1. Using Oracle WebLogic Server for OKE
  2. Managing Resources
  3. Configure SSL Certificate for a Load Balancer

Configure SSL Certificate for a Load Balancer

If you add an SSL certificate manually using the Oracle Cloud Infrastructure console to the load balancer created in Oracle WebLogic Server for OKE, when you update the domain using the update domain job, the certificate you configured in the console is reverted to the default certificate.

To retain the SSL certificate, you must configure the SSL certificate for the load balancer using the update_lb_ssl_cert.sh script located in /u01/scripts/utils in the administration instance. After configuring the load balancer, you can verify the SSL certificate configuration. See Verify SSL Certificate Configuration.

Note:

For stacks created prior to 22.3.1 (July, 2022), before you configure SSL certificate for the load balancer, you must create the update_lb_ssl_cert.sh script and copy the script in the administration instance. See Script File to Update SSL Certificate for Load Balancer.

Perform the following steps to configure SSL certificate for the load balancer:

  1. Access the administration compute instance for your stack.

    See Access the Administration Instance.

  2. Store the SSL certificate and private key in the administration instance.

    For example, you can store the SSL certificate and private key in the /tmp/tls.crt and /tmp/tls.key location in the administration instance.

  3. Navigate to /u01/scripts/utils directory, and set execute permission to the update_lb_ssl_cert.sh file. 
    chmod +x update_lb_ssl_cert.sh
  4. Run the following command: 
    ./update_lb_ssl_cert.sh -d <WebLogic_ Domain_Name> -s <Kubernetes_Secret_Name> -k <SSL_Certificate_Key_File> -c <SSL_Certificate_File>

    Example:

    ./update_lb_ssl_cert.sh -d domain1 -s lbsslcert -k tls.key -c tls.cert
  5. After the load balancer is updated with the certificates, delete the tls.key and tls.cert.
    For example, if your SSL certificate file is located in /tmp directory, run the following command to delete the certificate:
    rm /tmp/tls.cert

Verify SSL Certificate Configuration

Perform the following steps to verify the SSL certificate configuration:

  1. Run the following command to verify that the tls secret field was updated to the secret name you provided in the script: 
    kubectl describe svc -n wlsoke-ingress-nginx <domain_name>-lb-external | grep tls-secret

    Example:

    kubectl describe svc -n wlsoke-ingress-nginx domain1-lb-external | grep tls-secret

    The command output looks like:

    service.beta.kubernetes.io/oci-load-balancer-tls-secret: lbsslcert
  2. Access the Oracle Cloud Infrastructure console.
  3. From the navigation menu Navigation Menu icon , click Networking and then click Load Balancers.
  4. Select the Compartment that contains your stack.
  5. Click the name of the load balancer.
  6. Under Resources, click Listeners. The list of listeners is displayed.
  7. Click the Actions icon (Actions icon) associated with the listener set and click Edit.
  8. Check if the Certificate Name is the same as the secret name that you provided in the script in step 4.
  9. Run the update domain job and repeat steps 3 through 8 to verify if the SSL certification is retained for load balancer.

    See Defining Kubernetes Services of Type LoadBalancer in Oracle Cloud Infrastructure documentation.