Keystore and Certificates in Clustered Environments
If you are working with WebLogic clusters spanning multiple machines, you have to make sure all certificates in the cluster are marked as trusted, otherwise the AdminServer will not be able to communicate with all the node managers.
Assuming you have a two node cluster, you would have to do the following.
Make sure you have followed the process described in the previous section on each of the machines making up the cluster before continuing.
Make sure all certificates are available on all nodes by copying them into the keystore folders on each server.
cd ~/keystore
scp wls11g-1.localdomain-rootCA.der oracle@wls11g-2.localdomain:/home/oracle/keystore
scp oracle@wls11g-2.localdomain:/home/oracle/keystore/wls11g-2.localdomain-rootCA.der .
On the first node, load the certificate generated on the second node into the local trust keystore using the following command.
$JAVA_HOME/jre/bin/keytool -import -v -trustcacerts -alias selfsigned2 -file wls11g-2.localdomain-rootCA.der \-keystore trust.jks -storepass password1
On the second node, load the certificate generated on the first node into the local trust keystore using the following command.
$JAVA_HOME/jre/bin/keytool -import -v -trustcacerts -alias selfsigned2 -file wls11g-1.localdomain-rootCA.der \-keystore trust.jks -storepass password1
You can now continue with the rest of the configuration.
If you are working with WebLogic clusters spanning multiple machines, you have to make sure all certificates in the cluster are marked as trusted, otherwise the AdminServer will not be able to communicate with all the node managers.
Assuming you have a two node cluster, you would have to do the following.
Make sure you have followed the process described in the previous section on each of the machines making up the cluster before continuing.
Make sure all certificates are available on all nodes by copying them into the keystore folders on each server.
cd ~/keystore
scp wls11g-1.localdomain-rootCA.der oracle@wls11g-2.localdomain:/home/oracle/keystore
scp oracle@wls11g-2.localdomain:/home/oracle/keystore/wls11g-2.localdomain-rootCA.der .
On the first node, load the certificate generated on the second node into the local trust keystore using the following command.
$JAVA_HOME/jre/bin/keytool -import -v -trustcacerts -alias selfsigned2 -file wls11g-2.localdomain-rootCA.der \-keystore trust.jks -storepass password1
On the second node, load the certificate generated on the first node into the local trust keystore using the following command.
$JAVA_HOME/jre/bin/keytool -import -v -trustcacerts -alias selfsigned2 -file wls11g-1.localdomain-rootCA.der \-keystore trust.jks -storepass password1
You can now continue with the rest of the configuration.
No comments:
Post a Comment