Oracle® Application Server Certificate Authority Administrator's Guide
10g Release 2 (10.1.2) Part No. B14080-01 |
|
![]() Previous |
![]() Next |
Secure processes protected behind a firewall, like OCA, can still serve customers outside the firewall by using a proxy server.
This intermediary server securely intercepts all user requests for OCA services and forwards them to OCA. The proxy server uses only two ports: port 443 (for SSL communications) and port 80 (for non-SSL communications).
Since OCA has two virtual hosts, one for server authentication and one for mutual authentication, two proxy servers are required, as illustrated by the following example:
Example F-1 Proxy Server Example
A proxy server for server authentication could use this URL:
https://myproxy_server1.acme.com (with default SSL port 443)
which maps to
https://myoca.acme.com:4400 (server authentication)
and
A second proxy server, for mutual authentication, could use this URL:
https://myproxy_server2.acme.com (with default SSL port 443)
which maps to
https://myoca.acme.com:4401 (mutual authentication)
This Appendix explains how you enable OCA to support proxy servers and how to map a proxy server to an OCA virtual host.
The following steps enable OCA to support proxy servers:
Log on to the database as an OCA user.
Run script $ORACLE_HOME/oca/sql/ocabigipon.sql.
Enter the proxy server's hostname and SSL port that maps to the OCA mutual authentication port (in Proxy Server Example, it's myproxy_server2.acme.com and port 443)
Map the proxy server to the OCA virtual host.