SSL (t3s) connection to Weblogic AdminServer – WLST (example)

By | March 17, 2019
  • Given the AdminServer (weblogic)
  • We would like to connect to AdminServer using t3s (secure) protocol.
  • We can make the SSL connection by using any of the following truststores:
    • JavaStandardTrust (default truststore for SSL communication)
    • DemoTrust
    • CustomTrust
  • We will use default truststore to make SSL (t3s) connection to AdminServer.
  • To Initiate the SSL connection, the JavaStandardTrust should have public certificate(s) of AdminServer.
  • So, If public certificate(s) of AdminServer is not there in JavaStandardTrust, then
    • Export the public certificate(s) of AdminServer after following the LINK
    • Suppose, we have saved the public certificate as MyServerCertificate.cer
    • Now, we need to import the public certificate to JavaStandardTrust store
      • JavaStandardTrust path for windows would be %JAVA_HOME%\jre\lib\security\cacerts and for Linux it would be $JAVA_HOME\jre\lib\security\cacerts
      • Now, import the certificate to windows JavaStandardTrust using keytool (similarly, we can import the certificate in linux truststore).

keytool -import -alias "<Any Unique Alias Name>" -keystore <path of JavaStandardTrust>  -file "<path of public certificate>

keytool -import -alias "AnyAliasName" -keystore "%JAVA_HOME%\jre\lib\security\cacerts"  -trustcacerts -file "MyServerCertificate.cer"

After, we have imported the certificate to JavaStandardTrust store, we can make a  secure SSL connection to AdminServer using t3s protocol.


#Ignore hostname verification 
System.setProperty("weblogic.security.SSL.ignoreHostnameVerification", "true")

#Make t3s connection with AdminServer, t3s://:
adminURL = "t3s://slc07fic.us.oracle.com:7002"
connect("weblogic","welcome2", adminURL)

Output: SSL connection to weblogic admin server using t3s protcol:


c:\fmw_12.2.1.3.0\wls12213\oracle_common\common\bin>java -Dweblogic.security.SSL.ignoreHostnameVerification=true weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> adminURL = "t3s://myAdminServerHost:7002"
wls:/offline>
wls:/offline> connect("weblogic","welcome2", adminURL)
Connecting to t3s://myAdminServerHost:7002 with userid weblogic ...
    
    
    
Successfully connected to Admin Server "AdminServer" that belongs to domain "osb_domain".

wls:/osb_domain/serverConfig/>