Before you begin
Configure the identity and trust keystores for WebLogic Server. See Configure identity and trust.
Secure Sockets Layer (SSL) provides secure connections by allowing two applications connecting over a network connection to authenticate the other's identity and by encrypting the data exchanged between the applications. Authentication allows a server and optionally a client to verify the identity of the application on the other end of a network connection. Encryption makes data transmitted over the network intelligible only to the intended recipient.
WebLogic Server supports SSL on a dedicated listen port which
defaults to 7002. To establish an SSL connection, a Web browser connects
to WebLogic Server by supplying the SSL listen port and the HTTPs
protocol in the connection URL, for example,
https://myserver:7002. See Configuration Options.
SSL can be configured one-way or two-way:
Note: If you Enable automatic realm restart in the default security realm, you do not need to restart WebLogic Server after activating non-dynamic changes to the SSL configuration.
The more secure you want WebLogic Server to be, the fewer times the key should be used before generating a new key.
Builtin SSL Validation Only: Uses the built-in trusted CA-based validation. This is the default.
Builtin SSL Validation and Cert Path Validators: Uses the built-in trusted CA-based validation and uses configured CertPathValidator providers to perform extra validation.
After you finish
All the server SSL attributes are dynamic; when modified via the Console, they cause the corresponding SSL server or channel SSL server to restart and use the new settings for new connections. If automatic realm restart is not enabled in the default security realm, old connections will continue to run with the old configuration; to ensure that all the SSL connections exist according to the specified configuration, you must reboot WebLogic Server.
Use the Restart SSL button on the Control: Start/Stop page to restart the SSL server when changes are made to the keystore files and need to be applied for subsequent connections without rebooting WebLogic Server. See Restart SSL.