1. Server Manager Guide
  2. Additional JVM Arguments

Additional JVM Arguments

Additional JVM Arguments that are required to support Java 8 Update 201 and later (and equivalent Java 7 releases) are as follows (where this command is a single contiguous command line with no line breaks or carriage returns):

-Djdk.tls.client.protocols=TLSv1.2 -Djavax.net.ssl.keyStore=C:\certs\keystore.jks -Djavax.net.ssl.keyStorePassword=<key_store_password> -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyPassword=<key_password> -Djavax.net.ssl.trustStore=C:\Java64\jdk1.8.0_201\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=<trust_store_password>-Djavax.net.ssl.trustStoreType=JKS -Dweblogic.http.headers.enableHSTS=true

In the argument, replace the values that look like <password> with the actual password.

The functions of the additional JVM Arguments are:

Additional JVM Argument

Value

Function

-Djdk.tls.client.protocols

TLSv1.2

This sets the TLS version for JMX Communication to 1.2.

TLSv1.3

This sets the TLS version for JMX Communication to 1.3.

-Djavax.net.ssl.keyStore

C:\certs\keystore.jks

This is the location of the Identity store or Keystore file that contains the private key.

-Djavax.net.ssl.keyStorePassword

<key_store_password>

This is the passphrase for the Identity store or Keystore file.

-Djavax.net.ssl.keyStoreType

JKS

This is the format of the Identity store or Keystore file; formats include JKS, PKCS12, and PEM.

-Djavax.net.ssl.keyPassword

<key_password>

This is the passphrase for the private key stored in the Identity store or Keystore file.

-Djavax.net.ssl.trustStore

C:\Java64\jdk1.8.0_201\jre\lib\security\cacerts

This is the location of the Truststore of jre (Java Runtime Environment) that contains all the public keys. Typically, the Truststore is at located at $jdk/jre/lib/security/cacerts.

-Djavax.net.ssl.trustStorePassword

<trust_store_password>

This is the passphrase for the Truststore file.

-Djavax.net.ssl.trustStoreType

JKS

This is the format of the Truststore file; formats include JKS, PKCS12, and PEM.

-Dweblogic.http.headers.enableHSTS

true

This setting enables the WebLogic Server to send the HSTS header.
Note: Starting with Tools Release 9.2.5, TLSv1.3 support is available on WebLogic Server (WLS) if you are using Server Manager with Java 1.8 Update 261 and later. But, if you are using any Non-Oracle Java (i.e IBM, HP) in your setup for any web component, Enterprise Server or Server Manager Console or if you are using the Server Manager Console installed on WebSphere Server (WAS), you must continue to use the default version or use TLSv1.2. Also, starting with Tools Release 9.2.5, Java 1.7 is no longer supported with JDEdwards for any web and non-web components.
Note: If you plan to implement HTTP Strict Transport Security, refer to this Oracle document: Command Reference for Oracle WebLogic Server 14c in the section entitled: HTTP Strict Transport Security.

Additional JVM Arguments that are required to support Java 8 Update 201 and later and TLS 1.2 and later are as follows (where this command is a single contiguous command line with no line breaks or carriage returns:

<server Instance name>.javax.net.ssl.trustStoreType=JKS
         <server Instance name>.javax.net.ssl.keyStore=/u01/Middleware12214/oracacert/ keystore.jks
         <server Instance name>.jdk.tls.client.protocols=TLSv1.2
         <server Instance name>.javax.net.ssl.keyPassword=<key_password> 
         <server Instance name>.javax.net.ssl.trustStore=/u01/jde_agent /SCFHA/jdk/jre/lib/security/cacerts
         <server Instance name>.javax.net.ssl.trustStorePassword=<trust_store_password> 
         <server Instance name>.javax.net.ssl.keyStorePassword=<key_store_password>
         <server Instance name>.javax.net.ssl.keyStoreType=JKS
         <server Instance name>.javax.net.ssl.enableHSTS=true

In the argument, replace the values that look like <password> with the actual password and <server Instance name > with the BSSV or RTE instance name. These JVM Arguments update the agent.properties file of the embedded agent ($SCFHA/config/agent.properties) and these are required for Healthcheck to work.

The functions of the additional JVM Arguments are as explained in the table at the beginning of this section.