SSL in WebLogic 12.2.1.1
WebLogic Application Server supports SSL 3.0 and Transport Layer Security (TLS) 1.0 specifications. TLS V1.1 is the default minimum protocol version configured in WebLogic Server. Oracle recommends the use of TLS V1.1 or later in a production environment. WebLogic does not support SSL version 2.0 and below.
For information on how to configure SSL in WebLogic please refer to the following websites or follow the steps below:
https://docs.oracle.com/middleware/1221/wls/SECMG/ssl_overview.htm#SECMG718
http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
Steps to Configure SSL / https
- Login to the WebLogic console.
- In the Domain Structure box, expand Environment and click Servers.
- Click on the server that you created.
Example: ODS_SERVER.
- Select the SSL Listen Port Enabled checkbox.
Example: 7002 is port number.
- Click Save.
- Restart the server.
- Navigate to https://machinename:7002/ODSJava in your browser to access the login page of ODS.
http://docs.oracle.com/middleware/1221/wls/SECMG/identity_trust.htm#SECMG720
Steps to Configure Certificates
The steps listed below are based on the default JDK certificate.
WEBLOGIC_JAVA_SECLIB = Specify the location of JDK 1.8.x. /jre/lib/security.
For Example: /opt/oracle/jdk1.8.0_77/jre/lib/security
WEBLOGIC_JAVA_HOME = Specify the location of JDK 1.8.x.
For Example: /opt/oracle/jdk1.8.0_77/
Note: If JDK is not installed on your machine, then download and install latest update of Oracle 1.8 JDK
- Install the Oracle WebLogic 12.2.1.1 application server.
- Go to WEBLOGIC_JAVA_HOME\bin and run the commands listed below.
- keytool -genkey -keystore jre/lib/security/wsse.keystore -keyalg RSA -keysize 1024 -validity 1000 -alias localhost -dname "CN=localhost"
- keytool -export -keystore jre/lib/security/wsse.keystore -alias localhost -file server/default/conf/localhost.cer
- keytool -import -keystore jre/lib/security/wsse.truststore -trustcacerts -alias localhost -file jre/lib/security/localhost.cer
- The above step will create two files within WEBLOGIC_JAVA_SECLIB.
- wsse.keystore
- wsse.truststore
- Move wsse.keystore and wsse.truststore to the conf folder where all properties files reside.
Example: C:\ODS\conf.
- Log in to the Oracle Weblogic console and go to Environment >Server > ODS > Server Start and add the details listed below to Arguments.
- -Duser.language=en -Duser.region=US -Djava.net.preferIPv4Stack=true -Djava.net.preferPv6Addresses=false -javaagent:C:\ODS\lib\spring-instrument-4.2.3.RELEASE.jar -Dtangosol.coherence.override=C:\ODS\conf \coherence-config.xml -Dtangosol.coherence.cacheconfig=C:\ODS\conf \coherence-cache-config.xml -Dtangosol.pof.config=com-adminserver-pas-web-pof-config.xml -Djavax.net.ssl.trustStore=C:\ODS\conf\wsse.truststore -Djavax.net.ssl.trustStorePassword=Djavax.net.ssl.keyStore=C:\ODS\conf\wsse.keystore -Djavax.net.ssl.keyStorePassword=jbossws
- Go to WEBLOGIC_JAVA_SECLIB and create a back-up of the cacerts file.
- Create a new certification (cacerts) file by following the steps below.
- Copy InstallCert.class and InstallCert$SavingTrustManager.class in WEBLOGIC_JAVA_HOME\bin.
- From WEBLOGIC_JAVA_HOME\bin, run InstallCert through a command prompt like java InstallCert localhost:7002. The KeyStore jssecacerts will load and a connection will be opened. Messages will then be presented regarding the certificates.
- When the process is complete, the following message will appear: Enter certificate to add to trusted keystore or 'q' to quit. Type 1 to continue.
- When the process is complete, another message will appear: Added certificate to keystore 'jssecacerts' using 'jssecacers' using alias 'localhost-1'. Run java InstallCert localhost:7002 one more time, then enter q to exit. This will create a new jssecacerts keystore file in WEBLOGIC_JAVA_SECLIB and rename it to cacerts.
Note: Repeat step 7 to enable SSL for different port numbers.
- Stop the WebLogic application server (JVM, Node, Manager).
- Restart the machine.
- Start the WebLogic application server (JVM, Node, Manager).
- Enter https://machinename:7002/PASJava in your browser to access the login page of ODS.