Oracle® Application Server Certificate Authority Administrator's Guide
10g Release 2 (10.1.2) B14080-02 |
|
Previous |
Next |
Secure processes protected behind a firewall, like OracleAS Certificate Authority, can still serve customers outside the firewall by using a proxy server.
This intermediary server securely intercepts all user requests for certificate services and forwards them to OracleAS Certificate Authority. The proxy server uses only two ports: port 443 (for SSL communications) and port 80 (for non-SSL communications).
Since OracleAS Certificate Authority has two virtual hosts, one for server authentication and one for mutual authentication, two proxy servers are required, as illustrated by the following example:
Example F-1 Proxy Server Example
A proxy server for server authentication could use this URL:
https://myproxy_server1.acme.com
(with default SSL port 443)
which maps to
https://myoca.acme.com:6600
(server authentication)
A second proxy server, for mutual authentication, could use this URL:
https://myproxy_server2.acme.com (with default SSL port 443)
which maps to
https://myoca.acme.com:6601 (mutual authentication)
This Appendix explains how you enable OracleAS Certificate Authority to support proxy servers and how to map a proxy server to an OracleAS Certificate Authority virtual host.
The following steps enable OracleAS Certificate Authority to support proxy servers:
Log on to the database as an OracleAS Certificate Authority user.
Run script $ORACLE_HOME/oca/sql/ocabigipon.sql
.
Enter the proxy server's hostname and SSL port that maps to the OracleAS Certificate Authority mutual authentication port (in Proxy Server Example, it's myproxy_server2.acme.com and port 443)
Map the proxy server to the OracleAS Certificate Authority virtual host.