Today will see the 4th & last part of the series provisioning JCS service in private subnet.
For the previous parts of post you can check the below links.
https://blog.hussaindba.com/provisioning-jcs-service-in-private-subnet-part-1/ (Shown DB System provision)
https://blog.hussaindba.com/provisioning-jcs-service-in-private-subnet-part-2/ (Shown JCS instance provision)
https://blog.hussaindba.com/provisioning-jcs-service-in-private-subnet-part-3/ (Shown Creation of Public LB to access JCS)
Today will see how to access the JCS admin console through HTTPS protocol using Public LB.
Activities to do:
- Create self-signed certificate and private key.
- Import the same in to certificates tab of Public LB.
- Create the listener with HTTPS port and it will ask the certificate to attach, give the imported certificate information.
- Create the backend set for the HTTPS listener and add the backend servers as JCS instance and port 9071.
- Edit the backend set health check policy with protocol TCP (because JCS Admin port listen on t3 protocol) and port 9071.
- Now, to tell that we are offloading or terminating SSL at LB itself we have to create Ruleset in the Public LB.
- Create a Ruleset like below
Action: Add Request Header
8.Add the above Rule set to the HTTPS listener.
9.And also we have to make the parameter WebLogic-Plugin enabled value to YES for Admin and all managed servers.
10.Now, access the HTTPS Public LB URL, it should have to redirect to JCS Admin console page successfully.
Create Self-signed certificate and Private Key with passphrase.
- Generate a Private Key:
openssl genrsa -des3 -out server.key 2048
2.Generate a CSR (Certificate Signing Request):
openssl req -new -key server.key -sha256 -out server.csr
3.Generating a Self-Signed Certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -sha256 -out server.crt
4.Convert the CRT to PEM format
openssl x509 -in server.crt -out server.pem -outform PEM
Import the certificates and private key in the Public LB.
Create certificate work request completed successfully.
Create a Rule Set by which will terminate or offload SSL at LB itself.
Create Rule Set work request completed successfully.
Create the HTTPS listener.
Add the backend set which is already available with backend server as JCS instance with port 9071.
Create Listener work request completed successfully.
Edit the DEVJCS-HTTPS-Listener with Rule set created above screenshots.
Update Listener work request completed successfully.
Now, check the health status of the Public LB it should be in OK status.
Change the WebLogic-Plugin enabled parameter to YES for Admin and all managed servers in WebLogic Server and restart the server.
So, now the time to hit the URL with https public ip which should have to successfully redirect to JCS Admin console page.
Hurray it’s successfully redirected to JCS Admin console through HTTPS protocol.
Note: Why it’s showing Not Secure because the SSL certificate was self-signed, it’s not authenticated with proper CA.
Firoz K. Hussain.
Oracle ACE Associate | Oracle Cloud Architect.