I recently had to revisit the subject of SSL offloading and WebLogic server to include the ability to do client certificate authentication. I was specifically doing this for use with Oracle Access Manager 11g, but the configuration steps are identical whether you are using OAM or just WebLogic.
Just to redraw the diagram so we're all on the same page, this is what a real environment with OAM in it might look like:
Note that I put "Apache" in front of the OAM server. That could be Apache, IIS, OHS or indeed any web server. In my case I happened to use Apache but the configuration is the same for Apache or OHS.
The first thing I had to do was configure Apache to support SSL. I'll leave that step up to you - just follow the normal instructions for your web server. Then I created a new VirtualHost for :443 that looks like this:
<VirtualHost *:443> ServerName linux.ktest.oracleateam.com SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /home/oracle/simpleCA/linux.ktest.oracleateam.com.crt SSLCertificateKeyFile /home/oracle/simpleCA/linux.ktest.oracleateam.com.key <LocationMatch ^/oam/server/.*> SetHandler weblogic-handler </LocationMatch> <LocationMatch ^/oam/CredCollectServlet/X509.*> SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile /home/oracle/simpleCA/ca.crt SSLOptions +StdEnvVars +ExportCertData </LocationMatch> </VirtualHost>
There are a couple of interesting things in there.
That's all the configuration you need to do in Apache (or OHS). Now you need need to do a couple of steps inside WebLogic.
To reiterate where those are - go to the WebLogic Console (http://localhost:port/console), click on the domain name inside the left hand navigation tree, then click the Web Applications tab. You should find both of those settings towards the bottom of the screen.
That should be all you need to do.