WebLogic Configuring a custom KeyStore and SSL operating manual
(Custom logo and custom trust &keytool&tls1.0)
1. Enable SSL port
Save, restart the managed server
IE Browser access
Google Browser access
2. View KeyStore and SSL configuration KeyStore
Ssl
3, Manual production Identity.jks and Trust.jks new JKS directory
[Email protected] ~]$ mkdir JKSHL
[Email protected] ~]$ CD jkshl/
Generate Identity Identity.jks KeyStore
The following is a description of the Yellow background section:
Weblogichl is "ssl-private key Alias";
Keypass123 is "ssl-private key Passphrase";
Storepass123 is "key-identity"-Custom identity KeyStore passphrase;
storepass123 for "KeyStore-trust"-Custom identity KeyStore passphrase;
3650 is the validity period of the custom certificate, the unit is days;
[Email protected] jkshl]$ keytool-genkey-alias weblogichl -keyalg rsa-keypass keypass123 -keyst Oreidentity.jks-storepassstorepass123-validity 3650
What's your first and last name?
[Unknown]: Hailang
What is the name of your organizationalunit?
[Unknown]: Gzcss
What is the name of your organization?
[Unknown]: Gzcss
What's the name of your city or Locality?
[Unknown]: GZ
What's the name of your state or province?
[Unknown]: GD
What is the Two-letter Country code forthis unit?
[Unknown]: CN
Is Cn=hailang, Ou=gzcss, O=gzcss, L=GZ,ST=GD, c=cn correct?
[No]: Yes
To export a CER file for a public key certificate
[Email protected] jkshl]$ keytool-export-alias weblogichl -file root.cer-keystore identity.jks
Enter keystore Password: storepass123
Certificate stored in file <root.cer>
Generate Trust Trust.jks KeyStore
Import and generate the Trust.jks KeyStore from the Root.cer public key certificate generated in the previous step
[Email protected] jkshl]$ keytool-import-alias weblogichl -trustcacerts-file root.cer- Keystoretrust.jks
Enter keystore Password: storepass123
Re-enter new password: storepass123
Owner:cn=hailang, Ou=gzcss, O=gzcss, L=GZ,ST=GD, C=CN
Issuer:cn=hailang, Ou=gzcss, O=gzcss,l=gz, ST=GD, C=CN
Serial NUMBER:559A5AC9
Valid from:mon Jul 18:39:05 HKT 2015until:thu Jul 18:39:05 HKT 2025
Certificate Fingerprints:
Md5:04:f2:4f:97:5b:8b:32:23:ab:69:d0:6a:42:1d:c7:77
Sha1:a0:b3:6f:90:08:0d:6b:55:6f:a6:13:c6:3b:c0:f4:ce:e1:b5:72:f9
Signature algorithm Name:sha1withrsa
Version:3
Trust this certificate? [No]: Yes
Certificate was added to KeyStore
At this point Identity.jks and trust.jks production finished!
4. Configure the new KeyStore and SSL in the console to modify the default demo KeyStore "KeyStore-Change"
Select "Custom Identity and Custom Trust"-"Save"
Fill in the KeyStore configuration
Custom identity KeyStore:/home/weblogic/jkshl/identity.jks
Custom Trust KeyStore:/home/weblogic/jkshl/trust.jks
Custom identity/Trust key type:jks
Click "Save" to complete the setup.
Configuration of SSL
Private key alias:Weblogichl
Private key passphrase:keypass123
Click "Save", restart Server, KeyStore and SSL configuration complete!
5. Browser Authentication Server startup log
[Email protected] bin]$./startmanagedweblogic.sh appSrv02 http://Weblogic201:7001
.
.
JAVA Memory arguments:-xms1024m-xmx1024m-xx:compilethreshold=8000-xx:permsize=128m-xx:maxpermsize=256m
.
WLS Start mode=development
.
Classpath=/home/weblogic/oracle/middleware/patch_wls1035/profiles/default/sys_manifest_classpath/weblogic_ Patch.jar:/home/weblogic/oracle/middleware/patch_ocp360/profiles/default/sys_manifest_classpath/weblogic_ patch.jar:/home/weblogic/jdk1.6.0_45/lib/tools.jar:/home/weblogic/oracle/middleware/wlserver_10.3/server/lib/ weblogic_sp.jar:/home/weblogic/oracle/middleware/wlserver_10.3/server/lib/weblogic.jar:/home/weblogic/oracle/ Middleware/modules/features/weblogic.server.modules_10.3.5.0.jar:/home/weblogic/oracle/middleware/wlserver_ 10.3/server/lib/webservices.jar:/home/weblogic/oracle/middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar :/home/weblogic/oracle/middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/home/weblogic/ Oracle/middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/home/weblogic/oracle/middleware/wlserver_ 10.3/server/lib/xqrl.jar:.:/ Home/weblogic/jdk1.6.0_45$/lib:/home/weblogic/jdk1.6.0_45$/lib/tools.jar
.
path=/home/weblogic/oracle/middleware/wlserver_10.3/server/bin:/home/weblogic/oracle/middleware/modules/ org.apache.ant_1.7.1/bin:/home/weblogic/jdk1.6.0_45/jre/bin:/home/weblogic/jdk1.6.0_45/bin:/home/weblogic/ jdk1.6.0_45/bin:/home/weblogic/jdk1.6.0_45/jre/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/ Local/sbin:/usr/sbin:/sbin:/home/weblogic/bin
.
***************************************************
* Tostart WebLogic Server, use a username and *
* Password assigned to an Admin-level user. for *
* Server administration, use the WebLogic server *
* Console at Http://hostname:port/console *
***************************************************
Starting WebLogic with Java version:
Java Version "1.6.0_45"
Java (TM) SE Runtime Environment (BUILD1.6.0_45-B06)
Java HotSpot (TM) 64-bit Server VM (build20.45-b01, Mixed mode)
Starting WLS with line:
/home/weblogic/jdk1.6.0_45/bin/java-client -xms1024m-xmx1024m-xx:compilethreshold=8000-xx:permsize= 128m -xx:maxpermsize=256m-dweblogic.name=appsrv02-djava.security.policy=/home/weblogic/oracle/middleware/ wlserver_10.3/server/lib/weblogic.policy-dweblogic.security.ssl.trustedcakeystore=/home/weblogic/oracle/ middleware/wlserver_10.3/server/lib/cacerts -xverify:none -da-dplatform.home=/home/weblogic/oracle/ middleware/wlserver_10.3-dwls.home=/home/weblogic/oracle/middleware/wlserver_10.3/server-dweblogic.home=/home/ weblogic/oracle/middleware/wlserver_10.3/server -dweblogic.management.discover=false- dweblogic.management.server=http://weblogic201:7001 -dwlw.iterativedev=false-dwlw.testconsole=false- dwlw.logerrorstoconsole=false-dweblogic.ext.dirs=/home/weblogic/oracle/middleware/patch_wls1035/profiles/ Default/sysext_manifest_classpath:/home/weblogic/oracle/middleware/patch_ocp360/profiles/default/sysext_ manifest_classpath WebLogic. SerVer
<jul 6 7:20:17 PM hkt><info> <Security> <BEA-090905> <disabling cryptoj jceprovider Self -integrity Check for better startup performance. To enable Thischeck, specify-dweblogic.security.allowcryptojdefaultjceverification=true>
<jul 6 7:20:18 PM hkt><info> <Security> <BEA-090906> <changing the defaultrandom number G Enerator in RSA Cryptoj from ECDRBG to Fips186prng. To Disablethis change, specify-dweblogic.security.allowcryptojdefaultprng=true>
<jul 6 7:20:18 PM hkt><info> <WebLogicServer> <BEA-000377> <starting weblogicserver With Java HotSpot (TM) 64-bit Server VM Version 20.45-b01 from Sunmicrosystems inc.>
<jul 6 7:20:19 PM hkt><info> <Security> <BEA-090065> <getting boot identity fromuser. >
Enter username to boot weblogicserver:weblogic
Enter Password to boot WebLogic server:
<jul 6 7:20:24 PM hkt><info> <Management> <BEA-141107> <version:weblogic Server10.3.5.0.7 PSU Patch for BUG16088411 Mon Apr 15:13:52 IST 2013
WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 1398638 >
<jul 6 7:20:26 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to STA Rting>
<jul 6 7:20:26 PM hkt><info> <WorkManager> <BEA-002900> <initializingself-tuning Thread pool>
<jul 6 7:20:26 PM hkt><notice> <LoggingService> <BEA-320400> <the log file/home/ Weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/appsrv02.logwill be rotated. Reopen The log file if tailing has stopped. This can happen onsome platforms like windows.>
<jul 6 7:20:26 PM hkt><notice> <LoggingService> <BEA-320401> <the log file Hasbeen rotate D To/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/appsrv02.log00018.log Messages'll continue to be logged in/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/ Appsrv02/logs/appsrv02.log.>
<jul 6 7:20:26 PM hkt><notice> <log management> <BEA-170019> <the server Log file/home/we Blogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/appsrv02.logis opened. All server side log events would be written to this file.>
<jul 6 7:20:29 PM hkt><notice> <Security> <BEA-090082> <security initializingusing Security Realm Myrealm.>
<jul 6 7:20:30 PM hkt><notice> <LoggingService> <BEA-320400> <the log file/home/ Weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/access.logwill be rotated. Reopen The log file if tailing has stopped. This can happen onsome platforms like windows.>
<jul 6 7:20:30 PM hkt><notice> <LoggingService> <BEA-320401> <the log file Hasbeen rotate D To/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/access.log00012.log Messages'll continue to be logged in/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/ Appsrv02/logs/access.log.>
<jul 6 7:20:31 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to STA Ndby>
<jul 6 7:20:31 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to STA Rting>
<jul 6 7:20:33 PM hkt><notice> <log management> <BEA-170027> <the Server hasestablished C Onnection with the Domain level Diagnostic servicesuccessfully.>
<jul 6 7:20:33 PM hkt><notice> <Cluster> <BEA-000197> <listening forannouncements from C Luster using unicast cluster messaging>
<jul 6 7:20:33 PM hkt><notice> <Cluster> <BEA-000133> <waiting to Synchronizewith other R Unning members of Cluster1.>
<jul 6, 7:20:46 PM hkt><notice> <Cluster> <BEA-000142> <trying to Downloadcluster JNDI tre E from server appsrv04.>
<jul 6 7:20:46 PM hkt><notice> <Cluster> <BEA-000164> <synchronized Cluster jnditree fro M server appsrv04.>
<jul 6 7:20:46 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to ADM In>
<jul 6 7:20:46 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to RES Uming>
<jul 6 7:20:46 PM hkt><notice> <Cluster> <BEA-000162> <starting "Async" Replication Service with remote cluster address "150.18.23.201:8001,150.18.23.201:8002,150.18.23.202:8001,150.18.23.202:8002" >
<jul 6, 7:20:47pm hkt> <Notice> <Security> <BEA-090171> <loading theidentity Certificate and private key stored under the alias Weblogichl from Thejks KeyStore file/home/weblogic/jkshl/identity.jks.>
<jul 6, 7:20:47pm hkt> <Notice> <Security> <BEA-090169> <loadingtrusted certificates From the JKs keystore file/home/weblogic/jkshl/trust.jks.>
<jul 6 7:20:47 PM hkt><notice> <Server> <BEA-002613> <channel "Defaultsecure" is now list Ening on 150.18.23.201:8012 for Protocolsiiops, T3s, Cluster-broadcast-secure, Ldaps, https.>
<jul 6 7:20:47 PM hkt><notice> <Server> <BEA-002613> <channel "Default" is now listening O N 150.18.23.201:8002 for Protocols iiop,t3, Cluster-broadcast, LDAP, SNMP, http.>
<jul 6 7:20:47 PM hkt><notice> <WebLogicServer> <BEA-000332> <started weblogicmanaged Server "appSrv02" for Domain "MyDomain" running Indevelopment mode>
<jul 6 7:20:48 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to RUN Ning>
<jul 6 7:20:48 PM hkt><notice> <WebLogicServer> <BEA-000360> <server started inrunning m Ode>
Description Custom KeyStore loaded successfully!
IE Browser access
Continue to browse this site, Access success!
View certificate Information
From the validity period and the certificate issuer information, the certificate is exactly what we created earlier:
What's your first and last name?
[Unknown]: Hailang
What is the name of your organizationalunit?
[Unknown]: Gzcss
What is the name of your organization?
[Unknown]: Gzcss
What's the name of your city or Locality?
[Unknown]: GZ
What's the name of your state or province?
[Unknown]: GD
What is the Two-letter Country code forthis unit?
[Unknown]: CN
Is Cn=hailang, Ou=gzcss, O=gzcss, L=GZ,ST=GD, c=cn correct?
Google Browser access
You will also be prompted that the certificate is unsafe
Continue to
View certificate Information
At this point, the operation to configure the custom KeyStore and SSL is complete!
--------------------------------------------------------------------------------------------------------------- ------------------
12306 SSL Certificate Encryption technology:
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
WebLogic Configuring a custom KeyStore and SSL operating manual