Weblogic AdminServer with SSL configurations

Steps to enable SSL configurations for all Admin Server tasks: 

 1) Enable SSL port using weblogic Admin console
       Home >Summary of Servers >adminserver > General > SSL Listen Port Enabled

2) Upload the custom SSL keystore certificate in Keystores tab section:

      Keystores: Custom Identity and Custom Trust
      Custom Identity Keystore: <path to keystore>
      Custom Identity Keystore Passphrase: <password>

3) Update the Truststore alias and passwords in SSL tab section

     Identity and Trust Locations: Keystore
     Private Key Location: from Custom Identity Keystore
     Private Key Alias: <alias name>
     Private Key Passphrase: <password>

4) Update the custom wlctl or WLST command scripts to use SSL protocol instead of non-ssl protocol.
     -Dweblogic.security.TrustKeyStore=CustomTrust  
     -Dweblogic.security.CustomTrustKeyStoreType=JKS  
     -Dweblogic.security.SSL.ignoreHostnameVerification=true  
     -Dweblogic.security.TrustKeystoreType=CustomTrust 
     -Dweblogic.security.CustomTrustKeyStoreFileName=<path to keystore> 
     -Dweblogic.security.CustomTrustKeystorePassPhrase=<password>


Example weblogic deployer command:

  export WL_HOME=/data/apps/weblogic/
  source $WL_HOME/user_projects/domains/basedomain/bin/setDomainEnv.sh
  source $WL_HOME/server/bin/setWLSEnv.sh
java  -Dweblogic.security.TrustKeyStore=CustomTrust  - Dweblogic.security.CustomTrustKeyStoreType=JKS  -Dweblogic.security.SSL.ignoreHostnameVerification=true  -Dweblogic.security.TrustKeystoreType=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/data/apps/weblogic/keystore/.keystore -Dweblogic.security.CustomTrustKeystorePassPhrase=test123 weblogic.Deployer -adminurl t3s://localhost:8001  -user weblogic -password Admin123 -deploy -name services -targets managedserver1 -source /data/apps/weblogic/ear/services.ear



Comments

Post a Comment

Popular posts from this blog

Weblogic 12c & Apache 2.4 troubleshooting

Error -   libonssys.so: cannot open shared object file : httpd: Syntax error on line 355 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /data/apps/apache2/conf.d/vhost.conf: Cannot load /etc/httpd/modules/mod_wl_24.so into server: libonssys.so: cannot open shared object file: No such file or directory Solution: 1) Copy all supported  Download Oracle WebLogic Web Server Plug-Ins 12c from Oracle website : http://www.oracle.com/technetwork/middleware/webtier/downloads/index-jsp-156711.html Extract the downloaded archive and find (correct file according to your architecture) mod_wl_24.so (This is for Apache2.4.x) & libonssys.so & libonsssl.so & libdms2.so copy into /etc/httpd/modules/ folder. 2) Set the  LD_LIBRARY_PATH inside the  /etc/sysconfig/httpd file.  echo $ LD_LIBRARY_PATH first and copy paste the same in httpd file along with  /etc/httpd/modules location. Example in my case: File:  /etc/syscon...
Read more

Enabling WL-Proxy-SSL HTTP header in WebLogic

Scenario : Weblogic server will be always behind the LoadBalancer or Apache layer. Most of the time the SSL's will be either offloaded in LoadBalancer or Apache layer.  To construct applicaitons URL's with the right protocol will be a challenge while using weblogic as application server.  To achieve this scenario we have to enable  WL-Proxy-SSL and WebLogic Plug-In Enabled. Solution: - Update the LoadBalancer configurations/iRules to set the RequestHeader WL-Proxy-SSL to  true . - Follow the below steps to set the WebLogic 'Plugin Enabled' flag to Yes. (Following steps are based on the weblogic version 12.1.2)    - Login into weblogic console    - Click on Lock & Edit button     - Click on the domain name    - Under Configurations tab go to "Web Applications" sub tab    - Select the check box "WebLogic Plugin Enabled" and click "save" button    - Finally click on "Activate C...
Read more