WebLogic Server not Using Default Identity and Trust Keystores when Using -DUseSunHttpHandler=true
(Doc ID 2413410.1)
Last updated on MAY 04, 2020
Applies to:Oracle WebLogic Server - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
WebLogic 12.1.3 server not using default identity and trust keystores when using -DUseSunHttpHandler=true.
When trying to make 2-way SSL outbound communication from WebLogic Server to External system.
From WebLogic it is recommended to use -DuseSunHttpHandler=true to make outbound socket connection using SUN handlers. Which is recommended from WebLogic Server 12c onwards.
When using the sun handlers (-DUseSunHttpHandler=true) to enforce to use javax.net.* for socket connection, SSL doesn't honor the trust store settings of WLS Console when WebLogic server acting as a client, so we need to use javax.net.ssl.trustStore properties.
It makes a Successful SSL outbound Handshake after adding the javax.net.ssl.trustStore properties as below:
-DUseSunHttpHandler=true -Djavax.net.ssl.trustStore=<PATH>\Java\jre\lib\security\cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStore=<PATH>\SSL\IdentityKeystore.jks -Djavax.net.ssl.keyStorePassword=######## (Plain Text format password )
However the –Djavax.net.ssl.keyStorePassword we have to specify in clear text password which can be a security concern.
It was also tried to encrypt the password using, java weblogic.security.Encrypt utility, and use the encrypted password but it doesn’t taking the encrypted password for the -Djavax.net.ssl.keyStorePassword option.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document