WebLogic Configure your own key store and SSL operation manual

WebLogic Configure your own key store and SSL operation manual

(Custom logo and custom trust &keytool&tls1.0)

1. Enable Sslport

Save. Restart managed Server

Internet Explorer Access questions

Google Browser access

2. View KeyStore and SSL configuration KeyStore

Ssl

3, Manual production Identity.jks and Trust.jks new JKs folder

[Email protected] ~]$ mkdir JKSHL

[Email protected] ~]$ CD jkshl/

Generate Identity Identity.jks KeyStore

For example, the following is a description of the Yellow background section:

Weblogichl is "ssl-private key Alias".

Keypass123 is "ssl-private key password phrase";

Storepass123 is the key-identity (identity)-Custom identity keystore password phrase.

Storepass123 is the KeyStore-trust-Custom identity keystore password phrase.

3650 define the validity period of the certificate for yourself, the unit is days;

[Email protected] jkshl]$ keytool-genkey-alias weblogichl -keyalg rsa-keypass keypass123 -keyst Oreidentity.jks-storepassstorepass123-validity 3650

What's your first and last name?

[Unknown]: Hailang

What is the name of your organizationalunit?

[Unknown]: Gzcss

What is the name of your organization?

[Unknown]: Gzcss

What's the name of your city or Locality?

[Unknown]: GZ

What's the name of your state or province?

[Unknown]: GD

What is the Two-letter Country code forthis unit?

[Unknown]: CN

Is Cn=hailang, Ou=gzcss, O=gzcss, L=GZ,ST=GD, c=cn correct?

[No]: Yes

To export a CER file for a public key certificate

[Email protected] jkshl]$ keytool-export-alias weblogichl -file root.cer-keystore identity.jks

Enter keystore Password: storepass123

Certificate stored in file <root.cer>

Generate Trust Trust.jks KeyStore

Import and generate the Trust.jks KeyStore from the Root.cer public key certificate generated in the previous step

[Email protected] jkshl]$ keytool-import-alias weblogichl -trustcacerts-file root.cer- Keystoretrust.jks

Enter keystore Password: storepass123

Re-enter new password: storepass123

Owner:cn=hailang, Ou=gzcss, O=gzcss, L=GZ,ST=GD, C=CN

Issuer:cn=hailang, Ou=gzcss, O=gzcss,l=gz, ST=GD, C=CN

Serial NUMBER:559A5AC9

Valid from:mon Jul 18:39:05 HKT 2015until:thu Jul 18:39:05 HKT 2025

Certificate Fingerprints:

Md5:04:f2:4f:97:5b:8b:32:23:ab:69:d0:6a:42:1d:c7:77

Sha1:a0:b3:6f:90:08:0d:6b:55:6f:a6:13:c6:3b:c0:f4:ce:e1:b5:72:f9

Signature algorithm Name:sha1withrsa

Version:3

Trust this certificate? [No]: Yes

Certificate was added to KeyStore

At this point Identity.jks and trust.jks production finished!

4. Configure the new KeyStore and SSL Change the default demo KeyStore KeyStore-Change in console

Select "Custom Identity and Custom Trust"-"Save"

Fill in the KeyStore configuration

Custom identity KeyStore:/home/weblogic/jkshl/identity.jks

Custom Trust KeyStore:/home/weblogic/jkshl/trust.jks

Custom identity/Trust key type:jks

Click "Save". Setup is complete.

Configuration of SSL

Private key alias:Weblogichl

Private key Password phrase:keypass123

Click "Save" to restart the server. The KeyStore and SSL configuration is complete.

5. Browser Authentication Server startup log

[Email protected] bin]$./startmanagedweblogic.sh appSrv02 http://Weblogic201:7001

.

.

JAVA Memory arguments:-xms1024m-xmx1024m-xx:compilethreshold=8000-xx:permsize=128m-xx:maxpermsize=256m

.

WLS Start mode=development

.

Classpath=/home/weblogic/oracle/middleware/patch_wls1035/profiles/default/sys_manifest_classpath/weblogic_ Patch.jar:/home/weblogic/oracle/middleware/patch_ocp360/profiles/default/sys_manifest_classpath/weblogic_ patch.jar:/home/weblogic/jdk1.6.0_45/lib/tools.jar:/home/weblogic/oracle/middleware/wlserver_10.3/server/lib/ weblogic_sp.jar:/home/weblogic/oracle/middleware/wlserver_10.3/server/lib/weblogic.jar:/home/weblogic/oracle/ Middleware/modules/features/weblogic.server.modules_10.3.5.0.jar:/home/weblogic/oracle/middleware/wlserver_ 10.3/server/lib/webservices.jar:/home/weblogic/oracle/middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar :/home/weblogic/oracle/middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/home/weblogic/ Oracle/middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/home/weblogic/oracle/middleware/wlserver_ 10.3/server/lib/xqrl.jar:.:/ Home/weblogic/jdk1.6.0_45$/lib:/home/weblogic/jdk1.6.0_45$/lib/tools.jar

.

path=/home/weblogic/oracle/middleware/wlserver_10.3/server/bin:/home/weblogic/oracle/middleware/modules/ org.apache.ant_1.7.1/bin:/home/weblogic/jdk1.6.0_45/jre/bin:/home/weblogic/jdk1.6.0_45/bin:/home/weblogic/ jdk1.6.0_45/bin:/home/weblogic/jdk1.6.0_45/jre/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/ Local/sbin:/usr/sbin:/sbin:/home/weblogic/bin

.

***************************************************

* Tostart WebLogic Server, use a username and *

* Password assigned to an Admin-level user. for *

* Server administration, use the WebLogic server *

* Console at Http://hostname:port/console *

***************************************************

Starting WebLogic with Java version:

Java Version "1.6.0_45"

Java (TM) SE Runtime Environment (BUILD1.6.0_45-B06)

Java HotSpot (TM) 64-bit Server VM (build20.45-b01, Mixed mode)

Starting WLS with line:

/home/weblogic/jdk1.6.0_45/bin/java-client  -xms1024m-xmx1024m-xx:compilethreshold=8000-xx:permsize= 128m -xx:maxpermsize=256m-dweblogic.name=appsrv02-djava.security.policy=/home/weblogic/oracle/middleware/ wlserver_10.3/server/lib/weblogic.policy-dweblogic.security.ssl.trustedcakeystore=/home/weblogic/oracle/ middleware/wlserver_10.3/server/lib/cacerts -xverify:none -da-dplatform.home=/home/weblogic/oracle/ middleware/wlserver_10.3-dwls.home=/home/weblogic/oracle/middleware/wlserver_10.3/server-dweblogic.home=/home/ weblogic/oracle/middleware/wlserver_10.3/server  -dweblogic.management.discover=false- dweblogic.management.server=http://weblogic201:7001 -dwlw.iterativedev=false-dwlw.testconsole=false- dwlw.logerrorstoconsole=false-dweblogic.ext.dirs=/home/weblogic/oracle/middleware/patch_wls1035/profiles/ Default/sysext_manifest_classpath:/home/weblogic/oracle/middleware/patch_ocp360/profiles/default/sysext_ manifest_classpath  WebLogic. SerVer

<jul 6 7:20:17 PM hkt><info> <Security> <BEA-090905> <disabling cryptoj jceprovider Self -integrity Check for better startup performance. To enable Thischeck, specify-dweblogic.security.allowcryptojdefaultjceverification=true>

<jul 6 7:20:18 PM hkt><info> <Security> <BEA-090906> <changing the defaultrandom number G Enerator in RSA Cryptoj from ECDRBG to Fips186prng. To Disablethis change, specify-dweblogic.security.allowcryptojdefaultprng=true>

<jul 6 7:20:18 PM hkt><info> <WebLogicServer> <BEA-000377> <starting weblogicserver With Java HotSpot (TM) 64-bit Server VM Version 20.45-b01 from Sunmicrosystems inc.>

<jul 6 7:20:19 PM hkt><info> <Security> <BEA-090065> <getting boot identity fromuser. >

Enter username to boot weblogicserver:weblogic

Enter Password to boot WebLogic server:

<jul 6 7:20:24 PM hkt><info> <Management> <BEA-141107> <version:weblogic Server10.3.5.0.7 PSU Patch for BUG16088411 Mon Apr 15:13:52 IST 2013

WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 1398638 >

<jul 6 7:20:26 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to STA Rting>

<jul 6 7:20:26 PM hkt><info> <WorkManager> <BEA-002900> <initializingself-tuning Thread pool>

<jul 6 7:20:26 PM hkt><notice> <LoggingService> <BEA-320400> <the log file/home/ Weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/appsrv02.logwill be rotated. Reopen The log file if tailing has stopped. This can happen onsome platforms like windows.>

<jul 6 7:20:26 PM hkt><notice> <LoggingService> <BEA-320401> <the log file Hasbeen rotate D To/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/appsrv02.log00018.log Messages'll continue to be logged in/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/ Appsrv02/logs/appsrv02.log.>

<jul 6 7:20:26 PM hkt><notice> <log management> <BEA-170019> <the server Log file/home/we Blogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/appsrv02.logis opened. All server side log events would be written to this file.>

<jul 6 7:20:29 PM hkt><notice> <Security> <BEA-090082> <security initializingusing Security Realm Myrealm.>

<jul 6 7:20:30 PM hkt><notice> <LoggingService> <BEA-320400> <the log file/home/ Weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/access.logwill be rotated. Reopen The log file if tailing has stopped. This can happen onsome platforms like windows.>

<jul 6 7:20:30 PM hkt><notice> <LoggingService> <BEA-320401> <the log file Hasbeen rotate D To/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/access.log00012.log Messages'll continue to be logged in/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/ Appsrv02/logs/access.log.>

<jul 6 7:20:31 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to STA Ndby>

<jul 6 7:20:31 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to STA Rting>

<jul 6 7:20:33 PM hkt><notice> <log management> <BEA-170027> <the Server hasestablished C Onnection with the Domain level Diagnostic servicesuccessfully.>

<jul 6 7:20:33 PM hkt><notice> <Cluster> <BEA-000197> <listening forannouncements from C Luster using unicast cluster messaging>

<jul 6 7:20:33 PM hkt><notice> <Cluster> <BEA-000133> <waiting to Synchronizewith other R Unning members of Cluster1.>

<jul 6, 7:20:46 PM hkt><notice> <Cluster> <BEA-000142> <trying to Downloadcluster JNDI tre E from server appsrv04.>

<jul 6 7:20:46 PM hkt><notice> <Cluster> <BEA-000164> <synchronized Cluster jnditree fro M server appsrv04.>

<jul 6 7:20:46 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to ADM In>

<jul 6 7:20:46 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to RES Uming>

<jul 6 7:20:46 PM hkt><notice> <Cluster> <BEA-000162> <starting "Async" Replication Service with remote cluster address "150.18.23.201:8001,150.18.23.201:8002,150.18.23.202:8001,150.18.23.202:8002" >

<jul 6, 7:20:47pm hkt> <Notice> <Security> <BEA-090171> <loading theidentity Certificate and private key stored under the alias Weblogichl from Thejks KeyStore file/home/weblogic/jkshl/identity.jks.>

<jul 6, 7:20:47pm hkt> <Notice> <Security> <BEA-090169> <loadingtrusted certificates From the JKs keystore file/home/weblogic/jkshl/trust.jks.>

<jul 6 7:20:47 PM hkt><notice> <Server> <BEA-002613> <channel "Defaultsecure" is now list Ening on 150.18.23.201:8012 for Protocolsiiops, T3s, Cluster-broadcast-secure, Ldaps, https.>

<jul 6 7:20:47 PM hkt><notice> <Server> <BEA-002613> <channel "Default" is now listening O N 150.18.23.201:8002 for Protocols iiop,t3, Cluster-broadcast, LDAP, SNMP, http.>

<jul 6 7:20:47 PM hkt><notice> <WebLogicServer> <BEA-000332> <started weblogicmanaged Server "appSrv02" for Domain "MyDomain" running Indevelopment mode>

<jul 6 7:20:48 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to RUN Ning>

<jul 6 7:20:48 PM hkt><notice> <WebLogicServer> <BEA-000360> <server started inrunning m Ode>

Description of your own defined KeyStore loaded successfully!

Internet Explorer Access questions

Continue browsing this site for success!

View certificate Information

From the expiration date and the certificate issuer information. This certificate is exactly what we created earlier:

What's your first and last name?

[Unknown]: Hailang

What is the name of your organizationalunit?

[Unknown]: Gzcss

What is the name of your organization?

[Unknown]: Gzcss

What's the name of your city or Locality?

[Unknown]: GZ

What's the name of your state or province?

[Unknown]: GD

What is the Two-letter Country code forthis unit?

[Unknown]: CN

Is Cn=hailang, Ou=gzcss, O=gzcss, L=GZ,ST=GD, c=cn correct?

Google Browser access

The same will prompt that the certificate is unsafe

Continue to

View certificate Information

So far. Configuring your own KeyStore and SSL operation is complete!

--------------------------------------------------------------------------------------------------------------- ------------------

12306 SSL Certificate Encryption technology:

WebLogic Configure your own key store and SSL operation manual