Renew a Certificate When Secured Production Mode Is Enabled

When certificates created by the OCI Certificate Service are close to expiration or have expired, you can renew the certificate created by Oracle WebLogic Server for OCI or specify a different certificate OCID.

When Secured Production Mode is enabled certificates are created through the OCI Certificate Service with an expiration according to the OCI Certificate Authority's Maximum Validity Duration for Certificates (Days) or 365 days, whichever is lower. When these certificates are close to expiration or have expired you can renew the certificate created by Oracle WebLogic Server for OCI or specify a different certificate OCID.

1. From your computer, run the ssh command to connect to the domain's Administration Server node as the opc user.

ssh -i path_to_private_key opc
@node_IP_address

For example:

ssh -i /home/myuser/mykey opc
@203
.0.
113.13

2. If prompted, enter the passphrase for the private key.

3. Run the following commands to renew the certificates on the domain's Administration Server node as the oracle user.

sudo su - oracle
python3 /opt/scripts/secure_mode_renew_certificate.py <optional: certificate OCID>
exit

For example, if you are renewing the certificate created for you by Oracle WebLogic Server for OCI:

sudo su - oracle
python3 /opt/scripts/secure_mode_renew_certificate.py
exit

4. If IDCS is enabled use the following commands to restart the appgateway container on each Compute instance as the root user:

sudo bash
sudo podman container stop appgateway
sudo podman container rm appgateway
sudo /opt/scripts/idcs/run_cloudgate.sh
exit

5. Sign in to the correct Administration Console for your domain.

Note:

As of 14c (14.1.2.0.0), the WebLogic Server Administration Console has been replaced by the WebLogic Remote Console.

• For 12.2.1.4.0 domains see, Access the WebLogic Server Administration ConsoleAccess the WebLogic Console.
• For 14.1.2.0.0 domains, see Access the WebLogic Remote Console

6. From the WebLogic Server Administration Console, click Environment|Servers from the Domain Structure tree view on the left side of the console.

7. Select the Control tab.

8. Check the checkbox by the server(s) associated with the Compute instance on which you ran the secure_mode_renew_certificate.py script.

9. Click Restart SSL.

Note:

If you experience any issues accessing the WebLogic Console after restarting SSL on the Administration Server you can execute the restart_domain.sh script. See Start and Stop a Domain.

10. Repeat all the steps on each Managed Server node.