SSL (t3s) connection to Weblogic AdminServer – WLST (example)

Yogesh

6 years ago

Given the AdminServer (weblogic)
We would like to connect to AdminServer using t3s (secure) protocol.
We can make the SSL connection by using any of the following truststores:
- JavaStandardTrust (default truststore for SSL communication)
- DemoTrust
- CustomTrust
We will use default truststore to make SSL (t3s) connection to AdminServer.
To Initiate the SSL connection, the JavaStandardTrust should have public certificate(s) of AdminServer.
So, If public certificate(s) of AdminServer is not there in JavaStandardTrust, then
- Export the public certificate(s) of AdminServer after following the LINK
- Suppose, we have saved the public certificate as MyServerCertificate.cer
- Now, we need to import the public certificate to JavaStandardTrust store
  - JavaStandardTrust path for windows would be %JAVA_HOME%\jre\lib\security\cacerts and for Linux it would be $JAVA_HOME\jre\lib\security\cacerts
  - Now, import the certificate to windows JavaStandardTrust using keytool (similarly, we can import the certificate in linux truststore).

keytool -import -alias "<Any Unique Alias Name>" -keystore <path of JavaStandardTrust>  -file "<path of public certificate>

keytool -import -alias "AnyAliasName" -keystore "%JAVA_HOME%\jre\lib\security\cacerts"  -trustcacerts -file "MyServerCertificate.cer"

After, we have imported the certificate to JavaStandardTrust store, we can make a secure SSL connection to AdminServer using t3s protocol.

#Ignore hostname verification 
System.setProperty("weblogic.security.SSL.ignoreHostnameVerification", "true")

#Make t3s connection with AdminServer, t3s://:
adminURL = "t3s://slc07fic.us.oracle.com:7002"
connect("weblogic","welcome2", adminURL)

Output: SSL connection to weblogic admin server using t3s protcol:

c:\fmw_12.2.1.3.0\wls12213\oracle_common\common\bin>java -Dweblogic.security.SSL.ignoreHostnameVerification=true weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> adminURL = "t3s://myAdminServerHost:7002"
wls:/offline>
wls:/offline> connect("weblogic","welcome2", adminURL)
Connecting to t3s://myAdminServerHost:7002 with userid weblogic ...
    
    
    
Successfully connected to Admin Server "AdminServer" that belongs to domain "osb_domain".

wls:/osb_domain/serverConfig/>

Output: SSL connection to weblogic admin server using t3s protcol:

You may also like:

Check whether particular application is deployed in AdminServer (WLST)

List deployed applications in weblogic Admin Server (WLST/example)

Get targets of deployed application in weblogic admin server (WLST)

WLST – List server status in weblogic domain (python script/example)

Install/deploy application to weblogic admin server – WLST (script/example)

Script: get running/active servers in weblogic (wlst/python)

Get jvm heap params of remote server in weblogic domain (WLST)