Steps To Encrypt Clear Text Passwords for Weblogic Server

by · Published · Updated

Oracle Weblogic Server

Using clear text passwords in the configuration files are supported only for a development domain.

In a production domain, WebLogic Server encrypts all the plain text passwords stored in its domain configuration XML files to prevent access to sensitive information.When passwords are entered using administration console or scripting tools, it will automatically get encrypted before they are stored in the configuration XML files.

If you are seeing below error in logs while starting weblogic domain in production mode then you need to encrypt all the passwords supplied in config files and replace the clear text passwords with the encrypted passwords and need to restart the domain again.
To do the encryption you have to follow below mentioned steps.

<Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: [Management:141266]Parsing Failure in config.xml: java.lang.IllegalArgumentException: In production mode, it’s not allowed to set a clear text value to the property: PasswordEncrypted of ServerStartMBean>”

1. check the config.xml to see if the password-encrypted field is empty “<password-encrypted></password-encrypted>” or carries a clear text password.

2. To create an encrypted version of the password you can utilise the java method weblogic.security.Encrypt() or WLST encrypt() method

— weblogic.security.Encrypt() Method:
2.a.1. Change directory to your domain’s bin folder (For Eg. cd WLS_home\user_projects\domains\mydomain\bin)
2.a.2. Use setDomainEnv.cmd/sh script to setup the environment
2.a.3. Run java weblogic.security.Encrypt which will prompt for the password and will print the encrypted value in stdout. Make sure that you execute this utility from the domain folder as it requires the domain’s password salt file (SerializedSystemIni.dat) for encrypting the clear text string.
Example: If the password we will supply is let weblogic, there are two ways to run the utility

C:\bea103_1\user_projects\domains\base_domain>java weblogic.security.Encrypt
Password:
{3DES}tRmL7CmezaeFQmGsiaot4A==

You can also use it like below method

C:\bea103_1\user_projects\domains\base_domain>java weblogic.security.Encrypt weblogic
{3DES}tRmL7CmezaeFQmGsiaot4A==

— WLST encrypt() method to encrypt clear text strings:

2.b.1. C:\bea103_1\user_projects\domains\base_domain>java weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> es = encrypt('weblogic')
wls:/offline> print es
{3DES}tRmL7CmezaeFQmGsiaot4A==
wls:/offline>

3. For Fusion Middleware 11g(FMW 11g) below are the steps to encrypt a clear text password:

export FMW_HOME=C:\Oracle\Middleware
export DOMAIN_NAME=SOA11.1.0.0
export PATH=$FMW_HOME/jdk160_21/bin:$PATH
cd $FMW_HOME/user_projects/domains/$DOMAIN_NAME/bin
./setDomainEnv.sh
java -cp $FMW_HOME/wlserver_10.3/server/lib/weblogic.jar:$CLASSPATH weblogic.security.Encrypt welcome

 

In case of any ©Copyright or missing credits issue please check CopyRights page for faster resolutions.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.