Administration Console Online Help

    Previous Next  Open TOC in new window 
Content starts here

Set up SSL

Before you begin

Configure the identity and trust keystores for WebLogic Server. See Configure identity and trust.

Secure Sockets Layer (SSL) provides secure connections by allowing two applications connecting over a network connection to authenticate the other's identity and by encrypting the data exchanged between the applications. Authentication allows a server and optionally a client to verify the identity of the application on the other end of a network connection. Encryption makes data transmitted over the network intelligible only to the intended recipient.

WebLogic Server supports SSL on a dedicated listen port which defaults to 7002. To establish an SSL connection, a Web browser connects to WebLogic Server by supplying the SSL listen port and the HTTPs protocol in the connection URL, for example, https://myserver:7002. See Configuration Options.

SSL can be configured one-way or two-way:

To configure SSL:

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane of the Console, expand Environment and select Servers.
  3. Click the name of the server for which you want to configure SSL.
  4. Select Configuration > SSL page, and choose the location of identity (certificate and private key) and trust (trusted CAs) for WebLogic Server. See Configuration Options.
  5. Set SSL attributes for the private key alias and password. See Configuration Options.
  6. At the bottom of the page, click Advanced.
    1. Choose whether to use the default host name verifier, configure a custom host name verifier, or turn off host name verification. See Using Host Name Verification.
    2. Indicate the number of times WebLogic Server can use an exportable key between a domestic server and an exportable client before generating a new key.

      The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.

    3. Optionally, enable two-way SSL. See Configure two-way SSL.
    4. Specify the inbound and outbound SSL certificate validation methods. These options are available:

      Builtin SSL Validation Only: Uses the built-in trusted CA-based validation. This is the default.

      Builtin SSL Validation and Cert Path Validators: Uses the built-in trusted CA-based validation and uses configured CertPathValidator providers to perform extra validation.

      See Using Certificate Lookup and Validation Providers.

  7. Click Save.
  8. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
    Not all changes take effect immediately—some require a restart (see Use the Change Center).

After you finish

All the server SSL attributes are dynamic; when modified via the Console, they cause the corresponding SSL server or channel SSL server to restart and use the new settings for new connections. Old connections will continue to run with the old configuration. To ensure that all the SSL connections exist according to the specified configuration, you must reboot WebLogic Server.

Use the Restart SSL button on the Control: Start/Stop page to restart the SSL server when changes are made to the keystore files and need to be applied for subsequent connections without rebooting WebLogic Server. See Restart SSL.

Related Tasks

Related Topics

  Back to Top