Skip to content

Instantly share code, notes, and snippets.

@vegaasen

vegaasen/oracle-weblogic-trix-in-ludo.md

Last active March 7, 2018 14:36
Show Gist options
  • Save vegaasen/07322eec11a49e7310a9 to your computer and use it in GitHub Desktop.
Save vegaasen/07322eec11a49e7310a9 to your computer and use it in GitHub Desktop.
Download ZIP
Trix in Ludo for Oracle-based stuff (OIM, SOA, WebLogic etc)
Raw
oracle-weblogic-trix-in-ludo.md

Guides

This is a small compilation of trix in Ludo related to Oracle products.

Configuring SSL on WebLogic for any server (server==wl based server)

Introduction

This guide helps on defining SSL on WebLogic for any servers that is running on an instance.

Requirements

  • Private key
    • PKCS12
    • i.e the key that were used whilst generating a certificate / certificate request
  • Server certificate (public key)
    • i.e the key that is generated based on a CSR. This is most likely to be the same as your hostname
  • Keystore containing the mentioned bits above here..

KeyStore

What we've done is to just copy the cacerts-file and base our keystore and truststore on that one. As the keystore is quite verbose then, some might say that it is too much. Anyway... Do the following:

Prepare public/server certificate file

If your *.cer-file is not in PEM format, perform the steps below

openssl x509 -inform der -in my-cool-server-certificate.cer -out my-cool-server-certificate.cert

Extract the private key without CSR

If you did, just like I did, request a certificate using a private key to a CA - than you might experience that your private key actually contains the CSR instead of the actual certificate. If this is so, just extract the private key from the PFX/PKCS12/PKCS8 file.

  1. Open KeyStore Explorer or any other tool
  2. Locate your bundled private key
  3. Right click on the key and extract the private key alone in PEM format
  4. Done :-)

Combine extracted private key and server certificate

Before actually importing your key-pair to the keystore, you will need to combine the correct public server certificate and the private key. Perform the following command:

openssl pkcs12 -inkey my-cool-private.key -in my-cool-server-certificate.cert -export -out my-cool-bundled-certificates.pfx

Importing ze bundle

Well, this is straight forward. Using KeyStore Explorer or a similar tool (or just the cmd if you're crazy) - import the key pair. Now you're read to continue! :-)

WebLogic configuration

Configuring WebLogic is actually quite straight forward. There are many guides out there, but this one kinda sums it all up in a more understandable manner. Follow these steps and you'll be SSLd in no time! :-)

  1. Log in to WebLogic Console
  2. Go to > Environment > Servers
  3. Select the server to add a SSL certificate for
  4. (the following steps just includes do's)
    • Configuration > General > SSL Listen Port Enabled
      • (enter required ssl port - e.g 7443)
    • Configuration > KeyStores > Custom Identity & Custom Trust
      • insert all the required details here. It is quite self-explained throughout..
    • Configuration > SSL > Private Key Alais & Passphrase
      • enter the passphrase for the Key Alias
        • Key Alias => refers to the private key itself, not the public certificate (duh..)
    • Configuration > SSL > Hostname verification
      • None
    • Protocols > HTTP > Frontend HTTPS Port
      • (enter required ssl port - e.g 7443)
  5. Restart both AdminServer and the required other servers (it might be that the managed stuff just needs to restart, not admin - but restart the whole shait..)
  6. Done :-)!

Removing WebLogic domains

In order to remove an existing part of a domain, perform the following actions:

  • Remove: $DOMAIN_HOME/user_projects/
  • Remove the entries found within the "domain-registry.xml"-file
    • $WL_HOME/domain-registry.xml
  • $DOMAIN_HOME/apps/<domain_name>

Note: The config wizard will not create a new domain with the same name if $DOMAIN_HOME/apps/<domain_name> is still there.

Removing products/components from an existing domain

List of installed components is stored in the domain directory:

  • $DOMAIN_HOME/init-info/config-groups.xml
  • $DOMAIN_HOME/init-info/domain-info.xml

Remove all stuff related to installed component and specific entries in:

  • domain-info.xml
  • config-groups.xml

Also remove the generated folders for the components:

  • $DOMAIN_HOME/servers/<>

Then you may re-extend the domain with the component(s) you'd like.

Update OIM, SOA, WL and wtf not

<<REMEMBER: Paths may differ>> <>

Bundle Patch 7 Below ---v

unzip p23261479_111230_Generic.zip
cd 23261479/iamsuite/patch/oim/
cd /home/oracle/iam1-scripts
vi patch_oim_wls.profile
./patch_oim_wls.sh

Bundle Patch 7 Extras Below ---v

ADF

export ORACLE_HOME=$MW_HOME/oracle_common
unzip -d PATCH_TOP adf_p22952020_111190_Generic.zip
cd PATCH_TOP/22952020/oui
opatch apply
rm -rf PATCH_TOP

SOA

unzip -d PATCH_TOP soa_p23757923_111190_Generic.zip
export ORACLE_HOME=$MW_HOME/oracle_common
cd PATCH_TOP/23757923/
opatch apply
export ORACLE_HOME=$MW_HOME/Oracle_SOA1
opatch apply
rm -rf PATCH_TOP/

WebLogic

unzip -d wl-patch wl_p23094342_1036_Generic.zip
mkdir $MW_HOME/utils/bsu/cache_dir
mv wl-patch/* $MW_HOME/utils/bsu/cache_dir/.
cd $MW_HOME/utils/bsu
./bsu.sh -install -patch_download_dir=$MW_HOME/utils/bsu/cache_dir -patchlist=UIAL -prod_dir=$WL_HOME

^-- does the above fail? Well then add more memory :-) (to the bsu.sh-script)

<<Restart all stuff before going any further>>

OIM Bugfix

unzip -d PATCH_TOP oim_p22503548_11123160719_Generic.zip
cd PATCH_TOP/22503548/
export ORACLE_HOME=$MW_HOME/Oracle_IDM1
opatch apply
rm -rf PATCH_TOP/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment