My Oracle Support Banner

Is it Supported a Hot Swap of SSL Certificates on Production Systems? (Doc ID 2451974.1)

Last updated on SEPTEMBER 26, 2018

Applies to:

Oracle WebLogic Server - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Goal

In attention to different situations where a SSL certificate in production needs to re-installed or updated, for example because using a new certificate provider or the certificate will soon expire.

It looked like the following approach could avoid the bounce of wl servers when updating a SSL certificate and warrant successful transaction flowing.

See the steps below

 

1. (NOTICE: same .jks file used as identity and trust store) Create a backup of keystore: E.g Mykeystore_bk.jks

2. From Admin Console, change both Identity and Trust Keystore for all weblogic servers to Mykeystore_bk.jks and activate changes.

  console responds "No restart required"

3. Install/Update the new SSL certificate in the original Mykeystore.jks

4.Again From Admin Console, change both Identity and Trust Keystore for all weblogic servers to Mykeystore.jks and activate changes. Console responds "No restart required".

On a dev/test environment this worked OK.



 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.