Weblogic Bayi CA configuration and one-way SSL configuration

Source: Internet
Author: User
Tags copy port number
Web
Recently due to work, the need to build a local server, and then in C + + as the client, HTTPS protocol with the server for data interaction. I have been engaged in C + + development, on the Java EE, WebLogic and other related content is not familiar with, so the content of the server configuration completely dependent on the online data. Search on the Internet a lot of relevant information, and finally toss most of the genius to fix, in order to let a novice like me no longer suffer toss, write this article, hope to help everyone.





1, installation weblogic81 finished

There are a lot of related documents online.

2, configure the CA, using the tool Keytool (JDK), first set up in C disk directory C:\GetCA. Run cmd, go to the directory

A, generating custom Identity Keystore and CA requests

***********************************************************************

To use the command:

Keytool-genkey-alias cik-keyalg rsa-keysize 512-keystore Cik.jks

Enter information according to the prompts (figure)







Password includes storepassword and Keypassword, I choose the same

The file will be added to the C:\GetCA directory at this time Cik.jks

***********************************************************************

To use the command:

Keytool-certreq-alias cik-sigalg "Md5withrsa"-file careq.pem-keypass weblogic-keystore cik.jks-storepass WebLogic

Show Pictures:



The file will be added to the C:\GetCA directory at this time Careq.pem

b, apply for a digital certificate (as I test, so I applied for a trial certificate)

Enter Verisign.comàfree SSL Trial certificateàenrollment



Finally go to the following page, copy the contents of the Careq.pem file to the Web page, next to the end







C. Enter the mailbox that has been filled in step b, open the mail returned by VeriSign, and wait if not received.

The contents of the message include:







Enter this connection http://www.verisign.com/server/trial/faq/index.html download the root CA, save to C:\GetCA, name Rootca.cer.



At the bottom of the message:



Saves the selected content to the text, save as: Certificate.pem

d, import CA content to custom trust Keystore

Keytool-import-alias rootca-trustcacerts-file Rootca.cer-keystore Ciktrust.jks-storepass WebLogic





Here the password I set to WebLogic, you can change







E, import certificate info to Custom Identity Keystore



: You must import the root certificate into%java_home%/jre/lib/security/cacerts before importing, or you will see





*************************************************************************

Import to Cacerts:

Keytool-import-v-alias "Cms-ca"-file rootca.cer-keystore%java_home%/jre/lib/security/cacerts

Java_home the environment variables that are set for WLS, such as c:/bea/jdk141_05







Import Custom Identity Keystore



Keytool-import-trustcacerts-alias cik-file certificate.pem-keypass weblogic-keystore cik.jks-storepass WebLogic









To this, we C:\GetCA\ have the documents that have

Cik.jks

Rootca.cer

Careq.pem

Ciktrust.jks

Certificate.pem





The final need is to use two of these jks files (custom Identity Keystore, custom trust Keystore)



Copy the above files to the directory in your domain for example: C:\bea\user_projects\domains\MyDomain





3. Configure SSL in WLS



Enter the WLS configuration interface and select Generalàssl Listen port enabledà input port number in the Server Configuration page



Click [Change]



KeyStore Configuration screen appears, as shown in the










Select Keystores & Sslàkeystore configurationàidentity:



Custom Identity Keystore: Enter:



Cik.jks (including full path: C:\BEA\USER_PROJECTS\DOMAINS\MYDOMAIN\CIK.JKS)



Passphrase enter the corresponding password: weblogic (enter the password to start setting)



Type:jks



Select Keystores & Sslàkeystore configurationàtrust:



Custom Trust KeyStore Enter:



Ciktrust.jks (including full path: C:\BEA\USER_PROJECTS\DOMAINS\MYDOMAIN\CIKTRUST.JKS)



Passphrase enter the corresponding password: weblogic (enter the password to start setting)



Type:jks










Configure SSL, where the password is keypass (see Keytool at start)







Click Finish.

Finally, restart the WebLogic, enter the page https://127.0.0.1:7002/, you can use the new certificate.





Mistakes and omissions please write and say: super_lipf@yahoo.com.cn


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.