…on WebLogic Server 9.x.

Rough notes…

Steps to Configure SSL:
beahome/weblogicserverhome/server/lib/servername.jks

-----------------------------------
user@server$ keytool -v -list -keystore servername.jks
Enter keystore password:

***************** WARNING WARNING WARNING *****************

* The integrity of the information stored in your keystore *

* has NOT been verified! In order to verify its integrity, *

* you must provide your keystore password. *

***************** WARNING WARNING WARNING *****************

Keystore type: jks

Keystore provider: SUN

Your keystore contains 1 entry

Alias name: servernamekey

Creation date: Apr 21, 2009

Entry type: keyEntry

Certificate chain length: 1

Certificate[1]:

Owner: CN=servername.domain.com, OU=FINANCE, O=ATT, L=Alpharetta,
ST=Georgia, C=US

Issuer: CN=servername.domain.com, OU=FINANCE, O=ATT, L=Alpharetta,
ST=Georgia, C=US

Serial number: 55ste04k

Valid from: Tue Apr 21 10:03:27 CDT 2009 until: Fri Apr 19 10:03:27 CDT
2019

Certificate fingerprints:

MD5: 34:84:26:a7:20:ad:38:80:75:J4:35:70:55:02:28:2d

SHA1:
34:84:26:a7:20:ad:38:80:75:J4:35:70:55:02:28:2d:35:70:55:02:28:2d

*******************************************

*******************************************

---------------------------------------

Creating trustkeystore:

beahome/weblogicserverhome/server/lib

user@server$ cp servername.jks servername-trust.jks

user@server$ keytool -v -export -alias servernamekey -keystore
servername-trust.jks -file servername-trustcert.pem -storepass The$ecretPaS$w0rd
-keypass The$ecretPaS$w0rd

Certificate stored in file

beahome/weblogicserverhome/server/lib

user@server$ keytool -v -import -keystore servername-trust.jks
-storepass The$ecretPaS$w0rd -alias trustedcert -trustcacerts -file
servername-trustcert.pem

Certificate already exists in keystore under alias

Do you still want to add it? [no]: yes

Certificate was added to keystore

[Saving servername-trust.jks]

user@server$ rm servername-trustcert.pem

Change server configuration to:

CustomTrustKeystore
(beahome/weblogicserverhome/server/lib/servername-trust.jks) same pwd

Turn off hostname verifier

----------------------------------------------------------

Configure NM:

wls:/offline>

startNodeManager(verbose='true',NodeManagerHome='beahome/weblogicserverhome/domains/dev_domain/nodemanager',ListenPort='5559',ListenAddress='servername.domain.com')

** This is a one time configuration:

nmEnroll('beahome/weblogicserverhome/domains/dev_domain','beahome/weblogicserverhome/domains/dev_domain/nodemanager')

nmConnect('weblogic_administrator','An0th3r$ecr3tPaS$w0rd','servername.domain.com','5559','dev_domain','beahome/weblogicserverhome/domains/dev_domain','ssl','verbose')

If above step fails, you will need to enable ssl debug flags and sort
out SSL issues before proceeding.

Ensure WLST NM connectivity:

nm()

- Start Admin server from command line for first time only

- Connect to admin:

connect('weblogic_administrator','An0th3r$ecr3tPaS$w0rd','t3://servername.domain.com:7001')

** This is a one time configuration:

wls:/dev_domain/serverConfig> nmGenBootStartupProps('Admin_Server')

Successfully generated boot.properties at
beahome/weblogicserverhome/domains/dev_domain/servers/Admin_Server/data
/nodemanager/boot.properties.

Successfully generated startup.properties at
beahome/weblogicserverhome/domains/dev_domain/servers/Admin_Server/data
/nodemanager/startup.properties.

vi
beahome/weblogicserverhome/domains/dev_domain/servers/Admin_Server/data
/nodemanager/boot.properties

Change Username to lower 'u' as username

Change Password to lower 'p' as password

Kill admin server.

(NM can check status/start/stop only those servers that were started by
NM.

If you run into issues, Kill NM java process before killing the server
process. Otherwise, NM will immediately spawn the server process
everytime you kill the server java process.

Restart NM each time you change nodemanager.properties.)

nmStart('Admin_Server')

nmServerStatus('Admin_Server')

nmKill('Admin_Server')

---------------------------- end -----------------------------------

N.B: For each managed server, you have to do a one time process of
generating boot.properties and startup properties.

connect('weblogic_administrator','An0th3r$ecr3tPaS$w0rd','t3://servername.domain.com:7001')

nmGenBootStartupProps('Admin_Server')

nmGenBootStartupProps('mgserver1')

nmGenBootStartupProps('mgserver2') etc.,

----------------------------------------------Finally-----------------
wls:/dev_domain/serverConfig>storeUserConfig('beahome/weblogicserverhome/domains/dev_domain/servers/ss/data/nodemanager/configfile.secure', 'beahome/weblogicserverhome/domains/dev_domain/servers/ss/data/nodemanager/keyfile.secure')
wls:/testdomain/serverConfig>storeUserConfig('/usr/home/user1/configfile.secure', '/usr/home/user1/keyfile.secure')

_______________________________________________________________________
wls:/offline> connect('weblogic_administrator','An0th3r$ecr3tPaS$w0rd','t3://servername.domain.com:7001')
Connecting to t3://servername.domain.com:7001 with userid weblogic_administrator ...
Successfully connected to Admin Server 'Admin_Server' that belongs to domain 'dev_domain'.
keytool