WebLogic 12c, how to use Foreign JNDI Provider over SSL (T3S protocol)

0
votes

I'm using the Foreign JNDI Provider on unsecure T3 connection to access the remote WebLogic resources on the local instance. Now I must switch to secure connection (T3S) and use two-way authentication with self-signed certificates. So far I have tried following the following:

  • Enable SSL listening port on the remote admin server
  • Generate keypair with Java keytool on the client and remote server
  • Configure both servers to use the keystore / key
  • Export self-signed certificates to opponent's trust stores (cacerts)

Next I changed the remote admin server address to use T3S protocol and the SSL port, but when I try to open the local JNDI tree view, it just hangs loading probably due the failing SSL setup.

1
securityssljakarta-eeweblogicweblogic12c

1 Answers

0
votes

Couple of items I can suggest to get SSL to work :

  1. Make sure you import the certs from both the servers ( local and remote ) to the other servers truststore
  2. Make sure that the trust store is the one you selected in the Keystores tab of the managed server
  3. Check to see if you have -Djavax.net.ssl.trustStore= configured and make sure that the trust store has the correct certs
  4. For testing purpose add the certs to the jdk of both the servers
  5. If you have TLS turned on, make sure the version is the same on both the servers
  6. If none of the above work, turn on debugging and check for the actual error.