Skip Headers
Oracle® Application Server Certificate Authority Administrator's Guide
10g Release 2 (10.1.2)
B14080-02
  Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
Next
Next
 

F External Access to Protected OracleAS Certificate Authority

Secure processes protected behind a firewall, like OracleAS Certificate Authority, can still serve customers outside the firewall by using a proxy server.

This intermediary server securely intercepts all user requests for certificate services and forwards them to OracleAS Certificate Authority. The proxy server uses only two ports: port 443 (for SSL communications) and port 80 (for non-SSL communications).

Since OracleAS Certificate Authority has two virtual hosts, one for server authentication and one for mutual authentication, two proxy servers are required, as illustrated by the following example:

Example F-1 Proxy Server Example

A proxy server for server authentication could use this URL:

https://myproxy_server1.acme.com (with default SSL port 443)

which maps to

https://myoca.acme.com:6600 (server authentication)

A second proxy server, for mutual authentication, could use this URL:

https://myproxy_server2.acme.com (with default SSL port 443)

which maps to

https://myoca.acme.com:6601 (mutual authentication)

This Appendix explains how you enable OracleAS Certificate Authority to support proxy servers and how to map a proxy server to an OracleAS Certificate Authority virtual host.

F.1 Enabling OracleAS Certificate Authority to Support Proxy Servers

The following steps enable OracleAS Certificate Authority to support proxy servers:

  1. Log on to the database as an OracleAS Certificate Authority user.

  2. Run script $ORACLE_HOME/oca/sql/ocabigipon.sql.

  3. Enter the proxy server's hostname and SSL port that maps to the OracleAS Certificate Authority mutual authentication port (in Proxy Server Example, it's myproxy_server2.acme.com and port 443)

  4. Map the proxy server to the OracleAS Certificate Authority virtual host.

F.2 Disabling OracleAS Certificate Authority's Support for Proxy Servers

The following steps disable OracleAS Certificate Authority's support for proxy servers:

  1. Log on to the database as OracleAS Certificate Authority user.

  2. Run script $ORACLE_HOME/oca/sql/ocabigipoff.sql.