As a member of a Middleware team, you may encounter situations where the Oracle WebLogic environment is set up by someone else, and you may not have the password but still have server access.
If you find yourself in such a situation where you need to retrieve the password for an Oracle WebLogic environment setup that was done by someone else or you don’t know the password, the following method would be useful to decode it
Decrypting WebLogic Java Keystore Password
If you are uncertain about the password of your WebLogic Java keystore, you can utilize the following wlst method to decode it.
Invoke wlst.sh from Oracle home>bin directory and execute the below commands:
./wlst.sh
You will get WLST prompt in offline mode, invoke the following command
wls:/offline> domain = "/u02/oracle/user_projects/mydomains/domain_name"
Note: Change the domain path if necessary
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}WDhZb5/IP95P4eM8jwYITiZs01frTSeliV59aFog1jQ=")
weblogic123
wls:/offline>
Note: encrypted string starting with AES, you can find in config.xml
You may face the following issue while decrypting.
wls:/offline> print encryption.decrypt("{AES}gT9zSPu4d57o83Hi3yromUP3Vzu+FUTpHMwl1U90kMN\=")
Traceback (innermost last):
File "<console>", line 1, in ?
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException
If you are encountering the above error, then you got to remove the forward symbol at the end.
Change the required String FROM
wls:/offline> print encryption.decrypt("{AES}gT9zSPu4d57o83Hi3yromUP3Vzu+FUTpHMwl1U90kMN\=")
TO
wls:/offline> print encryption.decrypt("{AES}gT9zSPu4d57o83Hi3yromUP3Vzu+FUTpHMwl1U90kMN=")
Decrypting WebLogic Console Password
We are assuming that you have access to the server and have logged in with the relevant UNIX account.
Go to Oracle bin directory (oracle_home/common/bin)
Invoke the WLST by running below command:
./wlst.sh
Then Invoke below command
wls:/offline> domain = "/u02/oracle/user_projects/mydomains/domain_name"
Note: change the domain path if necessary
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}YDhZb5/IP95P4eM8jwYITiZs01kawSeliV59aFog1jS=")
weblogic@123
wls:/offline>
Note: encrypted code starting with AES you can find in a boot.properties file.
As you can see the password is decoded – weblogic@123
I hope the aforementioned instructions will assist you in decrypting passwords for WebLogic Console and Java keystore.
