- Using Oracle WebLogic Server for OCI
- Manage a Domain
- Configure SSL for WebLogic Server
- Configure Node Manager to Use the SSL Certificate
Configure Node Manager to Use the SSL Certificate
To ensure a successful SSL handshake among the Administration Server, Managed Servers, and Node Manager, you should configure Node Manager to use the custom keystores and the SSL certificate.
- Connect to the Administration Server node with a secure shell (SSH) client, and
then switch to the
oracle
user.sudo su - oracle
- Edit the
nodemanager.properties
file located in the Domain Home directory.vi $DOMAIN_HOME/nodemanager/nodemanager.properties
- Add the following lines to the end of the file.
KeyStores=CustomIdentityAndCustomTrust CustomIdentityKeystoreType=jks CustomIdentityKeyStoreFileName=path_to_identity_keystore CustomIdentityKeyStorePassPhrase=keystore_password CustomIdentityPrivateKeyPassPhrase=server_cert_password CustomIdentityAlias=server_cert CustomTrustKeyStoreType=jks CustomTrustKeyStoreFileName=path_to_trust_keystore CustomTrustKeyStorePassPhrase=keystore_password
For example:KeyStores=CustomIdentityAndCustomTrust CustomIdentityKeystoreType=jks CustomIdentityKeyStoreFileName=/u01/data/keystores/identity.jks CustomIdentityKeyStorePassPhrase=keystore_password CustomIdentityPrivateKeyPassPhrase=server_cert_password CustomIdentityAlias=server_cert CustomTrustKeyStoreType=jks CustomTrustKeyStoreFileName=/u01/data/keystores/trust.jks CustomTrustKeyStorePassPhrase=keystore_password
- Regenerate the Node Manager startup files.
- Launch the WebLogic Scripting Tool (WLST).
$MIDDLEWARE_HOME/oracle_common/common/bin/wlst.sh
- Connect to the Administration Server.
connect('admin_user','password','t3://admin_server_host:9071')
For example:connect('weblogic','password','t3://myinstance-wls-1:9071')
- Generate the
boot.properties
andstartup.properties
files for the server(s) on this node.nmGenBootStartupProps('server_name')
Both the Administration Server and the first Managed Server run on the first node in the service instance. For example:nmGenBootStartupProps('myinstance_adminserver')
nmGenBootStartupProps('myinstance_server_1')
- Exit WLST.
exit()
- Launch the WebLogic Scripting Tool (WLST).
- Run the restart script as the
oracle
user./opt/scripts/restart_domain.sh
Note:
If your instance was created before 23.3.2 (end of August 2023) you should edit thesetEnv.sh
file located in/opt/scripts
:vi /opt/scripts/setEnv.sh
Add the following properties to theWLST_PROPERTIES
variable set in the file:-Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=path_to_trust_keystore -Dweblogic.security.CustomTrustKeyStoreType=JKS
For example, after adding the properties,WLST_PROPERTIES
would be:export WLST_PROPERTIES="${WLST_PROPERTIES} -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -Dpython.path=${PYTHONPATH} -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=DemoTrust -Djava.security.egd=file:///dev/urandom -Doracle.jdbc.fanEnabled=false -Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/u01/data/keystores/trust.jks -Dweblogic.security.CustomTrustKeyStoreType=JKS"
- Repeat from Step 1 for any other nodes in service instance for which you want to configure SSL.