668253Jan 11 2009 — edited Feb 11 2009
I have a problem with enabling client authentication on http server of oracle application server 10.1.3.4.
In my SSL.CONF file in APACHE/APACHE/CONF I have:
+<Location /newService>+
SSLRequireSSL
+</Location>+

The service works with my browser and my proxy (in jdeveloper) which is alright.

When I add this directive: +'SSLVerifyClient require'+
It says 'SSL peer cannot verify your certificate' in my broswer and returns an error to my code: SOAPException: Bad response: 405 Method Not Allowed

It is ok too because probably it does not recognize my certificate. Now I want to add the certificate to the trusted ones.
When I use this directive:
SSLCACertificateFile conf/ssl.wlt/mywallet/ca.crt

the server does not get restarted and in the logs it says:
Invalid command 'SSLCACertificateFile', perhaps mis-spelled or defined by a module not included in the server configuration

Why some of the APACHE directives do not work for OHS? How can I introduce my certificate to the server?
What is the standard way to enable client authentication? Am I doing something wrong?
(I also tried Require valid-user,AuthType Cert,...).Can I alternatively use OC4J SSL?

Thank you.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 11 2009
Added on Jan 11 2009
17 comments
7,257 views