Pre-requisite
- Weblogic setup is done
- Identity and Trust store JKS is obtained and copied in the Machine
HTTPS and TLSv1.2 Only Enablement
- HTTPS Enablement
- Login to the Admin Console of Weblogic Admin Server
- Select from left tree "base_domain -> Enviornment -> Servers"
- Select the Server which you want to enable for HTTPS, for example "Server-1"
- Select Tabe "Configuration -> General" and select "SSL Port Enabled" and provide a HTTPS port, for example 8082
- Select Tabe "Configuration -> Keystores" and provide following values:
- Keystores: Select "Customer Identity and Custom Trust"
- Custom Identity Keystore: the path to identity jks in the machine
- Custom Identity Keystore Type: JKS
- Custom Identity Keystore Passphrase: the password of identity keystore
- Confirm Custom Identity Keystore Passphrase: the password of identity keystore
- Custom Trust Keystore: the path to trust jks in the machine
- Custom Trust Keystore Type: JKS
- Custom Trust Keystore Passphrase: the password of trust store keystore
- Confirm Custom Trust Keystore Passphrase: the password of trust store keystore
- Select Tabe "Configuration -> SSL" and provide following values:
- Identity and Trust Locations: Keystores
- Private Key Alias: the alias name of the identity certificate
- Private Key Passphrase: the private key of the identity certificate
- Confirm Private Key Passphrase: the private key of the identity certificate
- You may do the same changes for Admin Server as well if want to do HTTPS enablement for Admin Server port.
- Restart the Servers to take HTTPS enablement into effect, and hit the server URL with HTTPS port to verify.
- TLSv1.2 Only Restriction
- Select Tabe "Configuration -> Server Start" and provide following values:
- Arguments: -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -Dweblogic.security.SSL.allowUnencryptedNullCipher=false -Dweblogic.security.disableNullCipher=true
- Restart the Servers
- To restrict ciphers
- Stop NodeManager, AdminServer and all other Servers
- Modify config.xml
- $cd /app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/config
- $vi config.xml
- Add following ciphers under respective Server section, for example
- <server>
- <name>Server-1</name>
- <ssl>
- <enabled>true</enabled>
- <ciphersuite>TLS_RSA_WITH_AES_128_CBC_SHA</ciphersuite>
- <ciphersuite>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</ciphersuite>
- <ciphersuite>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</ciphersuite>
- <ciphersuite>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</ciphersuite>
- .....
- .....
- Save the modification in config.xml
- Restart NodeManager, AdminServer and respective Servers.
No comments:
Post a Comment