B Configure SSL for a Domain
Secure Socket Layer (SSL) is the most commonly-used method of securing data sent across the internet. For domains created before June2020, you can configure SSL between clients and the load balancer used to access your Oracle WebLogic Server for OCI domain.
Note:
This procedure applies only to domains that were created before June 29, 2020.
To set up custom SSL for Oracle WebLogic Server for OCI instances, see Overview of Configuring SSL in WebLogic Server.
In this configuration, SSL connections (the HTTPS protocol) terminate at the load balancer. Connections from the load balancer to the compute instances running Oracle WebLogic Server do not use SSL; they use the HTTP protocol.
If you selected the Prepare Load Balancer for HTTPS option when creating the domain, then you only need to perform these tasks:
If you did not select this option when creating the domain, then you must perform all of the tasks:
- Create an HTTPS Listener for the Load Balancer
- Add a Certificate to the Load Balancer
- Update the App Gateway for HTTPS (if the domain uses Oracle Identity Cloud Service)
Create an HTTPS Listener for the Load Balancer
Update the load balancer for your domain. Create a listener for the HTTPS port, and then configure the SSL request headers for Oracle WebLogic Server.
Note:
This procedure applies only to domains that were created before June 2020. The steps are required only if you did not select the Prepare Load Balancer for HTTPS option when creating the domain.The SSL request headers instruct WebLogic Server to use the HTTPS protocol in external URLs that it generates, such as in web application links.
If you want to delete this stack at a later time, you will not be able to destroy the stack using Resource Manager. Because of the changes to the load balancer resources, you will have to manually delete the load balancer.
See these topics in the Oracle Cloud Infrastructure documentation:
Add a Certificate to the Load Balancer
Upload your SSL certificate, and then associate the certificate with the HTTPS listener.
Note:
This procedure applies only to domains that were created before June 2020.You can use a custom, self-signed SSL certificate, or a certificate that you’ve obtained from a Certificate Authority (CA). For production WebLogic Server environments, Oracle recommends that you use a CA-issued SSL certificate, which reduces the chances of experiencing a man-in-the-middle attack.
You cannot modify an existing load balancer certificate. You must add a new certificate, and then associate the listener with the new certificate.
Update the App Gateway for HTTPS
If your Oracle WebLogic Server domain uses Oracle Identity Cloud Service for authentication, update and restart the App Gateway on each compute instance in the domain.
Note:
This procedure applies only to domains that were created before June 2020. The steps are required only if both of these are true:- This procedure applies only to domains that were created before June 2020.
- You did not select the Prepare Load Balancer for HTTPS option when creating the domain.
- You selected the Enable Authentication Using Identity Cloud Service option when creating the domain.