3.2 Configuring SSL Support

Work with your security team to obtain a private key, a digital certificate that contains the public key, and a trusted CA certificate (in PEM format) from a reputable authority. Store the private key and trusted CA certificate in a JKS (Java KeyStore).See Oracle Fusion Middleware Administering Security for Oracle WebLogic Server for help with these tasks.

1. Start Oracle GoldenGate Director Server, and then view the Start Oracle GoldenGate Director command console to make sure the startup is complete before moving to the next steps.
2. In a web browser, go to the Oracle WebLogic Server console at the following URL, where hostname is the name of the server that hosts Oracle GoldenGate Director Server.

   http://hostname:7001/console
   

3. Log into the Oracle WebLogic Server domain home page with your Oracle WebLogic Server credentials.
4. Under Domain Structure, expand Domain then Environments then Servers.
5. Under Summary of Servers, make the Configuration tab active.
6. Click machine_name(admin), for example localhost(admin).
7. Under Settings for machine_name, make the Configuration tab active.
8. Scroll down to SSL Listen Port Enabled, and then select the check box to enable the SSL support.
9. For SSL Listen Port, specify a SSL port number for this domain, or use the default of 7002.
10. At the bottom of the screen, click Save.
11. In the Oracle WebLogic Server command console, view the trailing entries to confirm that Oracle WebLogic Server is now listening on the specified SSL port.
12. On the Oracle WebLogic Server console, make the SSL tab active.
13. Scroll down to Private Key Alias, and then make sure the name of the keystore is the one that you created for use with Oracle GoldenGate Director. If not, make certain that the keystore is stored in a directory that can be accessed by Oracle WebLogic Server and Oracle GoldenGate Director Server.

1. Point a web browser to the following URL (note the "s" in https), where hostname is the name of the server that hosts Oracle GoldenGate Director Server:

   https://hostname:7002/acon
   

2. If the browser returns a security message stating that the connection is untrusted, click I Understand the Risks, and then take the following steps to proceed:

   • Click Add Exception.

   • In the Add Security Exception dialog, click Get Certificate.

   • Click Confirm Security Exception.

3. Log in to Oracle GoldenGate Director as the Oracle GoldenGate Director administrator. If the login succeeds, you configured SSL correctly. If the login fails, repeat the steps in Enabling SSL in the Oracle WebLogic Server Domain, and make certain that you specify a valid port (the default is recommended) and that you click Save after enabling SSL.

1. Copy the SSL keystore to any directory of the Oracle GoldenGate Director Client machine. This file has a suffix of .jks.
2. In the Oracle GoldenGate Director Client installation directory, open the etc/client-properties.conf file.
3. Update the following properties. Because this is a Java properties file, use only forward slashes even if the platform is Windows.

   • Specify the location of the keystore file. Replace the directory path in this example with the path to your keystore.

     weblogic.security.SSL.trustedCAKeyStore=C:/Oracle/Middleware1034/wlserver_10.3/server/lib/certificate
     

   • Set the following parameter to instruct Oracle WebLogic Server not to verify the host name:

     weblogic.security.SSL.ignoreHostnameVerification=true 
     

4. (Optional) In the properties file, you can initialize any other JVM parameters that are required while using SSL mode.

1. Run Oracle GoldenGate Director Client.
2. Log in to localhost:7002 (using the SSL port) with the SSL check box checked.
3. From the File menu, select Logout.
4. From the File menu, select Login.
5. Log in to localhost:7001 (this time using the default port) without selecting the SSL check box, and make sure that also works.