Self Signed certificate in Weblogic Server using Keytool

Self signed certificates are used by developers to validate the https configuration and testing.  Below given are the steps to configure and test self signed certificate

  • Navigate to the JRE/bin path and execute the keytool.exe to verify if that is installed properly
  • Create the directory csr    –      mkdir csr
  • Execute the keytool command to generate the identity.jks

keytool -genkey -alias testCert -keyalg RSA -keypass privatepassword -keystore identity.jks -storepass password -validity 365

  • Enter the information asked for Organization, State, City and Country
  •   export the certificate from identity keystore into root.cer

keytool -export -alias testCert -file root.cer -keystore identity.jks  -storepass password

  •   export the certificate from identity keystore

keytool -import -alias mykey -file root.cer -keystore trust.jks -storepass password

  •  Enter the password- password (mentioned above)
keystore identity password
keystore identity password
  •  Log into the Web Logic Server
  •   Click on Server -> Admin Server
  •  Click on Key Store tab
  • Click on the CHANGE button to modify the key store settings
  • Select the custom Identity and Custom Trust from the available option for the key stores
Custom Identity and Custom Trust Keystore
Custom Identity and Custom Trust Keystore
  •  Copy the generated Identity.jks and keystore.jsk files on the server path so that they can be selected as given below.
  •  Modify the port for SSL in the General tab with 4443 (default)
Custom Identity and Custom Trust Keystore in Web logic Server
Custom Identity and Custom Trust Keystore in Web logic Server
  • Click on Save and  activate the changes

LDAP Server Configuration in Web Logic Server

Following steps need to be performed to integrate the LDAP Server with the Oracle Web Logic Server 10.3.5

  •  Log into the Web Logic Server Console.
  • Select the Security realm in the Domain Structure (on the left side)
  • Click on myrealm in the realm section.
  • Click on Providers Tab in the setting section of myrealm
  • Click New in the Authentication Providers table.

ldap_Server_1_2

  •   Enter an appropriate name for Authentication Provider- (Example –TestAuthenticator)

ldap_Server_1_1

  • Select the Authenticator Provider to be used.

Ldap Authentication Provides in Web Logic Server

Ldap Authentication Provider in Web Logic Server

Ldap Authentication Providesrin Web Logic Server
Ldap Authentication Provider in Web Logic Server
    Click OK.
  • In the list of Providers, click on the newly created TestAuthenticator.
  • In the Common Tab for the Provider – TestAuthenticator, change the Control-Flag value from OPTIONAL to SUFFICIENT
Authenticator Control Flag
Authenticator Control Flag
  • Click Save
  • For the Provider – TestAuthenticator, go to the Provider Specific Tab and enter the required information to connect to the Directory Server.
ldap authentication provider configurations
ldap authentication provider configurations
  • In the list of Providers, Click on REORDERS button to move the newly created TestAuthenticator on the top so that it can be executed
Reordering for ldap authentication provider
Reordering for ldap authentication provider
Reorder Authentication Provider
Reorder Authentication Provider
  • Save the Changes.
  • Restart the server and log into Web Logic Server Console.
  • Select the User and Groups Tab for the myrealm section and check for the list of available users retrieved from the LDAP Server.

Difference between Weblogic development mode and production mode

The blog provides the difference between the Weblogic Server Development Mode and Production Mode features

WebLogic Server Development Mode

  • WebLogic Server domains uses the Sun Java Development Kit (JDK) when running the Development Mode .
  • The WebLogic Server Development Mode enables auto-deployment of applications. The Weblogic Admin Server creates a boot.properties file automatically at the server start up.
  • The WebLogic Server Development Mode also provides the demo certificates for Secure Sockets Layer (SSL) and allows developers a quick and easy available environment up and running to perform deployment, configuration, or security issues
  • The DebugFlag is used to enable the WebLogic Workshop Debugger.
  • Change center is disabled and doesn’t require the Lock and Edit session.
  • JRE Mode is -client, The Client VM provides high performance for applications and applets and reduces application start-up time and memory footprint
  • page_check_seconds in weblogic.xml file is 0. When a jsp is edited and deployed not using the autodeploy folder, then jsp pages are recompiled and served
  • Fast swap is enabled to ensure Java classes are redefined in-place without reloading the ClassLoader to reduce the overall compilation time for developers
  • In The WebLogic Server Development Mode, the configuration for security is relaxed

Weblogic Server Production Mode

  • The WebLogic Server Production Mode does not support auto-deployment mode to reduce the overhead of continuous polling of directory updates. The deployments in the WebLogic Server are supported through Administration Console, weblogic.Deployer tool or the WebLogic Scripting Tool (WLST)
  • The Weblogic Server provides additional features when it is to be used for the production environment. The Weblogic Server production mode provides additional security features enabled by the Weblogic Server.
  • If you are using the Oracle Fusion Midldeware , then it is recommended to use the Oracle JRockit JVM which has additional features added for SOA, BPEL, OSB and ADF
    objects to be released to garbage colllection and other service specific security features
  • The WebLogic Server Production Mode displays Warning messages for Demo SSL Certificate usage.
  • The Logs files in the WebLogic Server Production Mode supports file size of 500 KB and then New Log file will be created.
  • The WebLogic Server Production Mode always prompt for Weblogic User Name and Password.
  • The JDBC Connection Pool Capacity is Defaulted with 25 connections
  • The No. of threads available to Execute Queues are default to 25
  • Node manager user id and password are randomly generated
  • The DebugFlag is used to enable the WebLogic Workshop Debugger
  • Fast swap is disabled
  • Change center is Enabled and requires the Lock and Edit session
  • JRE Mode is -server, Server VM is tuned to maximize peak operating speed for executing long-running server applications, which requires high speed for fast start-up time or smaller runtime memory footprint.
    page_check_seconds in weblogic.xml file is -1 which means JSP pages will not be deployed
  • In The WebLogic Server Production Mode, server runs with all security configurations enabled

How to create a Durable Subscriber JMS Topic in Weblogic Server

WebLogic Server  durable subscriber JMS Topics, provides the persistent of the messages either file based or database specific until the message is delivered to the subscriber.  In case the message is failed, it is persisted in the database. Following are the parameters which are to be used for durable subscriber JMS Topic.

  • Client ID — The unique client ID  value for the created durable subscriber.
  • Subscription Name — The subscription name given to the durable subscriber.
  •  No Local — The noLocal flag for this durable subscriber, which when enabled, can prevent an application from receiving messages it has published itself.
  • Active — ensures that the subscription is used by a durable subscriber.
  • Selector — If specified, the message selector for filtering messages.
  • Messages Pending Count — The number of messages that are stored in the system but which are not visible.
  • Messages Current Count — The number of messages pending with the durable subscriber to be executed.
  • Bytes Current Count — The number of bytes received by the durable subscriber.

Steps to create a Durable Subscriber JMS Topic

1. Click on JMS Module. Select the created JMS Module in which JMS Topic is to be created.
2. Click on NEW to create a new JMS Topic.
3. Select Resource Type as ‘Distributed Topic’
4.  Provide JMS Topic Name
5. Provide JMS DataSource Name
6. Uncheck XA Connectory Factory ( this could depend on ur need)
7. Destination Type as – Uniform
8. Forwarding Polciy as – Partitioned
9. Target ( All Servers in Cluster)
10.  Save the JMS Topic.
11. Open the created JMS Topic and Click on Monitoring tab.
12. Click on Durable Subscriber Tab.
13. Click on Advance Tab
14. Provide the ClinetID value.
15. Provide the Subscription name.
16. Click on Apply to save the changes.


Increase queue length for Weblogic Server thread pool

The Weblogic Server uses the single thread pool for executing the system administrator or application activities.  Weblogic Server executes the received requests based on the maximum queue length defined for the thread pool. In case of exceeding this limit, WebLogic starts rejecting the web application requests.

We can avoid this by increasing the maximum queue length for the thread pool by making change in Environments > Servers > Threads -> Select an execute thread.
The default value for thread pool is 65536.

Reducing the HTTP Sessions
We can limit the number of HTTP sessions based on the memory allocation which avoids in resulting out of memory errors. The following entry can be done in deployment descriptor  file for handling count for HTTP sessions.
<session-descriptor>
<max-in-memory-sessions>10</max-in-memory-sessions>
</session-descriptor>

Exit from server  on Out of Memory exception
performing the exit when  out of memory exception occurs provides the automatic shutdown and configure the node manager or high availability tool to restart the weblogic server which reduces the down time for the server.

Add the below entry in the config.xml for automatic shutdown of server
<overload-protection>
<panic-action>system-exit</panic-action>
</overload-protection>


How to set the production mode for weblogic domain

The blogs provides the steps on  how to set the production mode value in Weblogic Server

Points to Consider for Weblogic Server Production Mode

  • The WebLogic Server Production Mode does not support auto-deployment mode to reduce the overhead of continuous polling of directory updates. The deployments in the WebLogic Server are supported through Administration Console, weblogic.Deployer tool or the WebLogic Scripting Tool (WLST)
  • The Weblogic Server provides additional features when it is to be used for the production environment. The Weblogic Server production mode provides additional security features enabled by the Weblogic Server.
  • If you are using the Oracle Fusion Midldeware , then it is recommended to use the Oracle JRockit JVM which has additional features added for SOA, BPEL, OSB and ADF
    objects to be released to garbage colllection and other service specific security features
  • The WebLogic Server Production Mode displays Warning messages for Demo SSL Certificate usage. 
  • The Logs files in the WebLogic Server Production Mode supports file size of 500 KB and then New Log file will be created.
  • The WebLogic Server Production Mode always prompt for Weblogic User Name and Password.  
  • The JDBC Connection Pool Capacity is Defaulted with 25 connections
  • The No. of threads available to Execute Queues are default to 25
  • Node manager user id and password are randomly generated
  • The DebugFlag is used to enable the WebLogic Workshop Debugger
  • Fast swap is disabled
  • Change center is Enabled and requires the Lock and Edit session
  • JRE Mode is -server, Server VM is tuned to maximize peak operating speed for executing long-running server applications, which requires high speed for fast start-up time or smaller runtime memory footprint.
    page_check_seconds in weblogic.xml file is -1 which means JSP pages will not be deployed

How to set Production Mode value using the Weblogic Server administration  console.

Home-> Domain-> General -> Production Mode 

Set the value for Production Mode as TRUE.

Restart your server and it will runs with additional features including security. 

.