1. Using Oracle WebLogic Server for OCI
  2. Manage a Domain
  3. Configure SSL for WebLogic Server
  4. Configure Node Manager to Use the SSL Certificate

Configure Node Manager to Use the SSL Certificate

To ensure a successful SSL handshake among the Administration Server, Managed Servers, and Node Manager, you should configure Node Manager to use the custom keystores and the SSL certificate.

  1. Connect to the Administration Server node with a secure shell (SSH) client, and then switch to the oracle user.
    sudo su - oracle
  2. Edit the nodemanager.properties file located in the Domain Home directory.
    vi $DOMAIN_HOME/nodemanager/nodemanager.properties
  3. Add the following lines to the end of the file.
    KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeystoreType=jks
CustomIdentityKeyStoreFileName=path_to_identity_keystore
CustomIdentityKeyStorePassPhrase=keystore_password
CustomIdentityPrivateKeyPassPhrase=server_cert_password
CustomIdentityAlias=server_cert
CustomTrustKeyStoreType=jks
CustomTrustKeyStoreFileName=path_to_trust_keystore
CustomTrustKeyStorePassPhrase=keystore_password
    For example:
    KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeystoreType=jks
CustomIdentityKeyStoreFileName=/u01/data/keystores/identity.jks
CustomIdentityKeyStorePassPhrase=keystore_password
CustomIdentityPrivateKeyPassPhrase=server_cert_password
CustomIdentityAlias=server_cert
CustomTrustKeyStoreType=jks
CustomTrustKeyStoreFileName=/u01/data/keystores/trust.jks
CustomTrustKeyStorePassPhrase=keystore_password
  4. Regenerate the Node Manager startup files.
    1. Launch the WebLogic Scripting Tool (WLST).
      $MIDDLEWARE_HOME/oracle_common/common/bin/wlst.sh
    2. Connect to the Administration Server.
      connect('admin_user','password','t3://admin_server_host:9071')
      For example:
      connect('weblogic','password','t3://myinstance-wls-1:9071')
    3. Generate the boot.properties and startup.properties files for the server(s) on this node.
      nmGenBootStartupProps('server_name')
      Both the Administration Server and the first Managed Server run on the first node in the service instance. For example:
      nmGenBootStartupProps('myinstance_adminserver')
      nmGenBootStartupProps('myinstance_server_1')
    4. Exit WLST.
      exit()
  5. Run the restart script as the oracle user.
    /opt/scripts/restart_domain.sh

    Note:

    If your instance was created before 23.3.2 (end of August 2023) you should edit the setEnv.sh file located in /opt/scripts:
    vi /opt/scripts/setEnv.sh
    Add the following properties to the WLST_PROPERTIES variable set in the file:
    -Dweblogic.security.TrustKeyStore=CustomTrust
-Dweblogic.security.CustomTrustKeyStoreFileName=path_to_trust_keystore
-Dweblogic.security.CustomTrustKeyStoreType=JKS
    For example, after adding the properties, WLST_PROPERTIES would be: 
    export WLST_PROPERTIES="${WLST_PROPERTIES}
-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -Dpython.path=${PYTHONPATH} 
-Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=DemoTrust 
-Djava.security.egd=file:///dev/urandom -Doracle.jdbc.fanEnabled=false -Dweblogic.ssl.JSSEEnabled=true 
-Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.TrustKeyStore=CustomTrust 
-Dweblogic.security.CustomTrustKeyStoreFileName=/u01/data/keystores/trust.jks 
-Dweblogic.security.CustomTrustKeyStoreType=JKS"
  6. Repeat from Step 1 for any other nodes in service instance for which you want to configure SSL.