8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | 21c | 23c | Misc | PL/SQL | SQL | RAC | WebLogic | Linux
Amend the SSL Keystore Settings Using WebLogic Scripting Tool (WLST)
WebLogic Scripting Tool (WLST) provides a command line scripting interface to manage WebLogic Server instances and domains. This article gives an example of amending the SSL keystore settings for a managed server in an existing domain using WLST. You will need to adjust the values in the properties file and may wish to alter the script to suit your needs.
The easiest way to generate WLST scripts is to use the "Record" functionality in the Administration Console. The WLST in this article was generated in that way, then amended to replace hard-coded values with parameters.
Script
Create a file called "set_keystore.py" with the following contents.
#!/usr/bin/python # Author : Tim Hall # Save Script as : set_keystore.py import time import getopt import sys import re # Get location of the properties file. properties = '' try: opts, args = getopt.getopt(sys.argv[1:],"p:h::",["properies="]) except getopt.GetoptError: print 'set_keystore.py -p <path-to-properties-file>' sys.exit(2) for opt, arg in opts: if opt == '-h': print 'set_keystore.py -p <path-to-properties-file>' sys.exit() elif opt in ("-p", "--properties"): properties = arg print 'properties=', properties # Load the properties from the properties file. from java.io import FileInputStream propInputStream = FileInputStream(properties) configProps = Properties() configProps.load(propInputStream) # Set all variables from values in properties file. adminUsername=configProps.get("admin.username") adminPassword=configProps.get("admin.password") adminURL=configProps.get("admin.url") msName=configProps.get("ms.name") ksIdentityPath=configProps.get("ks.identity.path") ksIdentityPassword=configProps.get("ks.identity.password") ksTrustPath=configProps.get("ks.trust.path") ksTrustPassword=configProps.get("ks.trust.password") ksPhrase=configProps.get("ks.phrase") # Display the variable values. print 'adminUsername=', adminUsername print 'adminPassword=', adminPassword print 'adminURL=', adminURL print 'msName=', msName print 'ksIdentityPath=', ksIdentityPath print 'ksIdentityPassword=', ksIdentityPassword print 'ksTrustPath=', ksTrustPath print 'ksTrustPassword=', ksTrustPassword print 'ksPhrase=', ksPhrase # Connect to the AdminServer. connect(adminUsername, adminPassword, adminURL) edit() startEdit() # Set keystore information. cd('/Servers/' + msName) cmo.setKeyStores('CustomIdentityAndCustomTrust') activate() startEdit() cmo.setCustomIdentityKeyStoreFileName(ksIdentityPath) cmo.setCustomIdentityKeyStoreType('JKS') set('CustomIdentityKeyStorePassPhrase', ksIdentityPassword) cmo.setCustomTrustKeyStoreFileName(ksTrustPath) cmo.setCustomTrustKeyStoreType('JKS') set('CustomTrustKeyStorePassPhrase', ksTrustPassword) activate() startEdit() cd('/Servers/' + msName + '/SSL/' + msName) cmo.setServerPrivateKeyAlias('selfsigned') set('ServerPrivateKeyPassPhrase', ksPhrase) cmo.setHostnameVerificationIgnored(false) cmo.setHostnameVerifier(None) cmo.setTwoWaySSLEnabled(false) cmo.setClientCertificateEnforced(false) cmo.setJSSEEnabled(true) save() activate() disconnect() exit()
Properties
We will amend the SSL keystore settings for the AdminServer and two managed servers, so we will need the property files. This example assumes the keystore creation has already been done, as described here.
Create a file for the AdminServer called "myDomain-ks-as.properties" with the following contents.
# AdminServer connection details. admin.username=weblogic admin.password=Password1 admin.url=t3://ol6.localdomain:7001 ms.name=AdminServer ks.identity.path=/home/oracle/keystore/identity.jks ks.identity.password=Password1 ks.trust.path=/home/oracle/keystore/trust.jks ks.trust.password=Password1 ks.phrase=Password1
Create a file for the first managed server called "myDomain-ks-ms1.properties" with the following contents.
# AdminServer connection details. admin.username=weblogic admin.password=Password1 admin.url=t3://ol6.localdomain:7001 ms.name=MyServer_1 ks.identity.path=/home/oracle/keystore/identity.jks ks.identity.password=Password1 ks.trust.path=/home/oracle/keystore/trust.jks ks.trust.password=Password1 ks.phrase=Password1
Create a file for the second managed server called "myDomain-ks-ms2.properties" with the following contents.
# AdminServer connection details. admin.username=weblogic admin.password=Password1 admin.url=t3://ol6.localdomain:7001 ms.name=MyServer_2 ks.identity.path=/home/oracle/keystore/identity.jks ks.identity.password=Password1 ks.trust.path=/home/oracle/keystore/trust.jks ks.trust.password=Password1 ks.phrase=Password1
Run It
Amend the SSL keystore settings for the AdminServer and two managed servers using the following commands.
# Set environment. export MW_HOME=/u01/app/oracle/middleware export WLS_HOME=$MW_HOME/wlserver_10.3 export WL_HOME=$WLS_HOME export JAVA_HOME=/u01/app/oracle/jdk1.7.0_79 export PATH=$JAVA_HOME/bin:$PATH export DOMAIN_HOME=/u01/app/oracle/config/domains/myDomain . $DOMAIN_HOME/bin/setDomainEnv.sh # Amend the SSL keystore settings. java weblogic.WLST set_keystore.py -p myDomain-ks-as.properties java weblogic.WLST set_keystore.py -p myDomain-ks-ms1.properties java weblogic.WLST set_keystore.py -p myDomain-ks-ms2.properties
For more information see:
Hope this helps. Regards Tim...