>Weblogic allows you to store clear-text passwords in configuration files when you have a development domain, however production mode forces the use of Triple-DES block ciphers to store these password. (that’s also the reason why the encrypted passwords begin with “{3DES}”)
Often this proces is done automatically by Weblogic, but in some cases it is good to know how to manually convert clear-text to a 3DES encrypted string. You can find these 3DES strings located in the domain’s config.xml, boot.properties, the service accounts used by the Oracle Service Bus (even when you use the RDBMS Security Store under your weblogic domain), etc.
For this we will need the domain’s password salt file SerializedSystemIni.dat.
Cibergavin made a good post explaining the importance of this specific file for your Weblogic domain.
SerializedSystemIni.dat is a WebLogic domain file which contains hashes. SerializedSystemIni.dat is located in the domain directory (WebLogic Server 8.1 and earlier) or in domain/security directory (WebLogic Server 9.x and later). The SerializedSystemIni.dat is created during the creation of a WebLogic domain. The hashes in the file are created using an algorithm that binds the file to the domain in which it has been created. So, a SerializedSystemIni.dat file can be used only within the domain in which it has been created.
Due to the use of the salt file (SerializedSystemIni.dat) you should execute the utility from your domain folder:
cd d:\myDomain\binsetDomainEnv.cmdjava weblogic.security.EncryptPassword: weblogic{3DES}p2rh5zuiDsut1yNTGtUfFg==
You can also pass the password as an argument:
cd d:\myDomain\binsetDomainEnv.cmdjava weblogic.security.Encrypt weblogic{3DES}p2rh5zuiDsut1yNTGtUfFg==
And last but not least you can use WLST:
cd d:\myDomain\binsetDomainEnv.cmdjava weblogic.WLST
Initializing WebLogic Scripting Tool (WLST) ...Welcome to WebLogic Server Administration Scripting ShellType help() for help on available commands
wls:/offline> es = encrypt('weblogic')wls:/offline> print es{3DES}p2rh5zuiDsut1yNTGtUfFg==wls:/offline>
