How To Encrypt Clear Text Passwords for a WebLogic Server [ID 941804.1]
How to encrypt clear text password for use within a WebLogic Server config.xml directory
Questions and Answers
Please note, that this article applies only to WebLogic Server versions 9.0 and later.
Using clear text passwords in the configuration files are supported only for a development domain. In a production domain, WebLogic Server encrypts all the plain text passwords stored in its domain configuration XML file(s) to prevent access to sensitive information. When passwords are entered using administration console or scripting tools, it will automatically get encrypted before they are stored in the configuration XML files(s). If the server encounters a clear text password when parsing the configuration file(s) while starting in Production Mode, then you will get an error similar to the following:
<Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: [Management:141266]Parsing Failure in config.xml: java.lang.IllegalArgumentException: In production mode, it’s not allowed to set a clear text value to the property: PasswordEncrypted of ServerStartMBean>”
If you hit an issue similar to this, check the config.xml to see if the password-encrypted field is empty “<password-encrypted></password-encrypted>” or carries a clear text password. To create an encrypted version of the password you can utilise the java method weblogic.security.Encrypt() or WLST encrypt() method
To use the encrypt utility
1. Change directory to your domain’s bin folder ( For Eg. Cd bea_home\user_projects\domains\mydomain\bin )
2. Use setDomainEnv.cmd/sh script to setup the environment
3. Run java weblogic.security.Encrypt which will prompt for the password and will print the encrypted value in stdout. Make sure that you execute this utility from the domain folder as it requires the domain’s password salt file (SerializedSystemIni.dat) for encrypting the clear text string.
If the password we will supply is weblogic, there are two ways to run the utility
C:\bea103_1\user_projects\domains\base_domain>java weblogic.security.Encrypt Password: {3DES}tRmL7CmezaeFQmGsiaot4A==
Alternatively,
C:\bea103_1\user_projects\domains\base_domain>java weblogic.security.Encrypt weblogic {3DES}tRmL7CmezaeFQmGsiaot4A==
WLST can be used to encrypt clear text strings as follows:
C:\bea103_1\user_projects\domains\base_domain>java weblogic.WLST
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> es = encrypt('weblogic')
wls:/offline> print es
{3DES}tRmL7CmezaeFQmGsiaot4A==
wls:/offline>
Link:
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=FAQ&id=941804.1