Ssl – Weblogic Admin Console SSL Connection

sslweblogic

I am trying to set up SSL/TLS for my weblogic admin console. Note this is not for the Weblogic Server but for the admin console.

I would like to specifically set the the admin console to only use TLS 1.2. Originally I thought that I could set it under setEnv and set the java_admin_options or something like that but I still was able to connect to it via SSlv3.

Also if possible can cipher suites be set for the admin console as well? I know how to set them for the regular server, but unsure on how to set them for for the admin server.

Best Answer

you can add the following line of code in commEnv.sh file.(i am using it on weblogic 12c)

# Set server startup arguments for AdminServer

if [ "${SERVER_NAME}" == "AdminServer" ] ; then
      USER_MEM_ARGS="-Xms1024m -Xmx1024m -Dweblogic.security.SSL.protocolVersion=TLSv1.2"
export USER_MEM_ARGS
fi

This will only enable TLS on admin server as per requirement.

you can also try -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.0 parameter in commEnv.sh file which will disable SSLv3.

You can change the cipher suites on admin server as mentioned below by adding it under ssl tab in config.xml

<server> <name>AdminServer</name> <ssl> <name>AdminServer</name> <enabled>true</enabled> <ciphersuite>TLS_RSA_WITH_AES_128_CBC_SHA</ciphersuite> <ciphersuite>TLS_RSA_WITH_AES_256_CBC_SHA</ciphersuite> <ciphersuite>TLS_RSA_WITH_3DES_EDE_CBC_SHA</ciphersuite> <ciphersuite>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</ciphersuite>

Related Topic