SSL on Weblogic Made Simple –CONTINUED
To setup certificate configurations on weblogic , ensure that you have a set of the following certificates:
1) PRIVATE key
2) PUBLIC key
3) CERTIFICATION AUTHORITY (CA)
SSL is based on Public Key Cryptography (PKC) is a method for securely exchanging messages, based on assigning two complimentary keys (one public, one private) to the individuals involved in a transaction. Public Key Cryptography is based on the science of encryption, the mathematical scrambling and unscrambling of messages.
By using a SSL Certificate, you are enabling your site to conduct authenticated, encrypted on-line commerce.
There are two ways to create a private key: You can use:
a)Keytool
b)openssl
Generate CSR certificate :
keytool -certreq -v -alias wlkey -keystore wldomain-private.jks
Combine three certificates into one certificate in the same order as below :
Public.cert (Server Certificate we received in the name of number.crt)
Intermediate.cert(Intermediate Certificate)
Root.cert ( Root CA Certificate)
Save these three certificates into one file mywldomain.crt
Import
mywldomain.crt file into wldomain-private.jks
keytool -import -alias wldomainprivkey -file wldomain.crt -keystore wldomain-private.jks -trustcacerts
Import Trust identity (Trusted Root certificate)
keytool -import -alias wltruskey -file RootCA.crt -keystore wldomaindomaintrust.jks -trustcacerts
keytool -import -alias wltruskey -file Intermediate.crt -keystore wldomaindomaintrust.jks -trustcacerts
Listing the contents of the Keystore
keytool -list -v -keystore wldomain-private.jks
2) PUBLIC key
3) CERTIFICATION AUTHORITY (CA)
By using a SSL Certificate, you are enabling your site to conduct authenticated, encrypted on-line commerce.
b)openssl
Create/Generate private Key : (Identity Key)
keytool -genkey -keyalg RSA -alias wlkey –keystore wldomain-private.jks
keytool -genkey -keyalg RSA -alias wlkey –keystore wldomain-private.jks
Generate CSR certificate :
keytool -certreq -v -alias wlkey -keystore wldomain-private.jks
Send CSR certificate
to the CA authority.
The Server certificate, Root CA, Intermediate certificate and CA Chain certificate will be sent to you.
The Server certificate, Root CA, Intermediate certificate and CA Chain certificate will be sent to you.
Combine three certificates into one certificate in the same order as below :
Public.cert (Server Certificate we received in the name of number.crt)
Intermediate.cert(Intermediate Certificate)
Root.cert ( Root CA Certificate)
Save these three certificates into one file mywldomain.crt
keytool -import -alias wldomainprivkey -file wldomain.crt -keystore wldomain-private.jks -trustcacerts
Import Trust identity (Trusted Root certificate)
keytool -import -alias wltruskey -file RootCA.crt -keystore wldomaindomaintrust.jks -trustcacerts
keytool -import -alias wltruskey -file Intermediate.crt -keystore wldomaindomaintrust.jks -trustcacerts
Listing the contents of the Keystore
keytool -list -v -keystore wldomain-private.jks
Configure WLS to use your keystore (one way SSL only)
From the Admin console, go to your server page, and in
the Keystore&SSL tab choose:
Custom Identity and Custom Trust
Custom Identity
Custom Identity Key Store File Name: wldomain-private.jks
Custom Identity Key Store Type: jks
Custom Identity Key Store Pass Phrase: password
Confirm Custom Identity Key Store Pass Phrase: password
Custom Trust
Custom Trust Key Store File Name: wldomaindomaintrust.jks
Custom Trust Key Store Type: jks
Custom Trust Key Store Pass Phrase: password
Confirm Custom Trust Key Store Pass Phrase: password
Private Key Alias: wlkey
Passphrase: password
Confirm Passphrase: password
Custom Identity
Custom Identity Key Store File Name: wldomain-private.jks
Custom Identity Key Store Type: jks
Custom Identity Key Store Pass Phrase: password
Confirm Custom Identity Key Store Pass Phrase: password
Custom Trust
Custom Trust Key Store File Name: wldomaindomaintrust.jks
Custom Trust Key Store Type: jks
Custom Trust Key Store Pass Phrase: password
Confirm Custom Trust Key Store Pass Phrase: password
Private Key Alias: wlkey
Passphrase: password
Confirm Passphrase: password
Enable the SSL port ScreenShot
Restart the server and This completes our Weblogic ssl setup
