Setting Keystore and SSL for a WebLogic Server using WLST

Configuring Custom SSL for WebLogic server                     

Working on the Oracle Utilities project, where our Environment requirement is that Mobile runtimes will communicates with secure servers. So we need to make the WebLogic server SSL Enabled with  Custom SSL certificates configuration.

WLST keystore SSL for Admin Server, Managed Server

Assumptions:

• WebLogic 12.2.1.3 domain configured
• Each WebLogic server SSL enabled already
• AdminServer up and running

Here in this example I am using CA provided certificates but to publish in this post giving dummy paths and file names. The prerequisites you must have the Custom Identity and Custom Trust store

#!/usr/bin/python
# Author    : Pavan Devarakonda
# Save Script as  : set_keystoreSSL.py
# Initial drafted : 12/07/2018
#==========================================

import re

# Get location of the properties file.
execfile('/opt/MWM/scripts/set_keystore.properties')
def connectAdmin():
        # Connect to the AdminServer.
        try:
                connect(admin_username, admin_password, admin_url)
        except:
                print 'Unable to connect to AdminServer'
                exit()

def setKSnSSL4server(serverName, ksIdentityPath,ksIdentityPassword,ksTrustPath,ksTrustPassword,privateKeyAlias,keyPhrase):
        # Set keystore information.
        print "==============================="
        print "set keystore to "+serverName
        print "==============================="
        cd('/Servers/' + serverName)
        cmo.setKeyStores('CustomIdentityAndCustomTrust')

        cmo.setCustomIdentityKeyStoreFileName(ksIdentityPath)
        cmo.setCustomIdentityKeyStoreType('JKS')
        set('CustomIdentityKeyStorePassPhrase', ksIdentityPassword)
        cmo.setCustomTrustKeyStoreFileName(ksTrustPath)
        cmo.setCustomTrustKeyStoreType('JKS')
        set('CustomTrustKeyStorePassPhrase', ksTrustPassword)
        print "set SSL to "+serverName
        print "==============================="
        cd('/Servers/' + serverName + '/SSL/' + serverName)
        cmo.setServerPrivateKeyAlias(privateKeyAlias)
        set('ServerPrivateKeyPassPhrase', keyPhrase)

def main():
        connectAdmin()
        print servers
        edit()
        startEdit()
        print "========================================================================="
        print "AdminServer, utilities_server1 server set keystore, SSL custom keystore"
        print "========================================================================="
  setKSnSSL4server(adm['name'], adm['identity.path'], adm['identity.password'],adm['trust.path'],adm['trust.password'],adm['privateKeyAlias'],adm['keyPhrase'])
  setKSnSSL4server(ms1['name'], ms1['identity.path'], ms1['identity.password'],ms1['trust.path'],ms1['trust.password'],ms1['privateKeyAlias'],ms1['keyPhrase'])
        save()
        activate()
        disconnect()
        exit()

main()

This time the properties file is also python script to use the dictionary capabilities of Python to refer to the Weblogic server and its corresponding server'S keystore, SSL details to store together.

# AdminServer connection details.
admin_username='system'
admin_password='welcome1'
admin_url='t3://test.server.com:7001'

#Dictionaries for AdminServer, utilities_server1 keystore, SSL values

adm = { 'name':'AdminServer','identity.path':'/opt/myalias_cert/myIdentity.jks', 'identity.password':'welcome1', \
'trust.path':'/opt/myalias_cert/myTrustStore.jks', 'trust.password':'welcome1', \
'keyPhrase':'welcome1', 'privateKeyAlias':'myalias'}

ms1 = { 'name':'utilities_server1','identity.path':'/opt/myalias_cert/myIdentity.jks', 'identity.password':'welcome1', \
'trust.path':'/opt/myalias_cert/myTrustStore.jks', 'trust.password':'welcome1', \
'keyPhrase':'welcome1', 'privateKeyAlias':'myalias'}

 The execution or the above script output looks as below: You can execute.