1. Security Administration Guide
  2. Configuring SSL for Server Manager Console and Server Manager Agents

Configuring SSL for Server Manager Console and Server Manager Agents

Enable SSL for the Server Manager Console and Server Manager agents.

To enable SSL for the Server Manager Console, you must obtain and install CA Certificates on the Oracle WebLogic Server machine where Server Manager Console is installed. See Obtaining and Installing CA Certificates on WebLogic Server in this chapter for details.

To enable SSL for Server Manager agents, import the Server Manager Console certificate into each Server Manager Agent Truststore/Keystore:

  1. Export the Server Manager Console certificate to a file using these steps:

    1. From the browser, click the lock icon on the left hand side of the URL of the HTTPS/SSL based Server Manager Console URL.

    2. Click Certificate Information.

    3. Go to the Details tab and select the Copy to File option.

    4. Click Next.

    5. Select DER encoded binary X.509 (.CER) format.

    6. Click Next.

    7. Enter file information.

    8. Click Next.

    9. Click Finish.

      If configured correctly, an "Export is Successful" message appears.

    10. You can view the certificate in the path given in the above step.

  2. Import the Certificate into the Truststore/Keystore of each of the Server Manager Agents (cacerts file of X:\jde_home_1\SCFHA\jdk\jre\lib\security\cacerts file).

    Caution: Before performing the import, back up the cacerts file located at X:\jde_home_1\SCFHA\jdk\jre\lib\security\<cacertsfile>.

  3. Import the Certificate using the keytool command, for example:

    >keytool -import -alias <your_alias> -file <cert_file> -keystore <keystore location>

    This is the syntax to import the Certificate file on a Windows platform. Use the appropriate command to perform this step on Linux/UNIX/AS400 platforms and also for Server Manager Agents installed on these platforms.

    When prompted for whether you trust the Certificate, answer Yes.

  4. If the default password for cacerts file has been changed, then use the appropriate password.

  5. After this step, restart the Server Manager Agent.

    Perform this step on each of the Server Manager Agent machines. Without this step, the Server Manager Agent may not be able to communicate with the Server Manager Console.

  6. Sign in to Server Manager Console to verify the connections.

    This completes the configuration required for running the Server Manager Console on Oracle WebLogic Server with HTTPS/SSL enabled and completes the importing of the certificate on the Server Manager Agents.