WebLogic Administration Console SSL 적용 방법

1. 도메인 설정 페이지

* Enable Administration Port 를 enable 한 후 Administration Port 입력

2. Managed Server 설정

* 서버 설정의 Configuration > General > Advanced 에서 Local Administration Port Override 항목에 도메인 설정에서 입력한 포트와 중복되지 않은 다른 포트 입력

3. Start 스크립트

* Admin Server Start 스크립트 :

-Dweblogic.security.SSL.ignoreHostnameVerification=true

-Dweblogic.security.TrustKeyStore=DemoTrust

옵션 추가

* Managed Server Start 스크립트 : 

-Dweblogic.management.server=https://Admin_Server_IP:Administration_Port

-Dweblogic.security.SSL.ignoreHostnameVerification=true

-Dweblogic.security.TrustKeyStore=DemoTrust

옵션 추가

Admin Server 지정하는 URL을 https://Admin_Server_IP:Administration_Port 로 변경

4. Stop 스크립트

* Admin Server Stop 스크립트 :

-Dweblogic.security.SSL.ignoreHostnameVerification=true

-Dweblogic.security.TrustKeyStore=DemoTrust

옵션 추가

Admin Server 지정하는 URL을 t3s://Admin_Server_IP:Administration_Port 로 변경

* Managed Server Start 스크립트 : 

-Dweblogic.management.server=https://Admin_Server_IP:Administration_Port

-Dweblogic.security.SSL.ignoreHostnameVerification=true

-Dweblogic.security.TrustKeyStore=DemoTrust

옵션 추가

Admin Server나 Managed Server 지정하는 URL을 t3s://Admin_Server_IP:Administration_Port 로 변경

***  참고 ***

WLS 10.0 MP2 버전(유사 버전)은 설정 후 에러 발생함

오라클에 버그패치를 요청 후 적용해야함

=== 에러 내용 ===

<2012. 8. 1 오후 9시 23분 11초 KST> <Error> <Server> <BEA-002625> <An attempt to configure channel "DefaultAdministration[admin]" failed because of weblogic.server.ServiceFailureException:

There are 1 nested errors:

java.io.IOException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
 at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:59)
 at weblogic.server.channels.DynamicListenThreadManager.createListener(DynamicListenThreadManager.java:273)
 at weblogic.server.channels.AdminPortService.bindListeners(AdminPortService.java:76)
 at weblogic.server.channels.EnableAdminListenersService.start(EnableAdminListenersService.java:39)
 at weblogic.server.channels.ChannelService.startDefaultAdminChannel(ChannelService.java:1059)
 at weblogic.server.channels.ChannelService.activateUpdate(ChannelService.java:1507)
 at weblogic.descriptor.internal.DescriptorImpl$Update.activate(DescriptorImpl.java:481)
 at weblogic.descriptor.internal.DescriptorImpl.activateUpdate(DescriptorImpl.java:220)
 at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService$1.run(RuntimeAccessDeploymentReceiverService.java:361)
 at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
 at weblogic.security.service.SecurityManager.runAs(Unknown Source)
 at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.commit(RuntimeAccessDeploymentReceiverService.java:356)
 at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:181)
 at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.commit(DeploymentReceiverCallbackDeliverer.java:63)
 at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingCommit.callDeploymentReceivers(AwaitingCommit.java:223)
 at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingCommit.handleCommit(AwaitingCommit.java:125)
 at weblogic.deploy.service.internal.statemachines.targetserver.AwaitingCommit.receivedCommit(AwaitingCommit.java:44)
 at weblogic.deploy.service.internal.transport.CommonMessageReceiver.receiveRequestCommitMsg(CommonMessageReceiver.java:466)
 at weblogic.deploy.service.internal.transport.CommonMessageReceiver$3.run(CommonMessageReceiver.java:720)
 at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:464)
 at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
 at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
Caused by: java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
 at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
 at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
 at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
 at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
 at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:43)
 at weblogic.security.utils.SSLContextManager.createServerSSLContext(SSLContextManager.java:320)
 at weblogic.security.utils.SSLContextManager.getChannelSSLContext(SSLContextManager.java:239)
 at weblogic.security.utils.SSLContextManager.getSSLServerSocketFactory(SSLContextManager.java:89)
 at weblogic.server.channels.DynamicSSLListenThread.<init>(DynamicSSLListenThread.java:55)
 ... 21 more