Академический Документы
Профессиональный Документы
Культура Документы
Agenda
Prerequisites Use of Keytool Import Certificates Into Keystores Configure SSL Test Weblogic Console over HTTPS References
Prerequisites
WLS 8.1 Already Installed. WLS 8.1 domain already created
Use of Keytool
Option 1: Procedure for generating a self-signed certificate for use with WLS 8.1
Use keysize 512 if you have an export license look for SSL/Export in license.bea).
Use keysize 1024 if you have a domestic license look for SSL/Domestic in license.bea). Pick your own keystore name, alias name, and passwords; these are only examples.
See also Table 8-1 in "Managing WebLogic Security".(http://edocs.bea.com/wls/docs81/secmanage/ssl.html#1185171)
keytool -genkey -keyalg rsa -keystore mykeystore.jks -alias weblogic keysize 512 -keypass weblogic -storepass weblogic -validity 365 Supply your hostname to the prompt "First and last name" e.g., www.myhost.bea.com)
2) Now extract the self-signed certificate into trust.pem keytool -export -alias weblogic -file C:\bea\user_projects\domains\Self_Signed_Cert_Domain\trust.pe m -keystore C:\bea\user_projects\domains\Self_Signed_Cert_Domain\mykeys tore.jks -storepass weblogic -rfc
3) Import the self-signed certificate which functions as its own certificate authority into trust.jks.
keytool -import -alias weblogic -file C:\bea\user_projects\domains\Self_Signed_Cert_Domain\trus t.pem -keystore C:\bea\user_projects\domains\Self_Signed_Cert_Domain\trus t.jks -storepass weblogic
Now you have mykeystore.jks containing your own host-specific certificate and private key, and trust.jks containing the trusted certificate.
Configure SSL
4) Configure WLS via the console to use this custom identity and custom trust keystores. Point your browser to http://host:port/console Go to servers->myserver->general->Check the SSL Listen Port Enabled. Specify the port number.(Default is 7002) Click on Apply
Go to servers->myserver->Keystore & SSL->Click on change link Change Choose Custom Identity and Custom Trust and then hit on continue. supply mykeystore.jks as the custom identity keystore file name, type JKS, pass phrase weblogic. Use trust.jks as the customer trust keystore file name, etc. Hit continue.
Enter the SSL Private Key Settings Private Key Alias as weblogic Passphrase as weblogic and Confirm the Passphrase Click on continue. Finally hit on Finish
You will get a security alert message. As you are not using Trusted certificate. Click on Yes and pass the credentials.
Option 2:
Use WLS's CertGen utility to create certificates signed by the WLS demonstration certificate authority.WLS 8.1 domain already created This procedure is an alternative to option 1. It uses the demonstration certificate authority.
Required files
Copy the following files into the current directory for easy access. WL_HOME/server/lib/CertgenCA.der WL_HOME/server/lib/CertgenCAKey.der
Generate a certificate signed by the demonstration CA with domestic key strength. The common name CN is the same as the current hostname. The issuer CA name is CN=CertGenCAB,OU=FOR TESTING ONLY,O=MyOrganization,L=MyTown,ST=MyState,C=US.
The following command must be executed with CLASSPATH set for the WLS 8.1 environment.WLS 8.1 domain already created
Java command:
java utils.CertGen weblogic mycertfile mykeyfile The files created are mycertfile.{der,pem} and mykeyfile.{der.pem}
Conversion
Convert CertgenCA.der to .pem format java utils.der2pem CertgenCA.der
Concatenate
Concatenate the 2 certificates to form a chain. cat mycertfile.pem CertgenCA.pem > certs.pem
Useful References
The man page for the keytool utility, which is part of the JDK. See http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html
The WLS document "Managing WebLogic Security" at http://edocs.bea.com/wls/docs81/pdf/secmanage.pdf, especially Chapter 8. The documentation for the openssl utility at http://www.openssl.org. openssl can be downloaded from this web site. For CertGen :http://edocs.bea.com/wls/docs81/admin_ref/utils6.html#1213378 http://iaskbea-2.bea.com/askbea/wls/S-24834.html http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security6.html http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html