Upgrade WebLogic and apply Mandatory Patch
1) Upgrade Oracle Weblogic Server to 10.3.6:
2) Apply below Oracle Weblogic Server mandatory Patches as per below post:
- Patch 18398295-FSG4
- Patch 14404715-ZARV
- Patch 16844206-NPM3
- Patch 13114768-56MM
- Patch 15865825-CM69
- Patch 14809365-XA6W
- Patch 13964737-YVDZ (JSSE patch. Required for WLS 10.3.6 with JDK 7)
- Patch 14174803-IMWL (JSSE patch. Required for WLS 10.3.6 with JDK 7)
- Patch 17938462-XECL(Required for WLS 10.3.6 with JDK 7 on Windows)
- Patch 13351178-VRGR (Recommended)
Step 1) Set all environment variables:
$ cd /u01/oracle/middlewareoam/wlserver_10.3/server/bin
$ . ./setWLSEnv.sh
Step 2) Create a temp directory at below location:
$ cd /u01/oracle/middlewareoam/oracle_common/common
$ mkdir -p temp
$ cd temp
$ pwd
/u01/oracle/middlewareoam/oracle_common/common/temp
Step 3) Execute below command:
$ java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey
Generating a certificate with common name HOSTNAMEand key strength 2048
issued by CA with certificate from /u01/oracle/middlewareoam/wlserver_10.3/server/lib/CertGenCA.der file and key from /u01/oracle/middlewareoam/wlserver_10.3/server/lib/CertGenCAKey.der file
$ java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile demokey.der -keyfilepass DemoIdentityPassPhrase -certfile democert.der -alias demoidentity
No password was specified for the key entry
Key file password will be used
<Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Using default WebLogic SSL Hostname Verifier implementation.>
Imported private key demokey.der and certificate democert.der into a new keystore DemoIdentity.jks of type jks under alias demoidentity
$ cd /u01/oracle/middlewareoam/oracle_common/common/temp
$ ls
DemoIdentity.jks democert.der democert.pem demokey.der demokey.pem
Step 4) Copy the newly generated DemoIdentity.jks to $WL_HOME/server/lib directory(back up the current DemoIdentity.jks)
$ cd $WL_HOME/server/lib
$ mv DemoIdentity.jks DemoIdentity.jks_BKP
$ cd /u01/oracle/middlewareoam/oracle_common/common/temp
$ cp * /u01/oracle/middlewareoam/wlserver_10.3/server/lib
Step 5) Delete the temporary directory.
$ cd /u01/oracle/middlewareoam/oracle_common/common
$ rm -rf temp;
Step 6) Restart Weblogic to enable JSSE on the commandline(-Dweblogic.ssl.JSSEEnabled=true) or in the Admin console.
For Node Manager, use -Dweblogic.security.SSL.enableJSSE=true
No comments:
Post a Comment