WebLogic Server Not Using Default Identity And Trust Keystores When Using -DUseSunHttpHandler=true
Last updated on JUNE 22, 2018
Applies to:Oracle WebLogic Server - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
WebLogic 12.1.3 server not using default identity and trust keystores when using -DUseSunHttpHandler=true
When we try to make 2-way SSL outbound communication from WebLogic Server to External system.
From WebLogic we recommend to use –DuseSunHttpHandler=true to make outbound socket connection using SUN handlers. Which is recommended from WebLogic Server 12c onwords.
When we use the sun handlers (-DUseSunHttpHandler=true) to enforce to use javax.net.* for socket connection, SSL doesn't honor the trust store settings of WLS Console when WebLogic server acting as a client, so we need to use javax.net.ssl.trustStore properties.
It make a Successful SSL outbound Handshake after adding the javax.net.ssl.trustStore properties as below
-DUseSunHttpHandler=true -Djavax.net.ssl.trustStore=D:\MW\WebLogic\Home-AC\Java\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore=D:\MW\WebLogic\Home-AC\Domains\Bus-PT\SSL\IdentityKeystore.jks -Djavax.net.ssl.keyStorePassword=######## (Plain Text format password )
However the –Djavax.net.ssl.keyStoerPassword we have to specify in clear text password which can be a security concern
It was also tried to encrypt the password using, java weblogic.security.Encrypt utility, and use the encrypted password but it doesn’t taking the encrypted password for the -Djavax.net.ssl.keyStorePassword option.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms