*********************************************************************************** * Description: Python script to decrypt priviate key password in WebLogic keystore * Date: 02:54 PM EST, 09/20/2021 *********************************************************************************** <1> When generating a CSR for WebLogic certificate renewal, priviate key passphrase is needed. Somehow, when one empolyee left without well documenting the password, this info will be missed. | |__ o. If go to WebLogic Console => Environment => Admin Server => SSL, within identity section, the private key passphrase is there, but not readable. <2> To find this enctyped password in dots, we need to open $DOMAIN_HOME/config/config.xml, and search below tag: | |__ o.{AES}Jna41ftOhAB4cn93m6gdVPCyC8Ta79jG0q/r1IjYnzA= | |__ o. The value in between is the encrypted private key passphrase. <3> After getting the string, then use below Python script to decrypt the passphrase: | |__ o. $DOMAIN_HOME/bin/wlst decryptPassword.py $DOMAIN_HOME {AES}Jna41ftOhAB4cn93m6gdVPCyC8Ta79jG0q/r1IjYnzA= #======================================================================================= # This Script decrypt WebLogic passwords # # Usage: # wlst decryptPassword.py# # Author: Rafael Arana # #======================================================================================= import os import weblogic.security.internal.SerializedSystemIni import weblogic.security.internal.encryption.ClearOrEncryptedService def decrypt(domainHomeName, encryptedPwd): domainHomeAbsolutePath = os.path.abspath(domainHomeName) encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath) ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService) clear = ces.decrypt(encryptedPwd) print "RESULT:" + clear try: if len(sys.argv) == 3: decrypt(sys.argv[1], sys.argv[2]) else: print "INVALID ARGUMENTS" print " Usage: java weblogic.WLST decryptPassword.py " print " Example:" print " java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3syTJxFl0t8NInD/ykkE=" except: print "Unexpected error: ", sys.exc_info()[0] dumpStack() raise
Your Comments