Weblogicssl fix apple iOS itms download problem

Premise:

Install the OpenSSL tool.

Entering the OpenSSL working directory via the Windows cmd command

such as the decompression directory:e:\ openssl-1.0.2-beta1

The working directory is E:\openssl-1.0.2-beta1\inc32\out32dll

Through cmd >cd/d E:\openssl-1.0.2-beta1\inc32\out32dll

Set up certificate store directory:E:\ssl

The following is the process of implementing a CA and issuing certificates using OPENSLL:

1) Generate CA key CA as an authoritative authority, he himself uses certificates to identify himself, and the CA itself has a private key. In the process of issuing a digital certificate, the CA's private key is used primarily to encrypt user information and public keys in the user's certificate request.

Opensslgenrsa-out E:\SSL\CAKEY.PEM 1024

This command produces a private key file Cakey.pem with a length of 1024 bytes.

2) Generate CA certificate request

Opensslreq-new-out E:\ssl\careq.csr-key e:\ssl\cakey.pem-confige:\openssl-1.0.2-beta1\apps\openssl.cnf

Note: openssl.cnf files are requested in openssl-1.0.2-beta1 Directory Search, fill in the specific directory

Input Item Description:

AU: Country code CN represents China

Some-state: Region BJ custom Beijing (here input to 1 below) generate initial keystore consistency)

Eg,city: City BJ custom Beijing (Ibid. to 1 below) generate initial keystore consistency)

Internet widgits Pty Ltd: Organization name Cebbbak Custom Everbright (ibid. to 1 below) generate initial keystore consistency)

Organization Name Cebbank Custom Everbright (ibid. to 1 below) generate initial keystore consistency)

URL or IP (same as above 1) Generate initial keystore consistency)

The following items can be empty:

This command generates the request file CAREQ.CSR for the certificate according to CAKEY.PEM.

3) Self-signed with CA private key

Opensslx509-req-in E:\ssl\careq.csr-out E:\ssl\cacert.pem-signkey E:\ssl\cakey.pem-days 3650

Description: -days Specify the certificate validity period Ten years Custom

The command generates a CA certificate based on the certificate request entered and the CA private key. Now that the certificate required as a CA is ready, the resulting CAKEY.PEM can be used to issue the certificate in the future, and the CACERT.PEM certificate, as the user's trusted certificate, needs to be distributed to each entity that issued the certificate by that CA institution.

The server certificate and the client certificate are made slightly different from the client certificate, because the server differs from the client certificate format requirements for the certificate format. For servers such as Tomcat or WebLogic, a file in a JKS format is typically required, where the server private key, the server certificate, and the server root certificate chain (a list of CA certificates from ROOTCA to the server certification authority) are saved.

Server certificate to make this type of certificate, you need to use one of the tools provided by the JDK Keytool.

Note: Here you need to switch to JDK Working Environment:

If local is:D:\ProgramFiles\Java\jdk1.6.0_24\bin

Implement CDM >cd/d D:\ProgramFiles\Java\jdk1.6.0_24\bin

The following is the process of making a certificate library using Keytool:

1) generate the initial KeyStore

Keytool-genkey-alias serveralias-keyalg rsa-keysize 1024-dname "Cn=10.192.109.227,ou=cebbank, O=cebbank,l=BJ, St=BJ, C=CN "-keypass password-keystore E:\ssl\server.jks-storepass password-validity 7300

The parameter description in –dname: CN: Server domain name or Ip,ou: Affiliation, O: Affiliation unit, L: Region, St: region, c: Country code, Keypass: Password, storepass: password

2) generate a certificate request

Keytool-certreq-alias serveralias-sigalg md5withrsa-file E:/ssl/server.csr-keystore e:/ssl/server.jks-keypass Password-storepass Password

The last generated certificate request file is SERVER.CSR. The request is sent to the certification authority, which verifies the entity information in the certificate request and then implements the visa. Because we are ourselves the CA, so the visa this step is also our own to do.

3) Implementing a Visa visa still uses OpenSSL instead of keytool. In OpenSSL, enter the following command:

Switch to: OpenSSL directory

Execute the following command:

Opensslx509-req-in e:/ssl/server.csr-out E:/ssl/servercert.pem-cae:/ssl/cacert.pem-cakey E:/ssl/cakey.pem- Cacreateserial-days 3650

The output of the Servercert.pem file is the certificate after the visa, which is the certificate request response. The CAKEY.PEM used in the command

And Cacert.pem are the CA key files and CA root Certificates that are generated above. After completing the CA visa, return the certificate request response along with the CA root certificate to the requester. The requester needs to import the CA root certificate (chain) and the certificate request response into

The JKS library. The tool used at this time is keytool.

Switch to: JDK directory

Execute the following command:

Keytool-import-trustcacerts-keystore e:/ssl/server.jks-file E:/ssl/cacert.pem-alias RootCAkeytool

Then execute the following command:

Keytool-import-trustcacerts-keystore e:/ssl/server.jks-file E:/ssl/servercert.pem-alias Serveralias

Note serveralias name in configuration WebLogic useful to, specific configuration WebLogic SSL please refer to Baidu

It is important to note that the CA root certificate (chain) is imported before the certificate request response is imported, and the alias for importing the certificate request response must match the alias used when the JKS library was generated. At this point, the server-side JKS file is complete and can be configured to the appropriate server.

Note: The JDK on the WebLogic server needs to support RSA algorithms like some JDK does not support, preferably with WebLogic.

Weblogicssl fix apple iOS itms download problem