WebLogic configuration User-Defined keystore and SSL Operation Manual, weblogicssl

WebLogic configuration User-Defined keystore and SSL Operation Manual, weblogicssl

WebLogic User-Defined keystore and SSL configuration Operation Manual

(Custom ID and custom Trust & Keytool & TLS1.0)

1. Enable the SSL port

Save and restart the managed Server

Internet Explorer access

Google browser access

2. view the keystore and SSL configuration keystore

SSL

 

3. manually create identity. jks and trust. jks to create the jks directory.

[Weblogic @ Weblogic201 ~] $ Mkdir jksHL

[Weblogic @ Weblogic201 ~] $ Cd jksHL/

Generate identity. jks keystore

The yellow background is described as follows:

WeblogicHL is "SSL-Private Key alias ";

Keypass123 is the "SSL-private key password phrase ";

Storepass123 is "key-identity-custom key library password phrase ";

Storepass123 is the phrase "keystore-trust-custom identity keystore password ";

3650 indicates the validity period of the custom certificate, in days;

[Weblogic @ Weblogic201 jksHL] $ keytool-genkey-alias weblogicHL-keyalg RSA-keypass keypass123-keystoreidentity. jks-storepassstorepass123-validity 3650

What is your first and last name?

[Unknown]: HaiLang

What is the name of your organizationalunit?

[Unknown]: GZCSS

What is the name of your organization?

[Unknown]: GZCSS

What is the name of your City or Locality?

[Unknown]: GZ

What is the name of your State or Province?

[Unknown]: GD

What is the two-letter country code forthis unit?

[Unknown]: CN

Is CN = HaiLang, OU = GZCSS, O = GZCSS, L = GZ, ST = GD, C = CN correct?

[No]: yes

Export the cer file of the Public Key Certificate

[Weblogic @ Weblogic201 jksHL] $ keytool-export-alias weblogicHL-file root. cer-keystore identity. jks

Enter keystore password: storepass123

Certificate stored in file <root. cer>

Generate trust. jks keystore

Import the root. cer Public Key Certificate generated in the previous step and generate the trust. jks keystore.

[Weblogic @ Weblogic201 jksHL] $ keytool-import-alias weblogicHL-trustcacerts-file root. cer-keystoretrust. jks

Enter keystore password: storepass123

Re-enter new password: storepass123

Owner: CN = HaiLang, OU = GZCSS, O = GZCSS, L = GZ, ST = GD, C = CN

Issuer: CN = HaiLang, OU = GZCSS, O = GZCSS, L = GZ, ST = GD, C = CN

Serial number: 559a5ac9

Valid from: Mon Jul 06 18:39:05 HKT 2015 until: Thu Jul 03 18:39:05 HKT 2025

Certificate fingerprints:

MD5: 04: F2: 4F: 97: 5B: 8B: 32: 23: AB: 69: D0: 6A: 42: 1D: C7: 77

SHA1: A0: B3: 6F: 90: 08: 0D: 6B: 55: 6F: A6: 13: C6: 3B: C0: F4: CE: E1: B5: 72: f9

Signature algorithm name: SHA1withRSA

Version: 3

Trust this certificate? [No]: yes

Certificate was added to keystore

At this point, identity. jks and trust. jks have been created!

4. Configure the new keystore and SSL on the Console to modify the default Demo keystore "keystore-change"

Select "Custom ID and custom Trust"-"save"

Configure the keystore

Custom ID keystore:/home/weblogic/jksHL/identity. jks

Custom trust keystore:/home/weblogic/jksHL/trust. jks

Custom ID/trust key type: jks

Click "save" to complete the settings.

SSL Configuration

Private Key alias: weblogicHL

Private key phrase: keypass123

Click "save". Restart the Server. The keystore and SSL configuration are complete!

5. Verify the Server startup log in the browser

[Weblogic @ Weblogic201 bin] $./startManagedWebLogic. sh restart rv02 http: // Weblogic201: 7001

.

.

JAVA Memory arguments:-Xms1024m-Xmx1024m-XX: CompileThreshold = 8000-XX: PermSize = 128 m-XX: MaxPermSize = 256 m

.

WLS Start Mode = Development

.

CLASSPATH =/home/weblogic/Oracle/Middleware/patch_wls1035/profiles/default/logs/templates:/home/weblogic/Oracle/Middleware/patch_ocp360/profiles/default/logs/weblogic_patch.jar: /home/weblogic/jdk1.6.0 _ 45/lib/tools. jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic. jar:/home/weblogic/Oracle/Middleware/modules/features/weblogic. server. modules_10.3.5.0.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/webservices. jar:/home/weblogic/Oracle/Middleware/modules/org. apache. ant_1.7.1/lib/ant-all.jar:/home/weblogic/Oracle/Middleware/modules/net. sf. antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbyclient. jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/xqrl. jar :. :/home/weblogic/jdk1.6.0 _ 45 $/lib:/home/weblogic/jdk1.6.0 _ 45 $/lib/tools. jar

.

PATH =/home/weblogic/Oracle/Middleware/wlserver_10.3/server/bin:/home/weblogic/Oracle/Middleware/modules/org. apache. ant_1.7.1/bin:/home/weblogic/jdk1.6.0 _ 45/jre/bin:/home/weblogic/jdk1.6.0 _ 45/bin:/home/weblogic/jdk1.6.0 _ 45/bin: /home/weblogic/jdk1.6.0 _ 45/jre/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin: /usr/local/sbin:/usr/sbin:/home/weblogic/bin

.

**************************************** ***********

* Tostart WebLogic Server, use a username and *

* Password assigned to an admin-level user. *

* Server administration, use the WebLogic Server *

* Console at http: // hostname: port/console *

**************************************** ***********

Starting weblogic with Java version:

Java version "1.6.0 _ 45"

Java (TM) SE Runtime Environment (build1.6.0 _ 45-b06)

Java HotSpot (TM) 64-Bit Server VM (build000045-b01, mixed mode)

Starting WLS with line:

/Home/weblogic/jdk1.6.0 _ 45/bin/java-client-Xms1024m-Xmx1024m-XX: CompileThreshold = 8000-XX: PermSize = 128 m-XX: MaxPermSize = 256 m-Dweblogic. name = appSrv02-Djava.security.policy =/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic. policy-Dweblogic.security.SSL.trustedCAKeyStore =/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/cacerts-Xverify: none-da-Dplatform. home =/home/weblogic/Oracle/Middleware/wlserver_10.3-Dwls.home =/home/weblogic/Oracle/Middleware/wlserver_10.3/server-Dweblogic.home =/home/weblogic/Oracle/Middleware/wlserver_10.3/server-Dweblogic. management. discover = false-Dweblogic. management. server = http: // Weblogic201: 7001-Dwlw. iterativeDev = false-Dwlw.testConsole = false-Dwlw. logErrorsToConsole = false-Dweblogic.ext.dirs =/home/weblogic/Oracle/Middleware/patch_wls1035/profiles/default/packages:/home/weblogic/Oracle/Middleware/patch_ocp360/profiles/default/sysext_manifest_classpath weblogic. server

<Jul 6, 2015 7:20:17 HKT> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCEProvider self-integrity check for better startup performance. to enable thischeck, specify-Dweblogic. security. allowCryptoJDefaultJCEVerification = true>

<Jul 6, 2015 7:20:18 HKT> <Info> <Security> <BEA-090906> <Changing the defaultRandom Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. to disablethis change, specify-Dweblogic. security. allowcryptojdefaprprng = true>

<Jul 6, 2015 7:20:18 HKT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogicServer with Java HotSpot (TM) 64-Bit Server VM Version 20.45-b01 from SunMicrosystems Inc.>

<Jul 6, 2015 7:20:19 HKT> <Info> <Security> <BEA-090065> <Getting boot identity fromuser.>

Enter username to boot WebLogicserver: weblogic

Enter password to boot WebLogic server:

<Jul 6, 2015 7:20:24 HKT> <Info> <Management> <BEA-141107> <Version: WebLogic Server10.3.5.0.7 PSU Patch for BUG16088411 Mon Apr 01 15:13:52 IST 2013

WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638>

<Jul 6, 2015 7:20:26 HKT> <Notice> <WebLogicServer> <BEA-000365> <Server statechanged to STARTING>

<Jul 6, 2015 7:20:26 HKT> <Info> <WorkManager> <BEA-002900> <Initializingself-tuning thread pool>

<Jul 6, 2015 7:20:26 HKT> <Notice> <LoggingService> <BEA-320400> <The log file/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/login rv02/logs/login rv02.logwill be rotated. reopen the log file if tailing has stopped. this can happen onsome platforms like Windows.>

<Jul 6, 2015 7:20:26 HKT> <Notice> <LoggingService> <BEA-320401> <The log file hasbeen rotated to/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/invalid rv02/ logs/logs rv02.log00018. log messages will continue to be logged in/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/appSrv02.log.>

<Jul 6, 2015 7:20:26 HKT> <Notice> <Log Management> <BEA-170019> <The server log file/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/invalid rv02/logs /configure rv02.logis opened. all server side log events will be written to this file.>

<Jul 6, 2015 7:20:29 HKT> <Notice> <Security> <BEA-090082> <Security initializingusing security realm myrealm.>

<Jul 6, 2015 7:20:30 HKT> <Notice> <LoggingService> <BEA-320400> <The log file/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/login rv02/logs/access. logwill be rotated. reopen the log file if tailing has stopped. this can happen onsome platforms like Windows.>

<Jul 6, 2015 7:20:30 HKT> <Notice> <LoggingService> <BEA-320401> <The log file hasbeen rotated to/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/invalid rv02/ logs/access. log00012.Log messages will continue to be logged in/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/login rv02/logs/access. log.>

<Jul 6, 2015 7:20:31 HKT> <Notice> <WebLogicServer> <BEA-000365> <Server statechanged to STANDBY>

<Jul 6, 2015 7:20:31 HKT> <Notice> <WebLogicServer> <BEA-000365> <Server statechanged to STARTING>

<Jul 6, 2015 7:20:33 HKT> <Notice> <Log Management> <BEA-170027> <The Server hasestablished connection with the Domain level Diagnostic Servicesuccessfully.>

<Jul 6, 2015 7:20:33 HKT> <Notice> <Cluster> <BEA-000197> <Listening forannouncements from cluster using unicast cluster messaging>

<Jul 6, 2015 7:20:33 HKT> <Notice> <Cluster> <BEA-000133> <Waiting to synchronizewith other running members of Cluster1.>

<Jul 6, 2015 7:20:46 HKT> <Notice> <Cluster> <BEA-000142> <Trying to downloadcluster JNDI tree from server too rv04.>

<Jul 6, 2015 7:20:46 HKT> <Notice> <Cluster> <BEA-000164> <Synchronized cluster JNDItree from server has 04rv.>

<Jul 6, 2015 7:20:46 HKT> <Notice> <WebLogicServer> <BEA-000365> <Server statechanged to ADMIN>

<Jul 6, 2015 7:20:46 HKT> <Notice> <WebLogicServer> <BEA-000365> <Server statechanged to RESUMING>

<Jul 6, 2015 7:20:46 HKT> <Notice> <Cluster> <BEA-000162> <Starting "async" replication service with remote cluster address "150.18.23.201: 8001,150.18 .23.201: 8002,150.18 .23.202: 8001,150.18 .23.202: 8002 ">

<Jul 6, 2015 7:20:47 HKT> <Notice> <Security> <BEA-090171> <Loading theidentity certificate and private key stored under the alias weblogicHL from thejks keystore file/home/weblogic/jksHL/identity. jks.>

<Jul 6, 2015 7:20:47 HKT> <Notice> <Security> <BEA-090169> <Loadingtrusted certificates from the jks keystore file/home/weblogic/jksHL/trust. jks.>

<Jul 6, 2015 7:20:47 HKT> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 150.18.23.201: 8012 for protocolsiiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>

<Jul 6, 2015 7:20:47 HKT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 150.18.23.201: 8002 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>

<Jul 6, 2015 7:20:47 HKT> <Notice> <WebLogicServer> <BEA-000332> <Started WebLogicManaged Server "127rv02" for domain "myDomain" running inDevelopment Mode>

<Jul 6, 2015 7:20:48 HKT> <Notice> <WebLogicServer> <BEA-000365> <Server statechanged to RUNNING>

<Jul 6, 2015 7:20:48 HKT> <Notice> <WebLogicServer> <BEA-000360> <Server started inRUNNING mode>

This indicates that the custom keystore has been loaded successfully!

Internet Explorer access

Continue to browse this website. Access successful!

View Certificate Information

From the validity period and Certificate Issuer information, we can see that this certificate was created before:

What is your first and last name?

[Unknown]: HaiLang

What is the name of your organizationalunit?

[Unknown]: GZCSS

What is the name of your organization?

[Unknown]: GZCSS

What is the name of your City or Locality?

[Unknown]: GZ

What is the name of your State or Province?

[Unknown]: GD

What is the two-letter country code forthis unit?

[Unknown]: CN

Is CN = HaiLang, OU = GZCSS, O = GZCSS, L = GZ, ST = GD, C = CN correct?

Google browser access

The certificate is also insecure.

Continue

View Certificate Information

Now, the configuration of the custom keystore and SSL has been completed!

Else ---------------------------------------------------------------------------------------------------------------------------------

12306 SSL Certificate encryption technology:

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.