Skip to content

Commit 268ae36

Browse files
committed
update notes about 14120 SSL behaviors
1 parent aa55a0b commit 268ae36

File tree

2 files changed

+40
-0
lines changed

2 files changed

+40
-0
lines changed

documentation/site/content/managing-domains/model-in-image/overview.md

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,44 @@ When you deploy a Model in Image domain resource YAML file:
5252
- The operator subsequently boots your domain's WebLogic Server pods.
5353
- The pods will obtain their domain home from the ConfigMap.
5454

55+
### Using demo SSL certificates in v14.1.2.0.0 or later
56+
57+
{{% notice note %}}
58+
Beginning with WebLogic Server version 14.1.2.0.0, when a domain is `production` mode enabled, it is automatically `secure mode` enabled, therefore, all communications with the domain are using SSL channels and non-secure listening ports are disabled. If there are no custom certificates configured for the SSL channels, then the server uses the demo SSL certificates.
59+
The demo SSL certificates are now domain specific and generated when the domain is first created,
60+
unlike previous releases, which were distributed with the WebLogic product installation. Oracle recommends using custom SSL
61+
certificates in a production environment.
62+
{{% /notice %}}
63+
64+
The certificates are created under the domain home `security` folder.
65+
66+
```
67+
-rw-r----- 1 oracle oracle 1275 Feb 15 15:55 democakey.der
68+
-rw-r----- 1 oracle oracle 1070 Feb 15 15:55 democacert.der
69+
-rw-r----- 1 oracle oracle 1478 Feb 15 15:55 DemoTrust.p12
70+
-rw-r----- 1 oracle oracle 1267 Feb 15 15:55 demokey.der
71+
-rw-r----- 1 oracle oracle 1099 Feb 15 15:55 democert.der
72+
-rw-r----- 1 oracle oracle 1144 Feb 15 15:55 DemoCerts.props
73+
-rw-r----- 1 oracle oracle 2948 Feb 15 15:55 DemoIdentity.p12
74+
```
75+
76+
For Model in Image domains, whenever you change any security credentials including, but not limited to, the Administration Server credentials, RCU credentials, and such, the domain will
77+
be recreated and a new set of demo SSL certificates will be generated. The certificates are valid for 180 days, then they expire.
78+
79+
80+
If you have any external client that needs to communicate with WebLogic Servers using SSL, then you need to import the current self-signing CA cert, `democacert.der`,
81+
into your local trust store; previously imported certificates will _not_ work.
82+
83+
```shell
84+
keytool -importcert -keystore <keystore path> -alias wlscacert -file $HOME/Downloads/democacer.der
85+
```
86+
87+
If you are using the WebLogic Scripting Tool, before starting the WLST session, you can set the following system properties.
88+
89+
```shell
90+
export WLST_PROPERTIES="-Dweblogic.security.TrustKeyStore=DemoTrust -Dweblogic.security.SSL.ignoreHostnameVerification=true"
91+
```
92+
5593
### Runtime updates
5694

5795
Model updates can be applied at runtime by changing an image, secrets, a domain resource, or a WDT model ConfigMap after initial deployment.

documentation/site/content/managing-domains/model-in-image/runtime-updates.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,8 @@ the change requires entirely shutting domain the domain,
4242
applying the change, and finally restarting the domain. Full domain restarts are described in
4343
[Full domain restarts]({{< relref "/managing-domains/domain-lifecycle/startup/_index.md#full-domain-restarts">}}).
4444

45+
**NOTE**: If you are using WebLogic Server 14.1.2.0.0 or later, see [Using demo SSL certificates in v14.1.2.0.0 or later]({{< relref "/managing-domains/model-in-image/overview#using-demo-ssl-certificates-in-v141200-or-later" >}}).
46+
4547
**NOTE**: Supported and unsupported changes are described in these sections: [Supported updates](#supported-updates) and [Unsupported updates](#unsupported-updates).
4648
_It is the administrator's responsibility to make the necessary changes to a domain resource to initiate the correct approach for an update._
4749

0 commit comments

Comments
 (0)