Wednesday, 25 November 2015

Configuring Oracle WebLogic Server (10.3.X - 12.1.X) to use SSL in Fusion Middleware 11g/12c (Doc ID 1235653.1)

There are three steps needed to configure WebLogic (10.3.X -12.1.X) in Fusion Middleware 11g/12c

Step I: Create a Java Keystore which contains an SSL Certificate.
Step II: Configure WebLogic Server for SSL
Step III: Test you can access Weblogic via SSL:

Step I. Create a Java Keystore which contains an SSL Certificate

1. Follow Note 1230333.1 How To Create a Java Keystore via Keytool in FMW 11g/12c
When following this note make note of the -alias <alias> parameter, the keystore path and filename, and keystore passwords as they will be used in Step II below.

Step II: Configure WebLogic Server for SSL

The steps below take you through configuring SSL for a Managed Server.
The steps assumes the reader understands how to start the Admin Server and Managed Server.

1. Start the Admin Server in the Domain
2. Login to the WLS console e.g: http://weblogic.uk.oracle.com:7001/console
3. Select 'Environment' -> 'Servers' and click on the server you want to configure
4. Select the 'Keystores' tab
5. Select 'Keystore -> 'Change'
6.Select 'Custom Identity and Custome Trust'from the drop down list and click 'Save'
7. Enter the relevant information in the Keystores page:
  • 'Custom Identity Keystore' : <path_to_keystore> e.g $MIDDLEWARE/keystores/keystore.jks
  • 'Custom Identity Keystore' : JKS     (Note: This has to be UPPERCASE)
  • 'Custom Identity Keystore Passphrase' : <storepass_pwd> e.g: welcome
  • 'Confirm Custom Identity Keystore Passphrase' : <storepass_pwd> e.g: welcome
  • 'Custom Trust Keystore' : <path_to_keystore> e.g $MIDDLEWARE/keystores/keystore.jks
  • 'Custom Trust Keystore Type' : JKS    (Note: This has to be UPPERCASE)
  • 'Custom Trust Keystore Passphrase' : <storepass_pwd> e.g: welcome
  • 'Confirm Custom Trust Keystore Passphrase' : <storepass_pwd> e.g: welcome
  • Click 'Save'
8. Select the 'SSL' tab and enter the relevant information:
  • 'Private Key Alias' : <alias_given_when_creating_key> e.g server_cert
  • 'Private Key Password' : <keypass_pwd> e.g welcome
  • 'Confirm Private Key Password': <keypass_pwd> e.g welcome
  • Click 'Save'
9. Select 'Environment' -> 'Servers' and click on the Managed Server configured
10. In the 'General' tab:
  • Check 'SSL Listen Port Enabled'
  • 'SSL Listen Port' : <port> e.g 7012 (make sure this is not used by another process)
  • Click 'Save'
11. Start the Server. If the server is running successfuly you will see the following in the standard out or the Managed Server log file:

<Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on X.X.X.X:7012 for protocols iiops, t3s, ldaps, https.>

Step III: Test you can access Weblogic via SSL

1. Access Weblogic via SSL e.g:  https://weblogic.uk.oracle.com:7012/<uri>


This note is for configuring the WebLogic AdminServer or Managed Server for SSL where the *HTTP* port for that WebLogic server remains *ENABLED* i.e the Managed Server or AdminServer can be connected to via HTTP or HTTPS.

FMW 11g Only
If the requirement is to configure a *Managed Server* for *SSL only* i.e the HTTP port is *DISABLED*, then follow Note 1268027.1 How To Configure WebLogic Managed Server To Listen On HTTPS Only In FMW 11g.

If the requirement is to configure the *AdminServer* for *SSL only* i.e the HTTP Port is *DISABLED* then follow Note 1353951.1 How to Configure WebLogic Admin Server to Listen on SSL Only and associated FMW Considerations

Thanks
Srini 

No comments:

Post a Comment


No one has ever become poor by giving