Configuring Oracle WebLogic Server (10.3.x - 12.1.x) to use SSL in Fusion Middleware 11g/12c

Configuring Oracle WebLogic Server (10.3.x - 12.1.x) to use SSL in Fusion Middleware 11g/12c

Configuring Oracle WebLogic Server (10.3.x - 12.1.x) to use SSL in Fusion Middleware 11g/12c

Titleimage

Posted by Patrick Hamou on 2017:09:06 14:21:07

APPLIES TO:

Oracle WebLogic Server - Version 10.3.1 to 12.1.3.0.0
Information in this document applies to any platform.

SCOPE

Oracle WebLogic Server 10.3.X/12.1.X and Fusion Middleware 11g/12c Administrators

This Note is part of a number of articles written for SSL Configuration in FMW 11g and 12c
Please read Note 1218695.1 Master Note for SSL Configuration in Fusion Middleware 11g or:
Note 1628909.1 Master Note for SSL Configuration in Fusion Middleware 12c


This article is to be used after reviewing the following Oracle Documentation:
Oracle Fusion Middleware Securing Oracle WebLogic Server 11g Release 1 (10.3.3) - 12 Configuring SSL or:
Administering Security for Oracle WebLogic Server - 12 Configuring SSL

 

This note is for configuring the WebLogic AdminServer or Managed Server for SSL where the *HTTP* port for that WebLogic server remains *ENABLED* i.e the Managed Server or AdminServer can be connected to via HTTP or HTTPS.

FMW 11g Only
If the requirement is to configure a *Managed Server* for *SSL only* i.e the HTTP port is *DISABLED*, then follow Note 1268027.1 How To Configure WebLogic Managed Server To Listen On HTTPS Only In FMW 11g.

If the requirement is to configure the *AdminServer* for *SSL only* i.e the HTTP Port is *DISABLED* then follow Note 1353951.1 How to Configure WebLogic Admin Server to Listen on SSL Only and associated FMW Considerations

DETAILS

There are three steps needed to configure WebLogic (10.3.X -12.1.X) in Fusion Middleware 11g/12c

Step I: Create a Java Keystore which contains an SSL Certificate.
Step II: Configure WebLogic Server for SSL
Step III: Test you can access Weblogic via SSL:

Step I. Create a Java Keystore which contains an SSL Certificate

1. Follow Note 1230333.1 How To Create a Java Keystore via Keytool in FMW 11g/12c

When following this note make note of the -alias <alias> parameter, the keystore path and filename, and keystore passwords as they will be used in Step II below.

Step II: Configure WebLogic Server for SSL

The steps below take you through configuring SSL for a Managed Server.
The steps assumes the reader understands how to start the Admin Server and Managed Server.

1. Start the Admin Server in the Domain
2. Login to the WLS console e.g: http://weblogic.uk.oracle.com:7001/console
3. Select 'Environment' -> 'Servers' and click on the server you want to configure
4. Select the 'Keystores' tab
5. Select 'Keystore -> 'Change'
6.Select 'Custom Identity and Custome Trust'from the drop down list and click 'Save'
7. Enter the relevant information in the Keystores page:

·         'Custom Identity Keystore' : <path_to_keystore> e.g $MIDDLEWARE/keystores/keystore.jks

·         'Custom Identity Keystore' : JKS     (Note: This has to be UPPERCASE)

·         'Custom Identity Keystore Passphrase' : <storepass_pwd> e.g: welcome

·         'Confirm Custom Identity Keystore Passphrase' : <storepass_pwd> e.g: welcome

·         'Custom Trust Keystore' : <path_to_keystore> e.g $MIDDLEWARE/keystores/keystore.jks

·         'Custom Trust Keystore Type' : JKS    (Note: This has to be UPPERCASE)

·         'Custom Trust Keystore Passphrase' : <storepass_pwd> e.g: welcome

·         'Confirm Custom Trust Keystore Passphrase' : <storepass_pwd> e.g: welcome

·         Click 'Save'

8. Select the 'SSL' tab and enter the relevant information:

·         'Private Key Alias' : <alias_given_when_creating_key> e.g server_cert

·         'Private Key Password' : <keypass_pwd> e.g welcome

·         'Confirm Private Key Password': <keypass_pwd> e.g welcome

·         Click 'Save'

9. Select 'Environment' -> 'Servers' and click on the Managed Server configured
10. In the 'General' tab:

·         Check 'SSL Listen Port Enabled'

·         'SSL Listen Port' : <port> e.g 7012 (make sure this is not used by another process)

·         Click 'Save'

Note: You would normally have Oracle HTTP Server (OHS) on port 443 forwarding to WebLogic Server (WLS) on another port in an Oracle Fuson Middleware environment.  If you were following this for WLS standalone or require both OHS and WLS on port 443 (on separate machines) then see the following to set up on a privileged port:

WebLogic 10.3.x
https://docs.oracle.com/cd/E23943_01/apirefs.1111/e13952/taskhelp/machines/BindToProtectedPortsOnUNIX.html

WebLogic 12c
https://docs.oracle.com/html/E24401_02/taskhelp/machines/BindToProtectedPortsOnUNIX.html

 

11. Start the Server. If the server is running successfully you will see the following in the standard out or the Managed Server log file:

<Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on X.X.X.X:7012 for protocols iiops, t3s, ldaps, https.>

Step III: Test you can access Weblogic via SSL

1. Access Weblogic via SSL e.g:  https://weblogic.uk.oracle.com:7012/<uri>

REFERENCES

NOTE:1268027.1 - How To Configure WebLogic Managed Server To Listen On HTTPS Only In FMW 11g

NOTE:1628909.1 - Master Note for SSL Configuration in Fusion Middleware 12c (12.1.x)


NOTE:1218695.1 - Master Note for SSL Configuration in Fusion Middleware 11g
NOTE:1230333.1 - How To Create a Java Keystore via Keytool in FMW 11g/12c

Return to Blog