Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Shield Issue in chrome and FF after OAM protection

2844987Sep 17 2015 — edited Oct 15 2015

Hi,

We have protected application1 and application2 using OAM 11gR2. OHS is acting as front end webserver. Application2(http) is accessed as iFrame within application1(https). In chrome browser, when app2 is accessed with in app1 , we are seeing shield icon at top right corner with warning as "load unsafe script". While digging into the issue, we found that OHS is doing reverse proxy to load balancer URL of app2 on http.

ProxyPass / http://app2.mycompany.com/
ProxyPassReverse / http://app2.mycompany.com/

I asked F5 team to make load balancer URL on https and I downloaded the certificate from browser and copied the certificate to folder on OHS Server. Using Oracle Wallet Manager I created wallet and imported the certificate to wallet. And then I modified custom config file with below settings.

ProxyPass / https://app2.mycompany.com/

ProxyPassReverse / https://app2.mycompany.com/

SSLProxyCipherSuite ALL:!ADH:!EXPORT56:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

SSLProxyWallet file:D:\certs

SSLProxyEngine on

But while testing we are getting handshake errors on OHS logs.

[2015-06-30T12:41:43.3524-07:00] [OHS] [ERROR:32] [OHS-2077] [core.c] [host_id: vsvomwsQA02] [host_addr: xx.xx.xx.xx] [tid: 5520] [user: SYSTEM] [ecid: 00iU5UhgPHOFw00Fzzw0w00000s0000004] [rid: 0] [VirtualHost: app1.mycompany.com:80] nzos proxy handshake error, nzos_Handshake returned 29024

[2015-06-30T12:41:43.3524-07:00] [OHS] [ERROR:32] [OHS-2171] [core.c] [host_id: vsvomwsQA02] [host_addr: xx.xx.xx.xx] [tid: 5520] [user: SYSTEM] [ecid: 00iU5UhgPHOFw00Fzzw0w00000s0000004] [rid: 0] [VirtualHost: app1.mycompany.com:80] NZ Library Error: Invalid X509 certificate chain [Hint: the client probably doesn't provide a valid client certificate]

[2015-06-30T12:41:43.3524-07:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [host_id: vsvomwsQA02] [host_addr: xx.xx.xx.xx] [tid: 5520] [user: SYSTEM] [ecid: 00iU5UhgPHOFw00Fzzw0w00000s0000004] [rid: 0] [VirtualHost: app1.mycompany.com:80] (20014)Internal error: proxy: pass request body failed to xx.xxx.xxxx.xxxx:443 app2.mycompany.com)

Any help is highly appreciated.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Nov 12 2015
Added on Sep 17 2015
#identity-management, #identity-manager
8 comments
1,062 views