WebLogic User-Defined keystore and SSL configuration Operation Manual

WebLogic User-Defined keystore and SSL configuration Operation Manual

WebLogic User-Defined keystore and SSL configuration Operation Manual

(Custom ID and custom Trust & Keytool & TLS1.0)

1. Enable the SSL port

 

Save and restart the managed Server

 

Internet Explorer access

Google browser access

2. view the keystore and SSL configuration keystore

SSL

 

3. manually create identity. jks and trust. jks to create the jks directory.

[Weblogic @ Weblogic201 ~] $ Mkdir jksHL

[Weblogic @ Weblogic201 ~] $ Cd jksHL/

 

Generate identity. jks keystore

The yellow background is described as follows:

WeblogicHL is "SSL-Private Key alias ";

Keypass123 is the "SSL-private key password phrase ";

Storepass123 is "key-identity-custom key library password phrase ";

Storepass123 is the phrase "keystore-trust-custom identity keystore password ";

3650 indicates the validity period of the custom certificate, in days;

[Weblogic @ Weblogic201 jksHL] $ keytool-genkey-alias weblogicHL-keyalg RSA-keypass keypass123-keystoreidentity. jks-storepass storepass123-validity 3650

What is your first and last name?

[Unknown]: HaiLang

What is the name of your organizationalunit?

[Unknown]: GZCSS

What is the name of your organization?

[Unknown]: GZCSS

What is the name of your City or Locality?

[Unknown]: GZ

What is the name of your State or Province?

[Unknown]: GD

What is the two-letter country code forthis unit?

[Unknown]: CN

Is CN = HaiLang, OU = GZCSS, O = GZCSS, L = GZ, ST = GD, C = CN correct?

[No]: yes

Export the cer file of the Public Key Certificate

[Weblogic @ Weblogic201 jksHL] $ keytool-export-alias weblogicHL-file root. cer-keystore identity. jks

Enter keystore password: storepass123

Certificate stored in file

Generate trust. jks keystore

Import the root. cer Public Key Certificate generated in the previous step and generate the trust. jks keystore.

[Weblogic @ Weblogic201 jksHL] $ keytool-import-alias weblogicHL-trustcacerts-file root. cer-keystoretrust. jks

Enter keystore password: storepass123

Re-enter new password: storepass123

Owner: CN = HaiLang, OU = GZCSS, O = GZCSS, L = GZ, ST = GD, C = CN

Issuer: CN = HaiLang, OU = GZCSS, O = GZCSS, L = GZ, ST = GD, C = CN

Serial number: 559a5ac9

Valid from: Mon Jul 06 18:39:05 HKT 2015 until: Thu Jul 03 18:39:05 HKT 2025

Certificate fingerprints:

MD5: 04: F2: 4F: 97: 5B: 8B: 32: 23: AB: 69: D0: 6A: 42: 1D: C7: 77

SHA1: A0: B3: 6F: 90: 08: 0D: 6B: 55: 6F: A6: 13: C6: 3B: C0: F4: CE: E1: B5: 72: f9

Signature algorithm name: SHA1withRSA

Version: 3

Trust this certificate? [No]: yes

Certificate was added to keystore

 

At this point, identity. jks and trust. jks have been created!

4. Configure the new keystore and SSL on the Console to modify the default Demo keystore "keystore-change"

Select "Custom ID and custom Trust"-"save"

Configure the keystore

Custom ID keystore:/home/weblogic/jksHL/identity. jks

Custom trust keystore:/home/weblogic/jksHL/trust. jks

Custom ID/trust key type: jks

 

Click "save" to complete the settings.

SSL Configuration

Private Key alias: weblogicHL

Private key phrase: keypass123

 

Click "save". Restart the Server. The keystore and SSL configuration are complete!

5. Verify the Server startup log in the browser

[Weblogic @ Weblogic201 bin] $./startManagedWebLogic. sh restart rv02 http: // Weblogic201: 7001

.

.

JAVA Memory arguments:-Xms1024m-Xmx1024m-XX: CompileThreshold = 8000-XX: PermSize = 128 m-XX: MaxPermSize = 256 m

.

WLS Start Mode = Development

.

CLASSPATH =/home/weblogic/Oracle/Middleware/patch_wls1035/profiles/default/logs/templates:/home/weblogic/Oracle/Middleware/patch_ocp360/profiles/default/logs/weblogic_patch.jar: /home/weblogic/jdk1.6.0 _ 45/lib/tools. jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic. jar:/home/weblogic/Oracle/Middleware/modules/features/weblogic. server. modules_10.3.5.0.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/webservices. jar:/home/weblogic/Oracle/Middleware/modules/org. apache. ant_1.7.1/lib/ant-all.jar:/home/weblogic/Oracle/Middleware/modules/net. sf. antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbyclient. jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/xqrl. jar :. :/home/weblogic/jdk1.6.0 _ 45 $/lib:/home/weblogic/jdk1.6.0 _ 45 $/lib/tools. jar

.

PATH =/home/weblogic/Oracle/Middleware/wlserver_10.3/server/bin:/home/weblogic/Oracle/Middleware/modules/org. apache. ant_1.7.1/bin:/home/weblogic/jdk1.6.0 _ 45/jre/bin:/home/weblogic/jdk1.6.0 _ 45/bin:/home/weblogic/jdk1.6.0 _ 45/bin: /home/weblogic/jdk1.6.0 _ 45/jre/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin: /usr/local/sbin:/usr/sbin:/home/weblogic/bin

.

**************************************** ***********

* Tostart WebLogic Server, use a username and *

* Password assigned to an admin-level user. *

* Server administration, use the WebLogic Server *

* Console at http: // hostname: port/console *

**************************************** ***********

Starting weblogic with Java version:

Java version "1.6.0 _ 45"

Java (TM) SE Runtime Environment (build1.6.0 _ 45-b06)

Java HotSpot (TM) 64-Bit Server VM (build000045-b01, mixed mode)

Starting WLS with line:

/Home/weblogic/jdk1.6.0 _ 45/bin/java-client-Xms1024m-Xmx1024m-XX: CompileThreshold = 8000-XX: PermSize = 128 m-XX: MaxPermSize = 256 m-Dweblogic. name = appSrv02-Djava.security.policy =/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic. policy-Dweblogic.security.SSL.trustedCAKeyStore =/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/cacerts-Xverify: none-da-Dplatform. home =/home/weblogic/Oracle/Middleware/wlserver_10.3-Dwls.home =/home/weblogic/Oracle/Middleware/wlserver_10.3/server-Dweblogic.home =/home/weblogic/Oracle/Middleware/wlserver_10.3/server-Dweblogic. management. discover = false-Dweblogic. management. server = http: // Weblogic201: 7001-Dwlw. iterativeDev = false-Dwlw.testConsole = false-Dwlw. logErrorsToConsole = false-Dweblogic.ext.dirs =/home/weblogic/Oracle/Middleware/patch_wls1035/profiles/default/packages:/home/weblogic/Oracle/Middleware/patch_ocp360/profiles/default/sysext_manifest_classpath weblogic. server

Enter username to boot WebLogicserver: weblogic

Enter password to boot WebLogic server:

WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638>

This indicates that the custom keystore has been loaded successfully!

Internet Explorer access

 

Continue to browse this website. Access successful!

 

View Certificate Information

 

From the validity period and Certificate Issuer information, we can see that this certificate was created before:

What is your first and last name?

[Unknown]: HaiLang

What is the name of your organizationalunit?

[Unknown]: GZCSS

What is the name of your organization?

[Unknown]: GZCSS

What is the name of your City or Locality?

[Unknown]: GZ

What is the name of your State or Province?

[Unknown]: GD

What is the two-letter country code forthis unit?

[Unknown]: CN

Is CN = HaiLang, OU = GZCSS, O = GZCSS, L = GZ, ST = GD, C = CN correct?

Google browser access

The certificate is also insecure.

 

Continue

 

View Certificate Information

 

Now, the configuration of the custom keystore and SSL has been completed!

Else ---------------------------------------------------------------------------------------------------------------------------------

12306 SSL Certificate encryption technology: