Steps needed to SSL configure standalone Oracle WebLogic Server (10.3.X – 12.1.X) in Fusion Middleware 11g/12c

Oracle WebLogic Server – Version 10.3.1 to 12.1.3.0.0 Information in this document applies to any platform:

There are three steps needed to configure WebLogic (10.3.X -12.1.X) in Fusion Middleware 11g/12c:

Step I: Create a Java Keystore which contains an SSL Certificate
Step II: Configure WebLogic Server for SSL
Step III: Test you can access Weblogic via SSL

==================================================
Step I. Create a Java Keystore which contains an SSL Certificate
==================================================

All the commands below reference $MIDDLEWARE_HOME for FMW 11g. If using FMW 12c, replace $MIDDLEWARE_HOME with $ORACLE_HOME.

1. Create a directory, for example: $MIDDLEWARE_HOME/keystores
mkdir -p $MIDDLEWARE_HOME/keystores
2. chmod -R 775 $MIDDLEWARE_HOME/keystore
3. cd $MIDDLEWARE_HOME/keystore/
4. keytool -genkey -alias wls_aibl -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -dname “CN=<host_IP>,OU=AIBL,O=AIBL,L=Bangladesh,ST=Dhaka,C=BD” -keypass welcome -keystore keystore.jks -storepass welcome
or
keytool -genkey -alias node1 -keyalg RSA -keysize 1024 -keystore identity1.jks -storepass welcome -keypass welcome

What is your first and last name?
[Unknown]: x.x.x.x
What is the name of your organizational unit?
[Unknown]: AIBL
What is the name of your organization?
[Unknown]: AIBL
What is the name of your City or Locality?
[Unknown]: BANGLADESH
What is the name of your State or Province?
[Unknown]: DHAKA
What is the two-letter country code for this unit?
[Unknown]: BD
Is CN=x.x.x.x, OU=AIBL, O=AIBL, L=DHAKA, ST=DHAKA, C=BD correct?
[no]: yes
5. keytool -exportcert -alias node1 -file node1cert.cer -keystore identity1.jks -storetype JKS
6. keytool -importcert -trustcacerts -alias node1 -file node1cert.cer -keystore Truststore1.jks -storetype JKS
7. keytool -list -v -keystore Truststore1.jks -storepass welcome

==================================================
Step II: Configure WebLogic Server for SSL
==================================================

The steps below take you through configuring SSL for a Managed Server.The steps assumes the reader understands how to start the Admin Server and Managed Server.
1. Start the Admin Server in the Domain
2. Login to the WLS console e.g: http://x.x.x.x:7001/console
3. Select ‘Environment’ -> ‘Servers’ and click on the server you want to configure
4. Select the ‘Keystores’ tab
5. Select ‘Keystore -> ‘Change’
6. Select ‘Custom Identity and Custome Trust’from the drop down list and click ‘Save’
7. Enter the relevant information in the Keystores page:
‘Custom Identity Keystore’ : <path_to_keystore> e.g $MIDDLEWARE/keystores/keystore.jks ‘Custom Identity Keystore’ : JKS
(Note: This has to be UPPERCASE) ‘Custom Identity Keystore Passphrase’ : <storepass_pwd> e.g: welcome ‘Confirm Custom Identity Keystore Passphrase’ : <storepass_pwd> e.g: welcome ‘Custom Trust Keystore’ : <path_to_keystore> e.g $MIDDLEWARE/keystores/keystore.jks ‘Custom Trust Keystore Type’ : JKS (Note: This has to be UPPERCASE) ‘Custom Trust Keystore Passphrase’ : <storepass_pwd> e.g: welcome ‘Confirm Custom Trust Keystore Passphrase’ : <storepass_pwd> e.g: welcome Click ‘Save’
8. Select the ‘SSL’ tab and enter the relevant information:
‘Private Key Alias’ : <alias_given_when_creating_key> e.g server_cert ‘Private Key Password’ : <keypass_pwd> e.g welcome ‘Confirm Private Key Password’: <keypass_pwd> e.g welcome Click ‘Save’
9. Select ‘Environment’ -> ‘Servers’ and click on the Managed Server configured
10. In the ‘General’ tab:
Check ‘SSL Listen Port Enabled’ ‘SSL Listen Port’ : <port> e.g 7012 (make sure this is not used by another process) Click ‘Save’
Note: You would normally have Oracle HTTP Server (OHS) on port 443 forwarding to WebLogic Server (WLS) on another port in an Oracle Fuson Middleware environment. If you were following this for WLS standalone or require both OHS and WLS on port 443 (on separate machines) then see the following to set up on a privileged port:
WebLogic 10.3.x
https://docs.oracle.com/cd/E23943_01/apirefs.1111/e13952/taskhelp/machines/BindToProtectedPortsOnUNIX.htm WebLogic 12c
https://docs.oracle.com/html/E24401_02/taskhelp/machines/BindToProtectedPortsOnUNIX.html
11. Start the Server. If the server is running successfully you will see the following in the standard out or the Managed Server log file:

<Notice> <Server> <BEA-002613> <Channel “DefaultSecure” is now listening on X.X.X.X:7012 for protocols iiops, t3s, ldaps, https.>

==================================================
Step III: Test you can access Weblogic via SSL
==================================================
1. Access Weblogic via SSL e.g: https://x.x.x.x:7012/<uri&gt;