Weblogic - How to configure SSL certificate on WebLogic server
In this section, we walk through how to configure SSL certificate on WebLogic servers. Pre-requisite:
Identity and Trust Keystore Certificates
Passphrase of Identity and Trust Keystore
Note: A root certificate is required for a production installation. For this demo configuration, I have used self-signed certificates as shown below. Click on Create self-signed SSL certificate to create your certificates.
Configure SSL certificate on WebLogic Server
- Open the setDomainEnv.cmd file in MW_HOME\user_projects\domains\\bin and search for the following text -Djavax.net.ssl.trustStore. Replace the value with your TrustKeystore certificate like below
et EXTRA_JAVA_PROPERTIES=-Dcommon.components.home=%COMMON_COMPONENTS_HOME% -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=%DOMAIN_HOME% -Djrockit.optfile=%COMMON_COMPONENTS_HOME%\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.server.config.dir=%ORACLE_DOMAIN_CONFIG_DIR%\servers\%SERVER_NAME% -Doracle.domain.config.dir=%ORACLE_DOMAIN_CONFIG_DIR% -Digf.arisidbeans.carmlloc=%ORACLE_DOMAIN_CONFIG_DIR%\carml -Digf.arisidstack.home=%ORACLE_DOMAIN_CONFIG_DIR%\arisidprovider -Doracle.security.jps.config=%DOMAIN_HOME%\config\fmwconfig\jps-config.xml -Doracle.deployed.app.dir=%DOMAIN_HOME%\servers\%SERVER_NAME%\tmp\_WL_user -Doracle.deployed.app.ext=\- -Dweblogic.alternateTypesDirectory=%ALT_TYPES_DIR% -Djava.protocol.handler.pkgs=%PROTOCOL_HANDLERS% %WLS_JDBC_REMOTE_ENABLED% %EXTRA_JAVA_PROPERTIES%
set EXTRA_JAVA_PROPERTIES=%EXTRA_JAVA_PROPERTIES% -Djavax.net.ssl.trustStore=C:\Oracle\MiddlewareDev006\user_projects\domains\base_domain\bin\certificates\truststore.jks
Login into WebLogic console, click on the server where you deployed your application.
Click on the General tab and enable the SSL Listen Port Enabled. Enter an SSL Listen Port
- Click on HTTP under PROTOCOLS tab. Enter the frontend HOST, Frontend HTTP Port and Frontend HTTPS Port of the server you selected
Enter the fully qualified domain name on all the host parameters
- Click on the KeyStores tab. Enter the Identity store and Trust Store information.
My Identity Store location: <DOMAN_HOME>\certificates\keystore.jks
My Trust Store location: <DOMAN_HOME>\certificates\truststore.jks
This Identity Keystore Passphrase and Trust Keystore certificates are getting from the person who created the SSL certificates
- Select the SSL tab and Input Private Key Alias, Private Key Passphrase and Confirm Private Key Passphrase
This information you get it from the person who created the SSL certificates
- For WebLogic 10.3.3 or higher with SHA256, select option Use JSSE SSL in SSL tab