Home » Articles » Web » Here

Amend the SSL Keystore Settings Using WebLogic Scripting Tool (WLST)

WebLogic Scripting Tool (WLST) provides a command line scripting interface to manage WebLogic Server instances and domains. This article gives an example of amending the SSL keystore settings for a managed server in an existing domain using WLST. You will need to adjust the values in the properties file and may wish to alter the script to suit your needs.

The easiest way to generate WLST scripts is to use the "Record" functionality in the Administration Console. The WLST in this article was generated in that way, then amended to replace hard-coded values with parameters.

• Script
• Properties
• Run It

Script

Create a file called "set_keystore.py" with the following contents.

#!/usr/bin/python
# Author : Tim Hall
# Save Script as : set_keystore.py

import time
import getopt
import sys
import re

# Get location of the properties file.
properties = ''
try:
   opts, args = getopt.getopt(sys.argv[1:],"p:h::",["properies="])
except getopt.GetoptError:
   print 'set_keystore.py -p <path-to-properties-file>'
   sys.exit(2)
for opt, arg in opts:
   if opt == '-h':
      print 'set_keystore.py -p <path-to-properties-file>'
      sys.exit()
   elif opt in ("-p", "--properties"):
      properties = arg
print 'properties=', properties

# Load the properties from the properties file.
from java.io import FileInputStream
 
propInputStream = FileInputStream(properties)
configProps = Properties()
configProps.load(propInputStream)

# Set all variables from values in properties file.
adminUsername=configProps.get("admin.username")
adminPassword=configProps.get("admin.password")
adminURL=configProps.get("admin.url")
msName=configProps.get("ms.name")
ksIdentityPath=configProps.get("ks.identity.path")
ksIdentityPassword=configProps.get("ks.identity.password")
ksTrustPath=configProps.get("ks.trust.path")
ksTrustPassword=configProps.get("ks.trust.password")
ksPhrase=configProps.get("ks.phrase")

# Display the variable values.
print 'adminUsername=', adminUsername
print 'adminPassword=', adminPassword
print 'adminURL=', adminURL
print 'msName=', msName
print 'ksIdentityPath=', ksIdentityPath
print 'ksIdentityPassword=', ksIdentityPassword
print 'ksTrustPath=', ksTrustPath
print 'ksTrustPassword=', ksTrustPassword
print 'ksPhrase=', ksPhrase

# Connect to the AdminServer.
connect(adminUsername, adminPassword, adminURL)

edit()
startEdit()

# Set keystore information.
cd('/Servers/' + msName)
cmo.setKeyStores('CustomIdentityAndCustomTrust')

activate()

startEdit()
cmo.setCustomIdentityKeyStoreFileName(ksIdentityPath)
cmo.setCustomIdentityKeyStoreType('JKS')
set('CustomIdentityKeyStorePassPhrase', ksIdentityPassword)
cmo.setCustomTrustKeyStoreFileName(ksTrustPath)
cmo.setCustomTrustKeyStoreType('JKS')
set('CustomTrustKeyStorePassPhrase', ksTrustPassword)

activate()

startEdit()

cd('/Servers/' + msName + '/SSL/' + msName)
cmo.setServerPrivateKeyAlias('selfsigned')
set('ServerPrivateKeyPassPhrase', ksPhrase)

cmo.setHostnameVerificationIgnored(false)
cmo.setHostnameVerifier(None)
cmo.setTwoWaySSLEnabled(false)
cmo.setClientCertificateEnforced(false)
cmo.setJSSEEnabled(true)

save()
activate()

disconnect()
exit()

Properties

We will amend the SSL keystore settings for the AdminServer and two managed servers, so we will need the property files. This example assumes the keystore creation has already been done, as described here.

Create a file for the AdminServer called "myDomain-ks-as.properties" with the following contents.

# AdminServer connection details.
admin.username=weblogic
admin.password=Password1
admin.url=t3://ol6.localdomain:7001

ms.name=AdminServer

ks.identity.path=/home/oracle/keystore/identity.jks
ks.identity.password=Password1

ks.trust.path=/home/oracle/keystore/trust.jks
ks.trust.password=Password1

ks.phrase=Password1

Create a file for the first managed server called "myDomain-ks-ms1.properties" with the following contents.

# AdminServer connection details.
admin.username=weblogic
admin.password=Password1
admin.url=t3://ol6.localdomain:7001

ms.name=MyServer_1

ks.identity.path=/home/oracle/keystore/identity.jks
ks.identity.password=Password1

ks.trust.path=/home/oracle/keystore/trust.jks
ks.trust.password=Password1

ks.phrase=Password1

Create a file for the second managed server called "myDomain-ks-ms2.properties" with the following contents.

# AdminServer connection details.
admin.username=weblogic
admin.password=Password1
admin.url=t3://ol6.localdomain:7001

ms.name=MyServer_2

ks.identity.path=/home/oracle/keystore/identity.jks
ks.identity.password=Password1

ks.trust.path=/home/oracle/keystore/trust.jks
ks.trust.password=Password1

ks.phrase=Password1

Run It

Amend the SSL keystore settings for the AdminServer and two managed servers using the following commands.

# Set environment.
export MW_HOME=/u01/app/oracle/middleware
export WLS_HOME=$MW_HOME/wlserver_10.3
export WL_HOME=$WLS_HOME
export JAVA_HOME=/u01/app/oracle/jdk1.7.0_79
export PATH=$JAVA_HOME/bin:$PATH
export DOMAIN_HOME=/u01/app/oracle/config/domains/myDomain

. $DOMAIN_HOME/bin/setDomainEnv.sh

# Amend the SSL keystore settings.
java weblogic.WLST set_keystore.py -p myDomain-ks-as.properties

java weblogic.WLST set_keystore.py -p myDomain-ks-ms1.properties

java weblogic.WLST set_keystore.py -p myDomain-ks-ms2.properties

For more information see:

• Fusion Middleware Oracle WebLogic Scripting Tool

Hope this helps. Regards Tim...

Back to the Top.

Created: 2016-03-08  Updated: 2018-02-07

Contact Us

Home | Articles | Scripts | Blog | Certification | Videos | Misc | About

About Tim Hall
Copyright & Disclaimer