When your Administration Server, NodeManager and Managed Servers use SSL to communicate with each other you have a decent basic security for your Weblogic domain. (And NO, the default demo certs/stores do not fullfill that requirement in production).
However communication from WLST to your weblogic domain needs some small adjustment. The normal steps would otherwise result in this error:
call "D:\myDomain\bin\setDomainEnv.cmd"
D:\myDomain>java weblogic.WLST
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> connect('weblogic',weblogic','t3s://myserver.local.rubix.nl:7003')
Connecting to t3s://myserver.local.rubix.nl:7003 with userid weblogic ...
<8-apr-2010 13:39:55 uur CES> <Warning> <Security< <BEA-090542> <Certificate chain received from myserver.local.rubix.nl - 10.0.0.11 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
Traceback (innermost last):
File "<console>", line 1, in ?
File "<iostream>", line 22, in connect WLSTException: Error occured while performing connect : Error getting the initial context. There is no server running at t3s://myserver.local.rubix.nl:7003 Use dumpStack() to view the full stacktrace
wls:/offline>
*note: I use port 7003 because the Domain Admin Port is enabled in my domain.
Anyway, the connection to the Admin Server can not be established through SSL because there is no trust between the two components. To fix this some additional arguments need to be added.
D:\myDomain>java -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.CustomTrustKeyStoreType="JKS" -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName="D:/myDomain/security/myDomain.truststore.jks" weblogic.WLST
wls:/offline> connect(‘weblogic’,'weblogic’,'t3s://myserver.local.rubix.nl:7003′)
Successfully connected to Admin Server myDomain_admin’ that belongs to domain ‘myDomain’
wls:/myDomain/serverConfig> disconnect()
Disconnected from weblogic server: myDomain_admin
No let’s try to connect to the Nodemanager as well:
wls:/offline> nmConnect('weblogic','weblogic','myserver.local.rubix.nl','5556','myDomain','d:/myDomain','ssl')
Connecting to Node Manager …
Successfully Connected to Node Manager.
wls:/nm/myDdomain>
