19.1 WSM support for WLS Secure Mode
On the Fusion Middleware (FMW) domain, following configurations must be set in the
SSL environment.
- Check CCW configuration on the domain.
- Log into Enterprise Manager (EM).
- Check if wsm-pm URL is a t3s URL. To check this
- Navigate to: Weblogic Domain > Cross Component Wiring > Service Tables
- Check for OWSM Policy Manager (wsm-pm) URL. It must be
t3s.
Note:
When SSL is enabled, the wsm-pm URL must not be a t3s URL.
- Follow step is a workaround to add t3s and https URLs.
- Update
<domain_home>/config/fmwconfig/wsm-config.xml
. - Update the
pm.url
attribute to add t3s and https URLs.<orares:property orares:category="ConfigManager" orares:name="pm.url"> <orares:value>t3s://<hostname>:<port></orares:value> <orares:value>https://<hostname>:<port></orares:value>
- Update
- Set the bootstrap properties for WSM. The following wlst should be run during
server configuration or after server
start-up
setWSMBootstrapConfig('<domain_name>','<domain_home_dir>','ConfigManager','pm.url','auto-ssl')
- Log into EM . Update WSM Configuration to set SSL mode on.
- Navigate to Weblogic Domain > Web Services > WSM Domain Configuration.
- Set SSL mode on, on the WSM Configuration. To do so:
- Navigate to Policy Accessor tab.
- Add PM CSF Key to point to existing key in
keystore.
setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’pm.csf.key‘,None,[‘fad’])
- Select Use SSL only
option.
setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’pm.url‘,None,[‘auto-ssl’])
- Under SSL Setup
- Select Oneway OR
Two-way
setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’ssl.twoway‘,None,[‘true’])
- Select the Keystore (for example,
KSS)
setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’truststore.csf.key‘,None,[‘fad’])
setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’keystore.ssl.alias‘,None,[‘fad’])
- Select the Truststore Path (location of
keystore)
setWSMConfiguration(‘/WLS/base_domain’,’ConfigManager’,’truststore.path‘,None,[‘kss://owsm/keystore’])
- Select Oneway OR
Two-way
- Click Apply.
- Click Refresh button.
- For the configurations changes to reflect:
- Automatic Refresh Wait for 10 min
Or
- Restart the servers to see the immediate effect of the configuration change.
- Automatic Refresh Wait for 10 min
For more information on secure mode, see Using Secured Production Mode.