SSL Configuration in Clustered environment

Question

We have an Oracle application (Agile PLM) which is deployed in a clustered environment. We have one admin node and two managed nodes supporting our application, where admin and 1 managed nodes are on the same server. We also have Load balancer which manages the traffic between the cluster.

We want to configure SSL in our application so that the application URL will be accessible over https only. We have already configured SSL at Load Balancer level(by installing security certificates in weblogic server which is the admin server) but want to know if we have to configure SSL on the managed server as well or bringing Load Balancer on https is sufficient?

All the users access the application using the Load Balancer URL only but since I am from the development team, so is only aware of the fact that we can also connect to the application with Managed server URLs, which are still running on http. Is it must to bring Managed servers also on https or it is just a good practice but not necessary?

The good question is "is it a business or security requirement" to encrypt all the http traffic between the front-end and WebLogic servers ? — Emmanuel Collin, Nov 25 '19 at 09:03

score 0 · Answer 1 · answered Nov 22 '19 at 22:44

It's not necessary, though probably a good practice.

I believe I have read in Oracle's installation guide that the recommended way is HTTP on the managed servers and terminating SSL on the load balancer. This may have changed.

For what it's worth, I leave HTTP on the managed servers.

SSL Configuration in Clustered environment

1 Answers1