Ghattu's Technology Blog » ssl http://ghattus.com A blog about technology that I work on in my day to day job Thu, 03 Dec 2009 00:56:54 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Monitoring your WebLogic SSL Certificates is important http://ghattus.com/2009/08/19/monitoring-your-weblogic-ssl-certificates-is-important/ http://ghattus.com/2009/08/19/monitoring-your-weblogic-ssl-certificates-is-important/#comments Wed, 19 Aug 2009 14:45:25 +0000 sghattu http://ghattus.com/?p=121 I was talking to my friend yesterday and he mentioned that he was up all night due to an outage that happened to the WebLogic environments he manages, when asked why?

Expired SSL Certificates!!!My initial reaction: You don’t have Monitoring? Hmm well, that led me to think, realistically how many environments have cert expiry monitoring? I haven’t seen any environments that have automated monitors that check the WebLogic Certificates. One of the reason why this may not have affected you is one, you are not using SSL and two, the certs you obtained have a life span of more than 10 years.

In our WebLogic environments we do not have monitoring specifically on the Cert’s, but we do have some monitoring that does warn us in-caseĀ  our Certs are about to expire. The way it works is, during boot time WebLogic Server logs a message if the certs configured are about to expire in the next 30 days. This message is logged with severity “Notice”. Our monitoring application listens on the Log BroadCaster (I will leave the details for another blog post), this listener will send an alert/EMail whenever a message is logged with severity “Notice”. The alert will contain the details of what is logged, in case of a Certificate that is about to expire it will contain the Date when it is going to expire and other Certificate details.

Please note, there is one problem to the above approach, i.e. we are relying on WebLogic Server to be started or restarted atleast once within this 30 days timeframe that your Certificate may expire. If not, you will never recieve the notification.

In one of my subsequent post I will write about an alternate simple approach to monitor your WebLogic Certificates.

]]> http://ghattus.com/2009/08/19/monitoring-your-weblogic-ssl-certificates-is-important/feed/ 3 Default protocol in WebLogic and why is it important http://ghattus.com/2009/07/26/default-protocol-in-weblogic-and-why-is-it-important/ http://ghattus.com/2009/07/26/default-protocol-in-weblogic-and-why-is-it-important/#comments Sun, 26 Jul 2009 21:17:12 +0000 sghattu http://ghattus.com/?p=55 If your WebLogic Server makes outbound connections to other systems it is wise to know what a DefaultProtocol is. Generally, when you create a WebLogic domain and haven’t configured SSL you will not have to do anything.

But once SSL is configured and you have dis-abled the non-ssl port, you should make sure that the DefaultProtocol your WebLogic Server uses is SSL (either t3s, https or iiops). If you haven’t done this, your WebLogic Server will try to use “t3″ (default) for any outbound connections and since the ListenPort is disabled it will fail.

Here’s a simple wlst script to change the default protocol to t3s for all the servers in the domain.

# After connecting to the Admin Server

edit()

startEdit()

servers = cmo.getServers()

for i in servers:

i.setDefaultProtocol(“t3s”)

save()

activate()

]]> http://ghattus.com/2009/07/26/default-protocol-in-weblogic-and-why-is-it-important/feed/ 0