Steps for configuring Node Manager with SSL for WebLogic Server.

First create custom certificates using the keytool command utility:

keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname "CN=Tariq, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US" -keypass password -keystore identity.jks -storepass password
keytool -selfcert -v -alias mykey -keypass password -keystore identity.jks -storepass password -storetype jks
keytool -selfcert -v -alias mykey -keypass password -keystore identity.jks -storepass password -storetype jks
keytool -import -v -trustcacerts -alias mykey -file rootCA.der -keystore trust.jks -storepass password


Now configure "Custom Identity and Custom Trust" for admin and managed servers from console
Now enter the Key Alias and Private Key Passphrase under the SSL tab for both the servers from console 

Make the following changes in the nodemanager.properties file.
AuthenticationEnabled=true
ListenAddress= (Leave it blank if you are using localhost for server Listen Address)
ListenPort=5556
SecureListener=true
StartScriptEnabled=true
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeyStoreFileName=C\:\\bea10.3\\user_projects\\domains\\custom_certificate_nodemanager\\identity.jks
CustomIdentityAlias=mykey
CustomIdentityPrivateKeyPassPhrase=password
CustomTrustKeyStoreFileName=C\:\\bea10.3\\user_projects\\domains\\custom_certificate_nodemanager\\trust.jks


Add the following flags in setDomainEnv.cmd. Please note this step is optional.  
-Dweblogic.security.IdentityKeyStore=CustomIdentity
-Dweblogic.security.CustomIdentityKeyStoreFileName=filename
-Dweblogic.security.CustomIdentityKeyStorePassPhrase=passphrase
-Dweblogic.security.Identity.KeyStoreType=type
-Dweblogic.security.TrustKeyStore=CustomTrust
-Dweblogic.security.CustomTrustKeyStoreFileName=filename
-Dweblogic.security.CustomTrustKeyStoreType=type
-Dweblogic.security.CustomTrustKeyStorePassPhrase=passphrase


If your identity certificate does not specify the hostname of the server exactly, and you are not using wildcard certificates with the wildcard hostname verifier available in WLS 10.3.6 and higher, add the "-Dweblogic.nodemanager.sslHostNameVerificationEnabled=false" flag in the startNodeManager node manager start script. Please note that disabling hostname verification is insecure, so this should not be done in production systems.

Start the Node Manager using the startNodeManager scriot and check the status of Node Manager. It should be reachable from console. 

0 Comments