This is just quick & dirty doc on how to change/remove IP/host on Oracle WebLogic Application server
– In logs the Error message will be message like:
<Oct 21, 2013 1:06:51 AM SGT> <Warning> <Security> <BEA-090504> <Certificate chain received from cluster2.yourdomain.com – 192.168.1.41 failed hostname verification check. Certificate contained cluster1.yourdomain.com but check expected cluster2.yourdomain.com>
Solution:
On web console – change/remove IP/hostname
As root / admin supersuser:
– Stop Weblogic Webserver
As this is RHEL Linux, to stop WLS use standard init script start / stop service command
service wls stop
– As Application user create directory where new key will be created
mkdir /home/uwls11pp/tmp_key
cd /home/uwls11pp/tmp_key
– Make backup of current JKS (Keystore File)
cp /WLS/app/oracle/wls1036/wlserver_10.3/server/lib/DemoIdentity.jks /WLS/app/oracle/wls1036/wlserver_10.3/server/lib/DemoIdentity.jks_11032015
– Execute set env . script
/WLS/app/oracle/wls1036/wlserver_10.3/server/bin/setWLSEnv.sh
– Copy & paste output from script above and export variables
export CLASSPATH;
export PATH;
– Check old certificate in keystore
/WLS/app/oracle/jdk1.7.0_25/bin/keytool -list -v -keystore /WLS/app/oracle/wls1036/wlserver_10.3/server/lib/DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase
– Delete old Weblogic keystore JKS file
/WLS/app/oracle/jdk1.7.0_25/bin/keytool -delete -alias demoidentity -keystore /WLS/app/oracle/wls1036/wlserver_10.3/server/lib/DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase
– Check wether proper Java version is used
java -version
– Get hostname from hosts file
cat /etc/hosts
#Replace weblogic1 with your FQDN (Fully Qualified Domain Name) – this step will create new certificate with new hostname
java utils.CertGen -cn weblogic1 -keyfilepass DemoIdentityPassPhrase -certfile newcert -keyfile newkey
#Import certificate to “official” keystore
java utils.ImportPrivateKey -keystore /WLS/app/oracle/wls1036/wlserver_10.3/server/lib/DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile newkey.pem -keyfilepass DemoIdentityPassPhrase -certfile newcert.pem -alias demoidentity
#Recheck once again if correct certificate is in use
/WLS/app/oracle/jdk1.7.0_25/bin/keytool -list -v -keystore /WLS/app/oracle/wls1036/wlserver_10.3/server/lib/DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase
– Finally issue as root user restart Weblogic server again
service wls start
More helpful Articles
Tags: cd home, certificate, check, com, command, hostname, hosts file, howto, oracle, Path, root admin, script, Stop Weblogic, variables, WLS