Additional JVM Arguments
Additional JVM Arguments that are required to support Java 8 Update 201 and later (and equivalent Java 7 releases) are as follows (where this command is a single contiguous command line with no line breaks or carriage returns):
-Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.ssl.keyStore=C:\certs\keystore.jks
-Djavax.net.ssl.keyStorePassword=<key_store_password>
-Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyPassword=<key_password>
-Djavax.net.ssl.trustStore=C:\Java64\jdk1.8.0_201\jre\lib\security\cacerts
-Djavax.net.ssl.trustStorePassword=<trust_store_password>-Djavax.net.ssl.trustStoreType=JKS
-Dweblogic.http.headers.enableHSTS=true
In the argument, replace the values that look like <password>
with
the actual password.
The functions of the additional JVM Arguments are:
Additional JVM Argument |
Value |
Function |
---|---|---|
|
|
This sets the TLS version for JMX Communication to 1.2. |
|
This sets the TLS version for JMX Communication to 1.3. |
|
- |
|
This is the location of the Identity store or Keystore file that contains the private key. |
- |
|
This is the passphrase for the Identity store or Keystore file. |
- |
|
This is the format of the Identity store or Keystore file; formats include JKS, PKCS12, and PEM. |
- |
|
This is the passphrase for the private key stored in the Identity store or Keystore file. |
- |
|
This is the location of the Truststore of jre (Java Runtime Environment) that contains all the public keys. Typically, the Truststore is at located at $jdk/jre/lib/security/cacerts. |
- |
|
This is the passphrase for the Truststore file. |
- |
|
This is the format of the Truststore file; formats include JKS, PKCS12, and PEM. |
- |
|
This setting enables the WebLogic Server to send the HSTS header. |
Additional JVM Arguments that are required to support Java 8 Update 201 and later and TLS 1.2 and later are as follows (where this command is a single contiguous command line with no line breaks or carriage returns:
<server Instance name>.javax.net.ssl.trustStoreType=JKS
<server Instance name>.javax.net.ssl.keyStore=/u01/Middleware12214/oracacert/ keystore.jks
<server Instance name>.jdk.tls.client.protocols=TLSv1.2
<server Instance name>.javax.net.ssl.keyPassword=<key_password>
<server Instance name>.javax.net.ssl.trustStore=/u01/jde_agent /SCFHA/jdk/jre/lib/security/cacerts
<server Instance name>.javax.net.ssl.trustStorePassword=<trust_store_password>
<server Instance name>.javax.net.ssl.keyStorePassword=<key_store_password>
<server Instance name>.javax.net.ssl.keyStoreType=JKS
<server Instance name>.javax.net.ssl.enableHSTS=true
In the argument, replace the values that look like <password> with the actual password and <server Instance name > with the BSSV or RTE instance name. These JVM Arguments update the agent.properties file of the embedded agent ($SCFHA/config/agent.properties) and these are required for Healthcheck to work.
The functions of the additional JVM Arguments are as explained in the table at the beginning of this section.