Menu Close

How to encrypt passwords for WebLogic 9.x+?

In WebLogic versions prior to 9, JSAFE decryption exceptions and password encryption could be resolved/performed by simply setting plain-text passwords in config.xml as described here.

However, in WebLogic versions later than 9.0, setting plain-text passwords in config.xml (Production mode environments) will throw the following error:

<Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: [Management:141266]Parsing Failure in config.xml: java.lang.IllegalArgumentException: In production mode, it’s not allowed to set a clear text value to the property: PasswordEncrypted of ServerStartMBean>

So, for WebLogic 9.x+ versions, if you doubt passwords in config.xml, you will need to encrypt plain-text passwords and configure them in config.xml as follows:

STEP 1: Encrypt the password you wish to change in config.xml.

Example: You experience JSAFE exceptions with the password of one of your connection pools and you doubt the encrypted password in config.xml.

  • Source the WebLogic environment (to set CLASSPATH and other variables) as follows:
cd <domain-dir>/bin
. ./setDomainEnv.sh

  • Encrypt the plain-text password as follows:
cd <domain-dir>
java weblogic.security.Encrypt <password>

STEP 2: Update the config files (config.xml, jdbc, etc.) with the encrypted password obtained above.

NOTE: The above encryption procedure will work even with earlier versions of WebLogic (e.g. 8.1).

VN:F [1.9.22_1171]
Rating: +17 (from 17 votes)
(Visited 185 times, 1 visits today)

4 Comments

  1. Deepak Devadathan

    There is a way to decrypt the passwords in config.xml, i am not having the script now…will post it shortly.

  2. Deepak

    no , its not a wlst script…
    its a plain old java code…just need the serializedini.dat file of the domain to decrypt…

Leave a Reply

Your email address will not be published. Required fields are marked *