BEA WebLogic, Virtual Vault and SSL

Discussions

Performance and scalability: BEA WebLogic, Virtual Vault and SSL

  1. BEA WebLogic, Virtual Vault and SSL (4 messages)

    We are looking for any info on how to create the safe (SSL) connection between HP Virtual Vault (with iPlanet Web Server inside) and the cluster of BEA WebLogic servers (version 5.1). Information from multiple sources are different (some people say it's possible, some disagree).

    Thanx in advance

    Wojtek

    Threaded Messages (4)

  2. I don't know anything about virtual vault at all BUT --

    if you just have the "typical" scenario of

    browser client -> Netscape Iplanet -> WebLogic Cluster

    then you can definitely have SSL communication between Netscape IPlanet and your WebLogic cluster.


    You've probably heard different answers because this is a relatively new feature that was added to WebLogic, so there is some confusion. For a long time, you could only have SSL communication between the browser and IPlanet, and cleartext between IPlanet and WebLogic. The IPlanet certificates are proprietary, and specific, to IPlanet, so there is no way that BEA could use those same certificates to establish an SSL connection between the proxy and WebLogic.

    What BEA has done to get around this is to have the plugin module that resides on IPlanet, load WebLogic-specific certificates, so that a separate SSL connection, using different certificates, is then established between the proxy server and WebLogic on the backend. This feature was added in some service pack for WebLogic 5.1 -- I'm not sure which service pack -- but I am sure that if you are using the plug-in from service pack 9 (the most recent service pack) then this feature will definitely be available.

    So essentially you then have:

    SSL connection #1 -- browser client using Netscape keys and certificates to create a secure connection to iPlanet
    SSL connection #2 -- iPlanet acting as a client to WebLogic, using WebLogic keys and certificates to create a secure connection to WebLogic on the backend.

    Keep in mind performance for this setup is going to be pretty wretched. SSL is not exactly fast. Having cleartext communication on the backend helps performance quite a bit. But if you place a real premium on security, this solution may still be worth your examination.

    Also check out:
    http://www.weblogic.com/docs51/admindocs/nsapi.html


    Hope this helps.

    Joe Jerista
    BEA/WebLogic Support staff
  3. Thanks for the answer. That's what I was looking for.
  4. BEA WebLogic, SSL and iPlanet[ Go to top ]

    We are establishing one Evn. Use iPlanet as webservr , Weblogic 6.0 acts Appliction.I met the same question about u mention it . i don't know how to create a ssl between iPlanet with Weblogic.
    I must show, our jsp and servlet is runing on the Weblogic, iPlanet only proxy request to weblogic.I have two question

    1. if my env like above , how does i establish SSL, and how many i buy Certifacatis from CA. if only need one , which one manager it . is webserver or Appserver?
    2. Now i only seccess for proxying jsp to weblogic , i don't know how does proxy servlet to Weblogic too. i have read the nsapi.html, but it is not refer it

    Thanks Advance

  5. hiiiiiii[ Go to top ]

    hiiiiiiii