This content has been marked as final. Show 3 replies
Hi,1 person found this helpful
In WLS releases before WLS 220.127.116.11 (WLS 10.3.5), WebLogic Server's hostname verification code did not support wildcard certificates. Thus as per a product enhancement, we have created a separate hostname verification code, which allows wildcard certificates.
Thus in order to have this functionality on WLS 10.3.5 and below, we have Patch 10215257 for WLS 10.3.0, 10.3.4, and 10.3.5.
NOTE: This wildcard implementation is embedded in the binaries of WLS 10.3.6 and 18.104.22.168, thus there is no requirement for a patch on those versions and higher.
Once we apply the apprropriate patch we need to do the following:
Add the server start-up parameter (in the java_options):
Navigate to Admin Console -> server_name -> SSL -> Advanced. Check the checkbox Use JSSE.
This has to be done on all the servers where we are planning to use the wild card certificate. If you are using WLS 10.3.6+ or WLS 22.214.171.124+, do the following:
Enable "Use JSSE."
Navigate to Admin console -> server_name -> SSL -> Advanced ->. Check the checkbox Use JSSE.
Select the value "weblogic.security.utils.SSLWLSWildcardHostnameVerifier" from the dropdown list of "Hostname verfication" parameters.
Weblogic server by default implements certicom SSL. In release WLS 10.3.4 the JSSE is implemented and certcom deprecated. As mentioned above.
But wth previous version i.e. 10.3 which hasn't got this option available in the console, we can implement the following parameters to enable Sun SSL implementation instead of certicom:
-Dweblogic.wsee.client.ssl.usejdk=true (for webservice clients)
We are using weblogic 10.0.0.0
So, I believe we need to install the patch first before doing any configuration changes.
How can we get the patch?
Open a ticket with Oracle WLS support team or you can search in MOS to download the patch.