Configuring Self Certificate and SSL in Weblogic
1. open command prompt and change the
directory as you weblogic domain home directory by typing following command:
C:\Users\kunalku> D:\Weblogic10.3.6\user_projects\domains\hgbu_domain\bin
C:\Users\kunalku>d:
2. Then execute the setDomainEnv command as follows:
D:\Weblogic10.3.6\user_projects\domains\hgbu_domain\bin>setDomainEnv.cmd
3. Generate you self certificate by following command
D:\Weblogic10.3.6\user_projects\domains\hgbu_domain>keytool -genkey -alias mykey -keyalg RSA -keysize 2048 -validity 365 -keypass privatepassword -keystore identity.jks -storepass password
it will ask you some question as follows:
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: wls
What is the name of your organization?
[Unknown]: wls
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=localhost, OU=wls, O=wls, L=Bangalore, ST=Karnataka, C=IN correct?
[no]: yes
This will create the certificate files.
Now we need to create custom identity store. To create this issue following command:
4. D:\Weblogic10.3.6\user_projects\domains\hgbu_domain>keytool -export -alias mykey -file root.cer -keystore identity.jks -storepass password
you will get following message:
Certificate stored in file <root.cer>
then we need to create the truststore as follows:
5. D:\Weblogic10.3.6\user_projects\domains\hgbu_domain>keytool -import -alias mykey -file root.cer -keystore trust.jks -storepass password
You can see the following message
Owner: CN=localhost, OU=wls, O=wls, L=Bangalore, ST=Karnataka, C=IN
Issuer: CN=localhost, OU=wls, O=wls, L=Bangalore, ST=Karnataka, C=IN
Serial number: 12a493b8
Valid from: Mon Jun 22 14:52:24 IST 2015 until: Tue Jun 21 14:52:24 IST 2016
Certificate fingerprints:
MD5: 2A:C7:02:22:8E:C2:8A:C2:E6:3C:95:88:A5:F0:06:37
SHA1: 3A:CC:C7:04:9E:D9:82:84:2B:9A:FC:0C:EA:18:B9:43:4C:73:4E:6E
SHA256: A5:D0:E8:F2:7E:09:06:1D:61:7B:F9:6F:9E:B0:4C:7F:6E:32:06:62:BD:
DE:AB:49:C9:71:31:AC:67:52:CC:49
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 18 FF C2 49 37 9C 81 39 2D C3 2B 63 54 81 E1 D9 ...I7..9-.+cT...
0010: B6 74 BE C1 .t..
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
You can verify the certificate by following command:
6. D:\Weblogic10.3.6\user_projects\domains\hgbu_domain>keytool -list -v -keystore identity.jks -storepass password
It will print following output
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: mykey
Creation date: Jun 22, 2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, OU=wls, O=wls, L=Bangalore, ST=Karnataka, C=IN
Issuer: CN=localhost, OU=wls, O=wls, L=Bangalore, ST=Karnataka, C=IN
Serial number: 12a493b8
Valid from: Mon Jun 22 14:52:24 IST 2015 until: Tue Jun 21 14:52:24 IST 2016
Certificate fingerprints:
MD5: 2A:C7:02:22:8E:C2:8A:C2:E6:3C:95:88:A5:F0:06:37
SHA1: 3A:CC:C7:04:9E:D9:82:84:2B:9A:FC:0C:EA:18:B9:43:4C:73:4E:6E
SHA256: A5:D0:E8:F2:7E:09:06:1D:61:7B:F9:6F:9E:B0:4C:7F:6E:32:06:62:BD:
DE:AB:49:C9:71:31:AC:67:52:CC:49
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 18 FF C2 49 37 9C 81 39 2D C3 2B 63 54 81 E1 D9 ...I7..9-.+cT...
0010: B6 74 BE C1 .t..
]
]
C:\Users\kunalku> D:\Weblogic10.3.6\user_projects\domains\hgbu_domain\bin
C:\Users\kunalku>d:
2. Then execute the setDomainEnv command as follows:
D:\Weblogic10.3.6\user_projects\domains\hgbu_domain\bin>setDomainEnv.cmd
3. Generate you self certificate by following command
D:\Weblogic10.3.6\user_projects\domains\hgbu_domain>keytool -genkey -alias mykey -keyalg RSA -keysize 2048 -validity 365 -keypass privatepassword -keystore identity.jks -storepass password
it will ask you some question as follows:
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: wls
What is the name of your organization?
[Unknown]: wls
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=localhost, OU=wls, O=wls, L=Bangalore, ST=Karnataka, C=IN correct?
[no]: yes
This will create the certificate files.
Now we need to create custom identity store. To create this issue following command:
4. D:\Weblogic10.3.6\user_projects\domains\hgbu_domain>keytool -export -alias mykey -file root.cer -keystore identity.jks -storepass password
you will get following message:
Certificate stored in file <root.cer>
then we need to create the truststore as follows:
5. D:\Weblogic10.3.6\user_projects\domains\hgbu_domain>keytool -import -alias mykey -file root.cer -keystore trust.jks -storepass password
You can see the following message
Owner: CN=localhost, OU=wls, O=wls, L=Bangalore, ST=Karnataka, C=IN
Issuer: CN=localhost, OU=wls, O=wls, L=Bangalore, ST=Karnataka, C=IN
Serial number: 12a493b8
Valid from: Mon Jun 22 14:52:24 IST 2015 until: Tue Jun 21 14:52:24 IST 2016
Certificate fingerprints:
MD5: 2A:C7:02:22:8E:C2:8A:C2:E6:3C:95:88:A5:F0:06:37
SHA1: 3A:CC:C7:04:9E:D9:82:84:2B:9A:FC:0C:EA:18:B9:43:4C:73:4E:6E
SHA256: A5:D0:E8:F2:7E:09:06:1D:61:7B:F9:6F:9E:B0:4C:7F:6E:32:06:62:BD:
DE:AB:49:C9:71:31:AC:67:52:CC:49
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 18 FF C2 49 37 9C 81 39 2D C3 2B 63 54 81 E1 D9 ...I7..9-.+cT...
0010: B6 74 BE C1 .t..
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
You can verify the certificate by following command:
6. D:\Weblogic10.3.6\user_projects\domains\hgbu_domain>keytool -list -v -keystore identity.jks -storepass password
It will print following output
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: mykey
Creation date: Jun 22, 2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, OU=wls, O=wls, L=Bangalore, ST=Karnataka, C=IN
Issuer: CN=localhost, OU=wls, O=wls, L=Bangalore, ST=Karnataka, C=IN
Serial number: 12a493b8
Valid from: Mon Jun 22 14:52:24 IST 2015 until: Tue Jun 21 14:52:24 IST 2016
Certificate fingerprints:
MD5: 2A:C7:02:22:8E:C2:8A:C2:E6:3C:95:88:A5:F0:06:37
SHA1: 3A:CC:C7:04:9E:D9:82:84:2B:9A:FC:0C:EA:18:B9:43:4C:73:4E:6E
SHA256: A5:D0:E8:F2:7E:09:06:1D:61:7B:F9:6F:9E:B0:4C:7F:6E:32:06:62:BD:
DE:AB:49:C9:71:31:AC:67:52:CC:49
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 18 FF C2 49 37 9C 81 39 2D C3 2B 63 54 81 E1 D9 ...I7..9-.+cT...
0010: B6 74 BE C1 .t..
]
]
verify that it has
created the following files in the domain directory or not:
Login to Weblogic Admin console --> Environment -->
Servers -->
Configuration -> General --> SSL Listen Port Enabled (
Check ) and select the port as 9443 as shown below in screenshot and then click on save.
Click on Keystores tab under " Configuration " tab
:
Click on the change button next to Keystores and sleect
" Custom Identity and Custom Trust " from dropdown and click on
save.
---Identity---
Custom Identity Keystore : < location of identity keystore that you have created>
NOTE : By default WLS will look for this keystore file in domain_home location.
Custom Identity Keystore Type : jks
Custom Identity Keystore Passphrase: password
---Trust---
Custom Trust Keystore : < location of identity keystore that you have created>
NOTE : By default WLS will look for this keystore file in domain_home location.
Custom Trust Keystore Type : jks
Custom Trust Keystore Passphrase: password
Now click on the "Advance" link and check the checkbox "Use JSSE SSL" as shown below and click on save.
Happy Coding :)
Comments
Post a Comment