This document provides steps for changing the admin server password in Weblogic, encrypting strings for security, and recovering a corrupted SerializedSystemIni.dat file. To change the admin password: 1) bring down the server, 2) remove authentication files, 3) change the password, 4) recreate authentication files and start the server. The java weblogic.security.Encrypt command encrypts strings into 3DES format. To recover SerializedSystemIni.dat: remove encryption, replace encrypted passwords, recreate the file, and restart the server.
This document provides steps for changing the admin server password in Weblogic, encrypting strings for security, and recovering a corrupted SerializedSystemIni.dat file. To change the admin password: 1) bring down the server, 2) remove authentication files, 3) change the password, 4) recreate authentication files and start the server. The java weblogic.security.Encrypt command encrypts strings into 3DES format. To recover SerializedSystemIni.dat: remove encryption, replace encrypted passwords, recreate the file, and restart the server.
This document provides steps for changing the admin server password in Weblogic, encrypting strings for security, and recovering a corrupted SerializedSystemIni.dat file. To change the admin password: 1) bring down the server, 2) remove authentication files, 3) change the password, 4) recreate authentication files and start the server. The java weblogic.security.Encrypt command encrypts strings into 3DES format. To recover SerializedSystemIni.dat: remove encryption, replace encrypted passwords, recreate the file, and restart the server.
Remove the DefaultAuthenticatorInit.ldift(move to DefaultAuthenticatorInit.ldift.old) Remove the ldap folder under the servers/admin/data Change the username pwd in boot.properties file(if exisits) to the new pwd Run the below command under DOMAIN_HOME/security
weblogic.security.utils.AdminAccount weblogic admin . The above command recreates the DefaultAuthenticatorInit.ldift 6) Start the admin server.
For Encrypting a particluar string into desc3 :
java -Dweblogic.RootDirectory="/home/kk595p/classick_domain" -cp "/opt/app/bea/wls92mp2/weblogic92/server/lib/weblogic.jar" weblogic.security.Encrypt Above command will promt for the pwd {3DES}tT3tRIZjdpFMDNfWTWjmGg==
For creation of new serializesystemini.dat and filerealm.propertries file
How To Recover SerializedSystemIni.Dat When It Gets Corrupted :
NOTE: this is only for domain in development mode Please do the following steps in order to recover SerializedSystemIni.dat file: Go to DOMAIN_HOME/config Open the config.xml file and remove any encrypted sections from the <credential-encrypted> attributes. Replace its content with Save the file. Go to DOMAIN_HOME/servers/AdminServer/security Remove the boot.properties file if exists. Go to DOMAIN_HOME/security Remove SerializedSystemInit.dat Go to DOMAIN_HOME/ Rename the fileRealm.properties to fileRealm.properties.src Open fileRealm.properties.src Change all the hashed passwords (encrypted passwords) to clear text passwords. For example: user.system=0xa078cb45e6f6c4eefdd1f14495ff739b5536904c to user.system=Weblogicdomainpwd 13. Ensure to use the same password that was set to the domain. 14. Save the file. 15. Open a terminal and go to DOMAIN_HOME/bin 16. Execute setDomainEnv.sh 17. Then execute (in the same open terminal) the following script: java weblogic.security.acl.internal.FileRealm fileRealm.properties SerializedSystemIni.dat
Save the script.
20. Start Weblogic with startWeblogic.sh or startWeblogic.cmd 21. Enter the user and password
Page 2 of 3
NOTE: In PRODUCTION MODE
Create a new domain with same username and pwd 1) Copy the filerealm.property file and serializeSystemIni.dat from the new domain to the corrupted domain. 2) Copy the credential-encrypted from the new domain config.xml to corrupted domain <default-realm>myrealm</default-realm> <credentialencrypted>{3DES}eVdL/vdCCg4+mJqYwti/N+00gXi9D+aqTix1CPYs8ygKIKPL2XIys6XpYdDK2bGwH XJs6SRnDjaSMJ8pxQ86dJj9y/F0Vc4l</credential-encrypted> <name>classick_domain</name> <credential-encrypted>{3DES}xFmVkykT5x0ZkvCvud9TT/N6mkc3iErGLXXoMtCS4TU=</credentialencrypted> 3) Copy the node manager username from new domain to corrupted domain 4) encrypt each des3 encrypted pwd in all the places with the below command Ex: jdbc passwords and others For ecrypting a particluar string into desc3 java -Dweblogic.RootDirectory="/home/kk595p/classick_domain" -cp "/opt/app/bea/wls92mp2/weblogic92/server/lib/weblogic.jar" weblogic.security.Encrypt When you run the above command . it will promt for a pwd . When you enter plain text pwd , it will sencrypt the same .
5) After changes all the des3 pwd . Start the admin,manage servers . NOTE: The above scenario is tested without JMS . Yet to check with that