Thursday, October 2, 2014

Update weblogic keystores and SSL tab keystore location and password using WLST

We can use WLST to update identity and trust keystore location and password for admin and manager server under Configuration --> Keystores tab. It will also update Private Key Alias and Private Key Passphrase under Configuration --> SSL tab.

So I will create a function keystoreSSLSetup which will have below input arguments

Input Parameter Description
serverName Name of Admin or Managed Server where update is required
CustIdentityKeyStoreName  Identity Keystore containing the private and public key of the server 
CustIdentityKeyStorePassPhrase Password of Identity Keystore
CustTrustKeyStoreFileName Trust keystore containing CA certificates
CustServerPrivateKeyAlias Alias/name of the private key stored in identity keystore
CustServerPrivateKeyPassPhrase Password for private key. (Generally it is kept same as password of identity keystore)
domainHome Absolute path of domain

We will also encrypt the password for security reasons.

Now the function will look like below:

def keystoreSSLSetup(serverName,CustIdentityKeyStoreName,CustIdentityKeyStorePassPhrase,CustTrustKeyStoreFileName,CustServerPrivateKeyAlias,CustServerPrivateKeyPassPhrase,domainHome):  
    try:
        print "Setup KeyStore and SSL"
        cd ("/Servers/" + serverName)
        CustIdentityKeyStorePassPhraseEncrypted = encrypt (CustIdentityKeyStorePassPhrase, domainHome)
        set ("KeyStores", "CustomIdentityAndCustomTrust")
        set ("CustomIdentityKeyStoreFileName", CustIdentityKeyStoreName)
        set ("CustomIdentityKeyStorePassPhrase", CustIdentityKeyStorePassPhrase)
        set ("CustomIdentityKeyStorePassPhraseEncrypted", CustIdentityKeyStorePassPhraseEncrypted)
        set ("CustomIdentityKeyStoreType", "JKS")
        set ("CustomTrustKeyStoreFileName", CustTrustKeyStoreFileName)
        set ("CustomTrustKeyStorePassPhrase", CustIdentityKeyStorePassPhrase)
        set ("CustomTrustKeyStorePassPhraseEncrypted", CustIdentityKeyStorePassPhraseEncrypted)
        set ("CustomIdentityKeyStoreType", "JKS")
        print "Keystore Setup Successful"
        cd ("SSL/"+ serverName)
        set ("ServerPrivateKeyAlias", CustServerPrivateKeyAlias)
        set ("ServerPrivateKeyPassPhrase", CustServerPrivateKeyPassPhrase)
        CustServerPrivateKeyPassPhraseEncrypted = encrypt (CustOutboundPrivateKeyPassPhrase, domainHome)
        set ("ServerPrivateKeyPassPhraseEncrypted", CustServerPrivateKeyPassPhraseEncrypted)
        print "SSL Setup Successful"  
    except Exception, e:
        print e
        print "Error while trying to Setup KeyStore and SSL!!!"
        dumpStack()
        raise
        cancelEdit('y')
        activateTheChanges()
        disconnectFromServer()      
        exit() 
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)