12c Archive

How to configure SSL on Nodemanager for 12c

In Weblogic Server 12.1.2, the java version of Node Manager controls all WLS instances belonging to the same domain.This allows the feasibility to have different nodemanager configurations for different domains.

You can follow the steps below to use one nodemanager per domain running over SSL ( custom identity & custom trust)

1)  Start nodemanager from the following location ( just to create a default nodemanager.properties file).

D:\Oracle\Middleware\wlserver_12.1\server\bin\startNodeManager.cmd

Stop the nodemanager.

2) Copy the nodemanager folder from the this location to your domain folder.

D:\Oracle\Middleware\wlserver_12.1\common\nodemanager

3) Copy startNodeManager.cmd present at the below location to your domain home folder

D:\Oracle\Middleware\wlserver_12.1\server\bin\startNodeManager.cmd

4) Open the script and update the NodeManager home location in the script

set NODEMGR_HOME=D:/Oracle/Middleware/user_projects/domains/base_domain/nodemanager

5) Create Identity Store for the Node Manager in the nodemanger folder.

keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -dname "CN=www.welogic-wonders.com, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US" -keypass mykeypass -keystore identity.jks -storepass mystorepass

keytool -selfcert -v -alias mykey -keypass mykeypass -keystore identity.jks -storepass mystorepass -storetype jks

You can create it anywhere but then you will have to give the complete path in nodemanager.properties file.

6) Add the following in nodemanager.properties file

KeyStores=CustomIdentityAndCustomTrust
CustomIdentityAlias=mykey
CustomIdentityKeyStoreFileName=identity.jks
CustomIdentityKeyStorePassPhrase=password
CustomIdentityKeyStoreType=JKS
CustomIdentityPrivateKeyPassPhrase=password

7) Start your Node Manager from the domain folder at any available port you want.

D:\Oracle\Middleware\user_projects\domains\base_domain>startNodeManager.cmd localhost 6666

D:\Oracle\Middleware\user_projects\domains\base_domain>set CLASSPATH=.;D:\Oracle
\Middleware\patch_wls1211\profiles\default\sys_manifest_classpath\weblogic_patch
.jar;D:\Oracle\Middleware\jrockit_160_29_D1.2.0-10\lib\tools.jar;D:\Oracle\Middl
eware\wlserver_12.1\server\lib\weblogic_sp.jar;D:\Oracle\Middleware\wlserver_12.
1\server\lib\weblogic.jar;D:\Oracle\Middleware\modules\features\weblogic.server.
modules_12.1.1.0.jar;D:\Oracle\Middleware\wlserver_12.1\server\lib\webservices.j
ar;D:\Oracle\Middleware\modules\org.apache.ant_1.7.1/lib/ant-all.jar;D:\Oracle\M
iddleware\modules\net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar;

D:\Oracle\Middleware\user_projects\domains\base_domain>if not "" == "" set CLASS
PATH=;.;D:\Oracle\Middleware\patch_wls1211\profiles\default\sys_manifest_classpa
th\weblogic_patch.jar;D:\Oracle\Middleware\jrockit_160_29_D1.2.0-10\lib\tools.ja
r;D:\Oracle\Middleware\wlserver_12.1\server\lib\weblogic_sp.jar;D:\Oracle\Middle
ware\wlserver_12.1\server\lib\weblogic.jar;D:\Oracle\Middleware\modules\features
\weblogic.server.modules_12.1.1.0.jar;D:\Oracle\Middleware\wlserver_12.1\server\
lib\webservices.jar;D:\Oracle\Middleware\modules\org.apache.ant_1.7.1/lib/ant-al
l.jar;D:\Oracle\Middleware\modules\net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contr
ib.jar;

D:\Oracle\Middleware\user_projects\domains\base_domain>if not "" == "" set CLASS
PATH=.;D:\Oracle\Middleware\patch_wls1211\profiles\default\sys_manifest_classpat
h\weblogic_patch.jar;D:\Oracle\Middleware\jrockit_160_29_D1.2.0-10\lib\tools.jar
;D:\Oracle\Middleware\wlserver_12.1\server\lib\weblogic_sp.jar;D:\Oracle\Middlew
are\wlserver_12.1\server\lib\weblogic.jar;D:\Oracle\Middleware\modules\features\
weblogic.server.modules_12.1.1.0.jar;D:\Oracle\Middleware\wlserver_12.1\server\l
ib\webservices.jar;D:\Oracle\Middleware\modules\org.apache.ant_1.7.1/lib/ant-all
.jar;D:\Oracle\Middleware\modules\net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contri
b.jar;;

D:\Oracle\Middleware\user_projects\domains\base_domain>cd D:\Oracle\Middleware\u
ser_projects\domains\base_domain\nodemanager

D:\Oracle\Middleware\user_projects\domains\base_domain\nodemanager>if not "6666"
== "" if not "localhost" == "" goto runNMWithListenAddressAndPort

D:\Oracle\Middleware\user_projects\domains\base_domain\nodemanager>"D:\Oracle\Mi
ddleware\jrockit_160_29_D1.2.0-10\bin\java.exe" -jrockit -Xms128m -Xmx256m -Dbea
.home=D:\Oracle\Middleware -Xverify:none -Djava.endorsed.dirs=D:\Oracle\Middlew
are\jrockit_160_29_D1.2.0-10/jre/lib/endorsed;D:\Oracle\Middleware\wlserver_12.1
/endorsed "-Djava.security.policy=D:\Oracle\Middleware\wlserver_12.1\server\lib\
weblogic.policy" "-Dweblogic.nodemanager.javaHome=D:\Oracle\Middleware\jrockit_1
60_29_D1.2.0-10" -DListenAddress="localhost" -DListenPort="6666" weblogic.NodeMa
nager -v

Apr 23, 2015 8:30:50 PM weblogic.nodemanager.server.NMServerConfig initDomainsMa
p
INFO: Loading domains file: D:\Oracle\Middleware\wlserver_12.1\common\nodemanage
r\nodemanager.domains

Apr 23, 2015 8:30:50 PM weblogic.nodemanager.server.SSLConfig loadKeyStoreConfig

INFO: Loading identity key store: FileName=D:\Oracle\Middleware\user_projects\do
mains\base_domain\nodemanager\identity.jks, Type=JKS, PassPhraseUsed=true

Apr 23, 2015 8:30:50 PM weblogic.nodemanager.server.NMServer 
INFO: Loaded node manager configuration properties from 'D:\Oracle\Middleware\us
er_projects\domains\base_domain\nodemanager\nodemanager.properties'
Node manager v10.3

Configuration settings:

NodeManagerHome=D:\Oracle\Middleware\wlserver_12.1\common\nodemanager
ListenAddress=localhost
ListenPort=6666
ListenBacklog=50
SecureListener=true
AuthenticationEnabled=true
NativeVersionEnabled=true
CrashRecoveryEnabled=false
JavaHome=D:\Oracle\Middleware\jrockit_160_29_D1.2.0-10\jre
StartScriptEnabled=true
StopScriptEnabled=false
StartScriptName=startWebLogic.cmd
StopScriptName=
LogFile=D:\Oracle\Middleware\wlserver_12.1\common\nodemanager\nodemanager.log
LogLevel=INFO
LogLimit=0
LogCount=1
LogAppend=true
LogToStderr=true
LogFormatter=weblogic.nodemanager.server.LogFormatter
DomainsFile=D:\Oracle\Middleware\wlserver_12.1\common\nodemanager\nodemanager.do
mains
DomainsFileEnabled=true
StateCheckInterval=500
UseMACBroadcast=false
DomainRegistrationEnabled=false
DomainsDirRemoteSharingEnabled=false

Domain name mappings:


wl_server -> D:\Oracle\Middleware\wlserver_12.1\samples\domains\wl_server
base_domain -> D:\Oracle\Middleware\user_projects\domains\base_domain
medrec -> D:\Oracle\Middleware\wlserver_12.1\samples\domains\medrec

Apr 23, 2015 8:30:51 PM weblogic.nodemanager.server.SSLListener run
INFO: Secure socket listener started on port 6666, host localhost/127.0.0.1