1. Using Oracle WebLogic Server for OCI
  2. Manage a Domain
  3. Configure SSL for WebLogic Server
  4. Associate Keystores and SSL Certificate with WebLogic Server

Associate Keystores and SSL Certificate with WebLogic Server

Use the WebLogic Server Administration Console to update the location of each server’s identity and trust keystore files, and the name of the certificate in the identity keystore that the server uses for SSL communication.

By default, the servers in an Oracle Java Cloud Service instance are configured to use a demo identity keystore and a demo trust keystore. Oracle recommends that you use these demo keystores for development purposes only.

  1. Access the Oracle Java Cloud Service console.
  2. Click the name of your service instance.
  3. From the Overview page, identify the host names of all the nodes in your service instance, and the names of all servers in your domain.
  4. Click Manage this service Menu icon, and select Open WebLogic Server Administration Console.
  5. Log in to the console using the credentials that you specified when provisioning your service instance.
  6. Within the Change Center panel, click Lock and Edit.
  7. Within the Domain Structure panel, expand Environment, and then click Servers.
  8. Click the name of the server for which you want to configure SSL.
  9. Verify that the Configuration tab is selected. Under Configuration, click the Keystores tab.
    1. For Keystores, click Change. Select Custom Identity and Custom Trust, and then click Save.
    2. For Custom Identity Keystore, enter the full path to your identity keystore.
      For example, /u01/data/keystores/identity.jks
    3. For Custom Identity Keystore Type, enter JKS.
    4. For Custom Identity Keystore Passphrase, enter your keystore password. Enter the same value for Confirm Custom Identity Keystore Passphrase.
    5. For Custom Trust Keystore, enter the full path to your trust keystore.
      For example, /u01/data/keystores/trust.jks
    6. For Custom Trust Keystore Type, enter JKS.
    7. For Custom Trust Keystore Passphrase, enter your keystore password. Enter the same value for Confirm Custom Trust Keystore Passphrase.
    8. Click Save.
  10. Under Configuration, click the SSL tab.
    1. For Private Key Alias, enter the name of the certificate (private key) in the identity keystore, server_cert.
    2. For Private Key Passphrase, enter the password for this certificate in the keystore. Enter the same value for Confirm Private Key Passphrase.
      By default, the password for the certificate is the same as the identity keystore password.
    3. Click Save.
  11. Under Change Center, click Activate Changes.
  12. Click the Control tab.
  13. Click Restart SSL. When prompted for confirmation, click Yes.
  14. Repeat from step 6 to update each server in your domain for which you want to configure SSL.

    After you have configured SSL for the WebLogic Server to use the keystore CustomIdentityAndCustomTrust, go to the boot.properties file located in DOMAIN_HOME/servers/AdminServer/security and DOMAIN_HOME/servers/<server_name>/data/nodemanager and remove the line

    TrustKeyStore=DemoTrust.

For more information, refer to Overview of Configuring SSL in Administering Security for Oracle WebLogic Server (12.2.1).