1. Log into Enterprise Manager (EM).
2. Check if wsm-pm URL is a t3s URL. To check this
   1. Navigate to: Weblogic Domain > Cross Component Wiring > Service Tables
   2. Check for OWSM Policy Manager (wsm-pm) URL. It must be t3s.

      Note:

      When SSL is enabled, the wsm-pm URL must not be a t3s URL.
3. Follow step is a workaround to add t3s and https URLs.
   1. Update <domain_home>/config/fmwconfig/wsm-config.xml.
   2. Update the pm.url attribute to add t3s and https URLs.

      <orares:property orares:category="ConfigManager" orares:name="pm.url">
       <orares:value>t3s://<hostname>:<port></orares:value>
       <orares:value>https://<hostname>:<port></orares:value>

setWSMBootstrapConfig('<domain_name>','<domain_home_dir>','ConfigManager','pm.url','auto-ssl')

1. Navigate to Weblogic Domain > Web Services > WSM Domain Configuration.
2. Set SSL mode on, on the WSM Configuration. To do so:
   1. Navigate to Policy Accessor tab.
   2. Add PM CSF Key to point to existing key in keystore.

      setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’pm.csf.key‘,None,[‘fad’])

   3. Select Use SSL only option.

      setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’pm.url‘,None,[‘auto-ssl’])

   4. Under SSL Setup
      • Select Oneway OR Two-way

        setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’ssl.twoway‘,None,[‘true’])

      • Select the Keystore (for example, KSS)

        setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’truststore.csf.key‘,None,[‘fad’])

        setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’keystore.ssl.alias‘,None,[‘fad’])

      • Select the Truststore Path (location of keystore)

        setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’truststore.path‘,None,[‘kss://owsm/keystore’])

   5. Click Apply.
   6. Click Refresh button.

• Automatic Refresh Wait for 10 min

  Or

• Restart the servers to see the immediate effect of the configuration change.