Below are the steps to configure Node Manager over SSL :
First create custom certificates using the commands below:
1) keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname “CN=Puneeth, OU=Oracle, O=BEA, L=Denver, ST=Colorado, C=US” -keypass password -keystore identity.jks -storepass password
2) keytool -selfcert -v -alias mykey -keypass password -keystore identity.jks -storepass password -storetype jks
3) keytool -export -v -alias mykey -file rootCA.der -keystore identity.jks -storepass password
4) keytool -import -v -trustcacerts -alias mykey -file rootCA.der -keystore trust.jks –storepass password
.
Now configure “Custom Identity and Customer Trust “for Admin and managed servers as shown below:
.
.
Now enter the Key Alias and Private Key Passphrase under SSL tab for both the servers:
.
.
Make the following changes in nodemanager.properties file :
- AuthenticationEnabled=true
- ListenAddress= ( Leave it blank if you are using localhost for server Listen Address )
- ListenPort=5556
- SecureListener=true
- StartScriptEnabled=true
- KeyStores=CustomIdentityAndCustomTrust
- CustomIdentityKeyStoreFileName=C\:\\bea10.3\\user_projects\\domains\\custom_certificate_nodemanager\\identity.jks
- CustomIdentityAlias=mykey
- CustomIdentityPrivateKeyPassPhrase=password
- CustomTrustKeyStoreFileName=C\:\\bea10.3\\user_projects\\domains\\custom_certificate_nodemanager\\trust.jks
- .
.
Add the following flags in setDomainEnv.cmd:
-Dweblogic.security.IdentityKeyStore=CustomIdentity
-Dweblogic.security.CustomIdentityKeyStoreFileName=filename
-Dweblogic.security.CustomIdentityKeyStorePassPhrase=passphrase
-Dweblogic.security.Identity.KeyStoreType=type
-Dweblogic.security.TrustKeyStore=CustomTrust
-Dweblogic.security.CustomTrustKeyStoreFileName=filename
-Dweblogic.security.CustomTrustKeyStoreType=type
-Dweblogic.security.CustomTrustKeyStorePassPhrase=passphrase
.
.
Add the following flag in startNodeManager.cmd :
set JAVA_OPTIONS=-Dweblogic.nodemanager.sslHostNameVerificationEnabled=false%JAVA_OPTIONS%
.
.
Now check the status of NodeManager. It should be reachable:
.
.
Now start the server..!!
Node manager is now configured over SSL 
No comments:
Post a Comment