WebLogic Configuring a custom KeyStore and SSL operating manual

WebLogic Configuring a custom KeyStore and SSL operating manual

(Custom logo and custom trust &keytool&tls1.0)

1. Enable SSL port

Save, restart the managed server

IE Browser access

Google Browser access

2. View KeyStore and SSL configuration KeyStore

Ssl

3, Manual production Identity.jks and Trust.jks new JKS directory

[Email protected] ~]$ mkdir JKSHL

[Email protected] ~]$ CD jkshl/

Generate Identity Identity.jks KeyStore

The following is a description of the Yellow background section:

Weblogichl is "ssl-private key Alias";

Keypass123 is "ssl-private key Passphrase";

Storepass123 is "key-identity"-Custom identity KeyStore passphrase;

storepass123 for "KeyStore-trust"-Custom identity KeyStore passphrase;

3650 is the validity period of the custom certificate, the unit is days;

[Email protected] jkshl]$ keytool-genkey-alias weblogichl -keyalg rsa-keypass keypass123 -keyst Oreidentity.jks-storepassstorepass123-validity 3650

What's your first and last name?

[Unknown]: Hailang

What is the name of your organizationalunit?

[Unknown]: Gzcss

What is the name of your organization?

[Unknown]: Gzcss

What's the name of your city or Locality?

[Unknown]: GZ

What's the name of your state or province?

[Unknown]: GD

What is the Two-letter Country code forthis unit?

[Unknown]: CN

Is Cn=hailang, Ou=gzcss, O=gzcss, L=GZ,ST=GD, c=cn correct?

[No]: Yes

To export a CER file for a public key certificate

[Email protected] jkshl]$ keytool-export-alias weblogichl -file root.cer-keystore identity.jks

Enter keystore Password: storepass123

Certificate stored in file <root.cer>

Generate Trust Trust.jks KeyStore

Import and generate the Trust.jks KeyStore from the Root.cer public key certificate generated in the previous step

[Email protected] jkshl]$ keytool-import-alias weblogichl -trustcacerts-file root.cer- Keystoretrust.jks

Enter keystore Password: storepass123

Re-enter new password: storepass123

Owner:cn=hailang, Ou=gzcss, O=gzcss, L=GZ,ST=GD, C=CN

Issuer:cn=hailang, Ou=gzcss, O=gzcss,l=gz, ST=GD, C=CN

Serial NUMBER:559A5AC9

Valid from:mon Jul 18:39:05 HKT 2015until:thu Jul 18:39:05 HKT 2025

Certificate Fingerprints:

Md5:04:f2:4f:97:5b:8b:32:23:ab:69:d0:6a:42:1d:c7:77

Sha1:a0:b3:6f:90:08:0d:6b:55:6f:a6:13:c6:3b:c0:f4:ce:e1:b5:72:f9

Signature algorithm Name:sha1withrsa

Version:3

Trust this certificate? [No]: Yes

Certificate was added to KeyStore

At this point Identity.jks and trust.jks production finished!

4. Configure the new KeyStore and SSL in the console to modify the default demo KeyStore "KeyStore-Change"

Select "Custom Identity and Custom Trust"-"Save"

Fill in the KeyStore configuration

Custom identity KeyStore:/home/weblogic/jkshl/identity.jks

Custom Trust KeyStore:/home/weblogic/jkshl/trust.jks

Custom identity/Trust key type:jks

Click "Save" to complete the setup.

Configuration of SSL

Private key alias:Weblogichl

Private key passphrase:keypass123

Click "Save", restart Server, KeyStore and SSL configuration complete!

5. Browser Authentication Server startup log

[Email protected] bin]$./startmanagedweblogic.sh appSrv02 http://Weblogic201:7001

.

.

JAVA Memory arguments:-xms1024m-xmx1024m-xx:compilethreshold=8000-xx:permsize=128m-xx:maxpermsize=256m

.

WLS Start mode=development

.

Classpath=/home/weblogic/oracle/middleware/patch_wls1035/profiles/default/sys_manifest_classpath/weblogic_ Patch.jar:/home/weblogic/oracle/middleware/patch_ocp360/profiles/default/sys_manifest_classpath/weblogic_ patch.jar:/home/weblogic/jdk1.6.0_45/lib/tools.jar:/home/weblogic/oracle/middleware/wlserver_10.3/server/lib/ weblogic_sp.jar:/home/weblogic/oracle/middleware/wlserver_10.3/server/lib/weblogic.jar:/home/weblogic/oracle/ Middleware/modules/features/weblogic.server.modules_10.3.5.0.jar:/home/weblogic/oracle/middleware/wlserver_ 10.3/server/lib/webservices.jar:/home/weblogic/oracle/middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar :/home/weblogic/oracle/middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/home/weblogic/ Oracle/middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/home/weblogic/oracle/middleware/wlserver_ 10.3/server/lib/xqrl.jar:.:/ Home/weblogic/jdk1.6.0_45$/lib:/home/weblogic/jdk1.6.0_45$/lib/tools.jar

.

path=/home/weblogic/oracle/middleware/wlserver_10.3/server/bin:/home/weblogic/oracle/middleware/modules/ org.apache.ant_1.7.1/bin:/home/weblogic/jdk1.6.0_45/jre/bin:/home/weblogic/jdk1.6.0_45/bin:/home/weblogic/ jdk1.6.0_45/bin:/home/weblogic/jdk1.6.0_45/jre/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/ Local/sbin:/usr/sbin:/sbin:/home/weblogic/bin

.

***************************************************

* Tostart WebLogic Server, use a username and *

* Password assigned to an Admin-level user. for *

* Server administration, use the WebLogic server *

* Console at Http://hostname:port/console *

***************************************************

Starting WebLogic with Java version:

Java Version "1.6.0_45"

Java (TM) SE Runtime Environment (BUILD1.6.0_45-B06)

Java HotSpot (TM) 64-bit Server VM (build20.45-b01, Mixed mode)

Starting WLS with line:

/home/weblogic/jdk1.6.0_45/bin/java-client  -xms1024m-xmx1024m-xx:compilethreshold=8000-xx:permsize= 128m -xx:maxpermsize=256m-dweblogic.name=appsrv02-djava.security.policy=/home/weblogic/oracle/middleware/ wlserver_10.3/server/lib/weblogic.policy-dweblogic.security.ssl.trustedcakeystore=/home/weblogic/oracle/ middleware/wlserver_10.3/server/lib/cacerts -xverify:none -da-dplatform.home=/home/weblogic/oracle/ middleware/wlserver_10.3-dwls.home=/home/weblogic/oracle/middleware/wlserver_10.3/server-dweblogic.home=/home/ weblogic/oracle/middleware/wlserver_10.3/server  -dweblogic.management.discover=false- dweblogic.management.server=http://weblogic201:7001 -dwlw.iterativedev=false-dwlw.testconsole=false- dwlw.logerrorstoconsole=false-dweblogic.ext.dirs=/home/weblogic/oracle/middleware/patch_wls1035/profiles/ Default/sysext_manifest_classpath:/home/weblogic/oracle/middleware/patch_ocp360/profiles/default/sysext_ manifest_classpath  WebLogic. SerVer

<jul 6 7:20:17 PM hkt><info> <Security> <BEA-090905> <disabling cryptoj jceprovider Self -integrity Check for better startup performance. To enable Thischeck, specify-dweblogic.security.allowcryptojdefaultjceverification=true>

<jul 6 7:20:18 PM hkt><info> <Security> <BEA-090906> <changing the defaultrandom number G Enerator in RSA Cryptoj from ECDRBG to Fips186prng. To Disablethis change, specify-dweblogic.security.allowcryptojdefaultprng=true>

<jul 6 7:20:18 PM hkt><info> <WebLogicServer> <BEA-000377> <starting weblogicserver With Java HotSpot (TM) 64-bit Server VM Version 20.45-b01 from Sunmicrosystems inc.>

<jul 6 7:20:19 PM hkt><info> <Security> <BEA-090065> <getting boot identity fromuser. >

Enter username to boot weblogicserver:weblogic

Enter Password to boot WebLogic server:

<jul 6 7:20:24 PM hkt><info> <Management> <BEA-141107> <version:weblogic Server10.3.5.0.7 PSU Patch for BUG16088411 Mon Apr 15:13:52 IST 2013

WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 1398638 >

<jul 6 7:20:26 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to STA Rting>

<jul 6 7:20:26 PM hkt><info> <WorkManager> <BEA-002900> <initializingself-tuning Thread pool>

<jul 6 7:20:26 PM hkt><notice> <LoggingService> <BEA-320400> <the log file/home/ Weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/appsrv02.logwill be rotated. Reopen The log file if tailing has stopped. This can happen onsome platforms like windows.>

<jul 6 7:20:26 PM hkt><notice> <LoggingService> <BEA-320401> <the log file Hasbeen rotate D To/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/appsrv02.log00018.log Messages'll continue to be logged in/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/ Appsrv02/logs/appsrv02.log.>

<jul 6 7:20:26 PM hkt><notice> <log management> <BEA-170019> <the server Log file/home/we Blogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/appsrv02.logis opened. All server side log events would be written to this file.>

<jul 6 7:20:29 PM hkt><notice> <Security> <BEA-090082> <security initializingusing Security Realm Myrealm.>

<jul 6 7:20:30 PM hkt><notice> <LoggingService> <BEA-320400> <the log file/home/ Weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/access.logwill be rotated. Reopen The log file if tailing has stopped. This can happen onsome platforms like windows.>

<jul 6 7:20:30 PM hkt><notice> <LoggingService> <BEA-320401> <the log file Hasbeen rotate D To/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/appsrv02/logs/access.log00012.log Messages'll continue to be logged in/home/weblogic/oracle/middleware/user_projects/domains/mydomain/servers/ Appsrv02/logs/access.log.>

<jul 6 7:20:31 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to STA Ndby>

<jul 6 7:20:31 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to STA Rting>

<jul 6 7:20:33 PM hkt><notice> <log management> <BEA-170027> <the Server hasestablished C Onnection with the Domain level Diagnostic servicesuccessfully.>

<jul 6 7:20:33 PM hkt><notice> <Cluster> <BEA-000197> <listening forannouncements from C Luster using unicast cluster messaging>

<jul 6 7:20:33 PM hkt><notice> <Cluster> <BEA-000133> <waiting to Synchronizewith other R Unning members of Cluster1.>

<jul 6, 7:20:46 PM hkt><notice> <Cluster> <BEA-000142> <trying to Downloadcluster JNDI tre E from server appsrv04.>

<jul 6 7:20:46 PM hkt><notice> <Cluster> <BEA-000164> <synchronized Cluster jnditree fro M server appsrv04.>

<jul 6 7:20:46 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to ADM In>

<jul 6 7:20:46 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to RES Uming>

<jul 6 7:20:46 PM hkt><notice> <Cluster> <BEA-000162> <starting "Async" Replication Service with remote cluster address "150.18.23.201:8001,150.18.23.201:8002,150.18.23.202:8001,150.18.23.202:8002" >

<jul 6, 7:20:47pm hkt> <Notice> <Security> <BEA-090171> <loading theidentity Certificate and private key stored under the alias Weblogichl from Thejks KeyStore file/home/weblogic/jkshl/identity.jks.>

<jul 6, 7:20:47pm hkt> <Notice> <Security> <BEA-090169> <loadingtrusted certificates From the JKs keystore file/home/weblogic/jkshl/trust.jks.>

<jul 6 7:20:47 PM hkt><notice> <Server> <BEA-002613> <channel "Defaultsecure" is now list Ening on 150.18.23.201:8012 for Protocolsiiops, T3s, Cluster-broadcast-secure, Ldaps, https.>

<jul 6 7:20:47 PM hkt><notice> <Server> <BEA-002613> <channel "Default" is now listening O N 150.18.23.201:8002 for Protocols iiop,t3, Cluster-broadcast, LDAP, SNMP, http.>

<jul 6 7:20:47 PM hkt><notice> <WebLogicServer> <BEA-000332> <started weblogicmanaged Server "appSrv02" for Domain "MyDomain" running Indevelopment mode>

<jul 6 7:20:48 PM hkt><notice> <WebLogicServer> <BEA-000365> <server statechanged to RUN Ning>

<jul 6 7:20:48 PM hkt><notice> <WebLogicServer> <BEA-000360> <server started inrunning m Ode>

Description Custom KeyStore loaded successfully!

IE Browser access

Continue to browse this site, Access success!

View certificate Information

From the validity period and the certificate issuer information, the certificate is exactly what we created earlier:

What's your first and last name?

[Unknown]: Hailang

What is the name of your organizationalunit?

[Unknown]: Gzcss

What is the name of your organization?

[Unknown]: Gzcss

What's the name of your city or Locality?

[Unknown]: GZ

What's the name of your state or province?

[Unknown]: GD

What is the Two-letter Country code forthis unit?

[Unknown]: CN

Is Cn=hailang, Ou=gzcss, O=gzcss, L=GZ,ST=GD, c=cn correct?

Google Browser access

You will also be prompted that the certificate is unsafe

Continue to

View certificate Information

At this point, the operation to configure the custom KeyStore and SSL is complete!

--------------------------------------------------------------------------------------------------------------- ------------------

12306 SSL Certificate Encryption technology:

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

WebLogic Configuring a custom KeyStore and SSL operating manual