Renew a Certificate When Secured Production Mode Is Enabled
When certificates created by the OCI Certificate Service are close to expiration or have expired, you can renew the certificate created by Oracle WebLogic Server for OCI or specify a different certificate OCID.
When Secured Production Mode is enabled certificates are created through the OCI Certificate Service with an expiration according to the OCI Certificate Authority's Maximum Validity Duration for Certificates (Days) or 365 days, whichever is lower. When these certificates are close to expiration or have expired you can renew the certificate created by Oracle WebLogic Server for OCI or specify a different certificate OCID.
1. From your computer, run the ssh
command to connect to the
domain's Administration Server node as the opc
user.
ssh -i path_to_private_key opc
@node_IP_address
For example:
ssh -i /home/myuser/mykey opc
@203
.0.
113.13
2. If prompted, enter the passphrase for the private key.
3. Run the following commands to renew the certificates on the domain's
Administration Server node as the oracle
user.
sudo su - oracle
python3 /opt/scripts/secure_mode_renew_certificate.py <optional: certificate OCID>
exit
For example, if you are renewing the certificate created for you by Oracle WebLogic Server for OCI:
sudo su - oracle
python3 /opt/scripts/secure_mode_renew_certificate.py
exit
4. If IDCS is enabled use the following commands to restart the appgateway container on each Compute instance as the root user:
sudo bash
sudo podman container stop appgateway
sudo podman container rm appgateway
sudo /opt/scripts/idcs/run_cloudgate.sh
exit
Note:
As of 14c (14.1.2.0.0), the WebLogic Server Administration Console has been replaced by the WebLogic Remote Console.- For 12.2.1.4.0 domains see, Access the WebLogic Server Administration ConsoleAccess the WebLogic Console.
- For 14.1.2.0.0 domains, see Access the WebLogic Remote Console
6. From the WebLogic Server Administration Console, click Environment|Servers from the Domain Structure tree view on the left side of the console.
7. Select the Control tab.
8. Check the checkbox by the server(s) associated with the Compute instance
on which you ran the secure_mode_renew_certificate.py
script.
9. Click Restart SSL.
Note:
If you experience any issues accessing the WebLogic Console after
restarting SSL on the Administration Server you can execute the
restart_domain.sh
script. See Start and Stop a Domain.
10. Repeat all the steps on each Managed Server node.