Is it Supported a Hot Swap of SSL Certificates on Production Systems?
(Doc ID 2451974.1)
Last updated on SEPTEMBER 26, 2018
Applies to:Oracle WebLogic Server - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
In attention to different situations where a SSL certificate in production needs to re-installed or updated, for example because using a new certificate provider or the certificate will soon expire.
It looked like the following approach could avoid the bounce of wl servers when updating a SSL certificate and warrant successful transaction flowing.
See the steps below
1. (NOTICE: same .jks file used as identity and trust store) Create a backup of keystore: E.g Mykeystore_bk.jks
2. From Admin Console, change both Identity and Trust Keystore for all weblogic servers to Mykeystore_bk.jks and activate changes.
console responds "No restart required"
3. Install/Update the new SSL certificate in the original Mykeystore.jks
4.Again From Admin Console, change both Identity and Trust Keystore for all weblogic servers to Mykeystore.jks and activate changes. Console responds "No restart required".
On a dev/test environment this worked OK.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document