19.1 WSM support for WLS Secure Mode

On the Fusion Middleware (FMW) domain, following configurations must be set in the SSL environment.
  1. Check CCW configuration on the domain.
    1. Log into Enterprise Manager (EM).
    2. Check if wsm-pm URL is a t3s URL. To check this
      1. Navigate to: Weblogic Domain > Cross Component Wiring > Service Tables
      2. Check for OWSM Policy Manager (wsm-pm) URL. It must be t3s.

        Note:

        When SSL is enabled, the wsm-pm URL must not be a t3s URL.
    3. Follow step is a workaround to add t3s and https URLs.
      1. Update <domain_home>/config/fmwconfig/wsm-config.xml.
      2. Update the pm.url attribute to add t3s and https URLs.
        <orares:property orares:category="ConfigManager" orares:name="pm.url">
         <orares:value>t3s://<hostname>:<port></orares:value>
         <orares:value>https://<hostname>:<port></orares:value>
  2. Set the bootstrap properties for WSM. The following wlst should be run during server configuration or after server start-up
    setWSMBootstrapConfig('<domain_name>','<domain_home_dir>','ConfigManager','pm.url','auto-ssl')
  3. Log into EM . Update WSM Configuration to set SSL mode on.
    1. Navigate to Weblogic Domain > Web Services > WSM Domain Configuration.
    2. Set SSL mode on, on the WSM Configuration. To do so:
      1. Navigate to Policy Accessor tab.
      2. Add PM CSF Key to point to existing key in keystore.
        setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’pm.csf.key‘,None,[‘fad’])
      3. Select Use SSL only option.
        setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’pm.url‘,None,[‘auto-ssl’])
      4. Under SSL Setup
        • Select Oneway OR Two-way
          setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’ssl.twoway‘,None,[‘true’])
        • Select the Keystore (for example, KSS)
          setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’truststore.csf.key‘,None,[‘fad’])
          setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’keystore.ssl.alias‘,None,[‘fad’])
        • Select the Truststore Path (location of keystore)
          setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’truststore.path‘,None,[‘kss://owsm/keystore’])
      5. Click Apply.
      6. Click Refresh button.
  4. For the configurations changes to reflect:
    • Automatic Refresh Wait for 10 min

      Or

    • Restart the servers to see the immediate effect of the configuration change.

For more information on secure mode, see Using Secured Production Mode.