Weblogic Bayi CA configuration and one-way SSL configuration

Last Update:2017-02-28 Source: Internet

Author: User

Tags copy port number

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Web
Recently due to work, the need to build a local server, and then in C + + as the client, HTTPS protocol with the server for data interaction. I have been engaged in C + + development, on the Java EE, WebLogic and other related content is not familiar with, so the content of the server configuration completely dependent on the online data. Search on the Internet a lot of relevant information, and finally toss most of the genius to fix, in order to let a novice like me no longer suffer toss, write this article, hope to help everyone.

1, installation weblogic81 finished

There are a lot of related documents online.

2, configure the CA, using the tool Keytool (JDK), first set up in C disk directory C:\GetCA. Run cmd, go to the directory

A, generating custom Identity Keystore and CA requests

***********************************************************************

To use the command:

Keytool-genkey-alias cik-keyalg rsa-keysize 512-keystore Cik.jks

Enter information according to the prompts (figure)

Password includes storepassword and Keypassword, I choose the same

The file will be added to the C:\GetCA directory at this time Cik.jks

***********************************************************************

To use the command:

Keytool-certreq-alias cik-sigalg "Md5withrsa"-file careq.pem-keypass weblogic-keystore cik.jks-storepass WebLogic

Show Pictures:

The file will be added to the C:\GetCA directory at this time Careq.pem

b, apply for a digital certificate (as I test, so I applied for a trial certificate)

Enter Verisign.comàfree SSL Trial certificateàenrollment

Finally go to the following page, copy the contents of the Careq.pem file to the Web page, next to the end

C. Enter the mailbox that has been filled in step b, open the mail returned by VeriSign, and wait if not received.

The contents of the message include:

Enter this connection http://www.verisign.com/server/trial/faq/index.html download the root CA, save to C:\GetCA, name Rootca.cer.

At the bottom of the message:

Saves the selected content to the text, save as: Certificate.pem

d, import CA content to custom trust Keystore

Keytool-import-alias rootca-trustcacerts-file Rootca.cer-keystore Ciktrust.jks-storepass WebLogic

Here the password I set to WebLogic, you can change

E, import certificate info to Custom Identity Keystore

: You must import the root certificate into%java_home%/jre/lib/security/cacerts before importing, or you will see

*************************************************************************

Import to Cacerts:

Keytool-import-v-alias "Cms-ca"-file rootca.cer-keystore%java_home%/jre/lib/security/cacerts

Java_home the environment variables that are set for WLS, such as c:/bea/jdk141_05

Import Custom Identity Keystore

Keytool-import-trustcacerts-alias cik-file certificate.pem-keypass weblogic-keystore cik.jks-storepass WebLogic

To this, we C:\GetCA\ have the documents that have

Cik.jks

Rootca.cer

Careq.pem

Ciktrust.jks

Certificate.pem

The final need is to use two of these jks files (custom Identity Keystore, custom trust Keystore)

Copy the above files to the directory in your domain for example: C:\bea\user_projects\domains\MyDomain

3. Configure SSL in WLS

Enter the WLS configuration interface and select Generalàssl Listen port enabledà input port number in the Server Configuration page

Click [Change]

KeyStore Configuration screen appears, as shown in the

Select Keystores & Sslàkeystore configurationàidentity:

Custom Identity Keystore: Enter:

Cik.jks (including full path: C:\BEA\USER_PROJECTS\DOMAINS\MYDOMAIN\CIK.JKS)

Passphrase enter the corresponding password: weblogic (enter the password to start setting)

Type:jks

Select Keystores & Sslàkeystore configurationàtrust:

Custom Trust KeyStore Enter:

Ciktrust.jks (including full path: C:\BEA\USER_PROJECTS\DOMAINS\MYDOMAIN\CIKTRUST.JKS)

Passphrase enter the corresponding password: weblogic (enter the password to start setting)

Type:jks

Configure SSL, where the password is keypass (see Keytool at start)

Click Finish.

Finally, restart the WebLogic, enter the page https://127.0.0.1:7002/, you can use the new certificate.

Mistakes and omissions please write and say: super_lipf@yahoo.com.cn

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More