Is it Supported a Hot Swap of SSL Certificates on Production Systems
(Doc ID 2451974.1)
Last updated on DECEMBER 16, 2023
Applies to:
Oracle WebLogic Server - Version 12.2.1.3.0 and laterInformation in this document applies to any platform.
Goal
In attention to different situations where a SSL certificate in production needs to re-installed or updated, for example because using a new certificate provider or the certificate will soon expire.
It looked like the following approach could avoid the bounce of wl servers when updating a SSL certificate and warrant successful transaction flowing.
See the steps below:
1. (NOTICE: same .jks file used as identity and trust store) Create a backup of keystore: E.g Mykeystore_bk.jks
2. From Admin Console, change both Identity and Trust Keystore for all weblogic servers to Mykeystore_bk.jks and activate changes.
console responds "No restart required"
3. Install/Update the new SSL certificate in the original Mykeystore.jks
4. Again From Admin Console, change both Identity and Trust Keystore for all weblogic servers to Mykeystore.jks and activate changes. Console responds "No restart required".
5. On a dev/test environment this worked OK.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |