Configure Node Manager SSL on the Target Instance

If you configured your source Oracle Java Cloud Service instance to use custom identity or trust keystores, then you must manually configure the Node Manager on each node in the target instance to use the custom keystores.

Use a Secure Shell (SSH) client to connect to the Administration Server node on the target instance as the opc user.
```
ssh -i <privatekey> opc@<target_admin_IP>
```
If you are using a private subnet, use the following command to connect to the Administration Server node in your target instance:
```
ssh -i <path_to_privatekey> -o ProxyCommand="ssh -W %h:%p -i <path_to_privatekey> opc@<Public_IP>" opc@<target_admin_IP>
```
Switch to the oracle user.
```
sudo su - oracle
```

Using the model file and properties file, identify the SSL configuration for the servers on this node:

The identity keystore file, path, and password
The trust keystore file, path, and password
The key alias and password

Example:

Server:
    ...
    MyInstan_server_1:
        ...
        CustomIdentityKeyStoreFileName: wlsdeploy/servers/MyInstan_server_1/identity.jks
        CustomTrustKeyStoreFileName: wlsdeploy/servers/MyInstan_server_1/trust.jks
        CustomIdentityKeyStorePassPhraseEncrypted: '@@PROP:keystore1.password@@'
        CustomTrustKeyStorePassPhraseEncrypted: '@@PROP:trustkeystore1.password@@'
        ...
        SSL:
            ServerPrivateKeyAlias: server_cert
            ServerPrivateKeyPassPhraseEncrypted: '@@PROP:privatekey1.password@@'

Edit the nodemanager.properties file located under the DOMAIN_HOME directory.
```
vi $DOMAIN_HOME/nodemanager/nodemanager.properties
```

Add the following lines to the end of the file. Specify the full path to the keystore files.

KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeystoreType=jks
CustomIdentityKeyStoreFileName=/u01/data/domains/<target_domain>/wlsdeploy/servers/<target_server_name>/<identity_keystore_file>
CustomIdentityKeyStorePassPhrase=<identity_keystore_password>
CustomIdentityPrivateKeyPassPhrase=<key_password>
CustomIdentityAlias=<key_alias>
CustomTrustKeystoreType=jks
CustomTrustKeyStoreFileName=/u01/data/domains/<target_domain>/wlsdeploy/servers/<target_server_name>/<trust_keystore_file>
CustomTrustKeyStorePassPhrase=<trust_keystore_password>

Example:

KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeystoreType=jks
CustomIdentityKeyStoreFileName=/u01/data/domains/MyInstan/wlsdeploy/servers/MyInstan_adminserver/myidentity.jks
CustomIdentityKeyStorePassPhrase=<identity_keystore_password>
CustomIdentityPrivateKeyPassPhrase=<key_password>
CustomIdentityAlias=server_cert
CustomTrustKeystoreType=jks
CustomTrustKeyStoreFileName=/u01/data/domains/MyInstan/wlsdeploy/servers/MyInstan_adminserver/mytrust.jks
CustomTrustKeyStorePassPhrase=<trust_keystore_password>

Edit the setDomainEnv.sh file located under the DOMAIN_HOME directory.
```
vi $DOMAIN_HOME/bin/setDomainEnv.sh
```

Add the following line to the end of the file.

export WLST_PROPERTIES="${WLST_PROPERTIES} -Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/u01/data/domains/<target_domain>/wlsdeploy/servers/<target_server_name>/<trust_keystore_file> -Dweblogic.security.CustomTrustKeyStoreType=JKS"

Example:

export WLST_PROPERTIES="${WLST_PROPERTIES} -Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/u01/data/domains/MyInstan/wlsdeploy/servers/MyInstan_adminserver/mytrust.jks -Dweblogic.security.CustomTrustKeyStoreType=JKS"

Connect to all Managed Server nodes in the target instance that use custom keystores, and then repeat Steps 4 to 7.
Example:
```
ssh myinstance-wls-2
vi $DOMAIN_HOME/nodemanager/nodemanager.properties
vi $DOMAIN_HOME/bin/setDomainEnv.sh
exit
```
Disconnect from the Administration Server node.