About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Question & Answer
Question
Whilst configuring the ITCAM Data Collector I am not sure if JNDI protocol type to select should be t3 or t3s (one-way SSL). Is there a way to confirm which option to select?
Cause
N/A
Answer
The Weblogic instance may be using one of the following three security settings
- t3 with no SSL
- t3s with one-way SSL
- t3s with two-way SSL
To confirm which setting is in use for your WebLogic instance please access the WebLogic Administration Console as the weblogic user via a browser.
(1) The default URL for the Administration Console will be
http://localhost:7001/console/login/LoginForm.jsp
e.g. http://myserver.ibm.com:7001/console/login/loginForm.jsp
(2) Next locate the server instance in question in the left navigation menu by going to Environment > Servers >
(on the right side of the page) Click the name of the server instance
(3) In the resulting screen select Configuration > SSL
to get to the current SSL settings
If the Private Key Alias is not 'DemoIdentity' this means you have a custom keystore with user generated certificates.
You may need to contact the WebLogic administrator for the full details on the location and passphrase for the custom keystore
(the location of the default keystore is located under $BEA_HOME/$WEBLOGIC_VERSION/server/lib/...)
e.g. opt/bea/Oracle/Middleware/wlserver_10.3/server/lib
(4) Expand the 'Advanced' section at the bottom of the page and check the following two parameters...
- Is the 'Use Server Certs' box checked? If yes then this means the certificates from the named keystore will be used
- Which option under 'Two Way Client Cert Behaviour' is selected?
Client Certs not requested means 1 way SSL is enabled - this is the default
Client Certs Requested But Not Enforced means 2 way SSL is enabled
Client Certs Requested and Enforced means 2 way SSL is enabled
(5) This information is relevant for the following options when configuring the Data Collector...
(6) If your WebLogic instance is using t3s (two way SSL), it is not currently possible to successfully configure the instance using the GUI.
A silent response file is needed with the following settings as an example...
-V WLJNDI_TYPE="t3s_twoway"
-V WL_SSL_TRUST_CA_KEYSTORE="/path/to/your/Weblogic/custom_key.jks"
-V WL_SSL_CERT_TYPES="PEM"
-V WL_SSL_CERT_FILES="/path/to/your/custom.crt"
-V WL_SSL_KEY_PSWD="/XkW85LQ/T7lQqhB2cD/rg=="
[{"Product":{"code":"SSCH4B","label":"Tivoli Composite Application Manager for J2EE"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"ITCAM J2EE WEBLOGIC","Platform":[{"code":"PF027","label":"Solaris"},{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.1;7.1.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Product Synonym
ITCAM for J2EE ITCAM
Was this topic helpful?
Document Information
More support for:
Tivoli Composite Application Manager for J2EE
Software version:
6.1, 7.1.1
Operating system(s):
Solaris, AIX, Linux, Windows
Document number:
499139
Modified date:
17 June 2018
UID
swg21653102
