WebLogic Installing the SSL certificate guide

One, generate certificate request1. Install the JDK (optional)

WebLogic installation comes with a JDK installation. If you generate a certificate request directly on the server, go to the bin directory of the path where the JDK is located under the WebLogic installation directory and run the Keytool command.
If you need to generate a certificate request file in a different environment, you can choose to install the JDK and later upload the generated keystore file Keystore.jks to the server for configuration.
Java SE Development Kit (JDK) download. : http://www.oracle.com/technetwork/java/javase/downloads/index.html

2. Generate the KeyStore file

Generate KeyStore file Keystore.jks need to use JDK's Keytool tool. The command line enters the bin directory under the JDK or JRE and runs the Keytool command (the bold part in the example is a customizable part, adjust accordingly, depending on the actual configuration).
Keytool-genkey-alias server-keyalg rsa-keysize 2048-keystore C:\keystore.jks-storepass password-keypass Password

In the above command, server is the private key alias (-alias), and the generated Keystore.jks file is placed by default at the command line current path.

3. Generate a certificate request file (CSR)

SHA1 please use: Keytool-certreq-alias server-sigalg sha1withrsa-file C:\certreq.csr-keystore C:\keystore.jks-keypass passwo Rd-storepass Password
SHA256 please use: Keytool-certreq-alias server-sigalg sha1withrsa-file C:\certreq.csr-keystore C:\keystore.jks-keypass Pass Word-storepass Password

Back up the KeyStore file Keystore.jks, and later submit the certificate request file CERTREQ.CSR, waiting for the certificate to be issued. The loss of the KeyStore file Keystore.jks will cause the certificate to be unavailable.

Second, import the server certificate1. Obtain the server Certificate Intermediate CA Certificate

To ensure server certificate compatibility on the client side, the server certificate requires the installation of two intermediate CA certificates (different brand certificates, possibly one intermediate certificate).
To obtain the intermediate CA certificate from the message:
Paste the two intermediate CA certificate contents (including "-----Begin CERTIFICATE-----" and "-----End CERTIFICATE-----") from begin to end in the certificate issuance message into a text editor such as Notepad, respectively, and modify the file name extension to save as Intermediate1.cer and Intermediate2.cer files.

2. Get the server certificate

Paste the server certificate contents (including "-----Begin CERTIFICATE-----" and "-----End CERTIFICATE-----") from begin to end in the certificate issuance message into a text editor such as Notepad, and modify the file name extension , Save as Server.cer file

3. View the contents of the KeyStore file

Go to the Bin directory under the JDK installation directory and run the Keytool command.
Keytool-list-keystore C:\keystore.jks-storepass Password

The private key alias (alias) that is queried to the Privatekeyentry property is server. Remember the alias, which you will need to import the server certificate later. (The Bold section in the example is a customizable section, so adjust it to your actual configuration.) ）
Note that when you import a certificate, be sure to use the Keystore.jks file that is generated when you generate the certificate request file. Keystore.jks file is missing or a new Keystore.jks file is generated, your server certificate will not be imported correctly.

4. Import the certificate (if there is only one intermediate certificate, you can import only one intermediate certificate)

Import the first intermediate CA certificate
Keytool-import-alias intermediate1-keystore C:\keystore.jks-trustcacerts-storepass password-file c \ Intermediate1.cer
Import the second intermediate CA certificate
Keytool-import-alias intermediate2-keystore C:\keystore.jks-trustcacerts-storepass password-file c \ Intermediate2.cer

Import server Certificate
Keytool-import-alias Server-keystore C:\keystore.jks-trustcacerts-storepass password-file C:\server.cer

When you import a server certificate, the alias of the server certificate must be the same as the private key alias. Note that when you import the intermediate CA certificate and import the server certificate, if you use an alias that is inconsistent with the private key alias when you import the server certificate, you will be prompted for "authentication has been added to KeyStore" instead of the "authentication reply installed in KeyStore".
Certificate Import complete, run the Keystool command to view the contents of the KeyStore file again
Keytool-list-keystore C:\keystore.jks-storepass Password

Third, install the server certificate1. Import the Keysotre KeyStore

Login WebLogic Console

Select "Lock & Edit" To unlock the configuration and enter "Servers"

Select the server for which you want to configure the servers certificate

Under General, you can configure whether your HTTP and HTTPS are enabled, and access the port number. HTTPS has a default port number of 443, enable SSL on the option and modify the port number accordingly.

Configure the authentication method under "Keystores". Server Authentication Please select "Custom identity and Java Standard Trust", two-way authentication Please select "Custom Identity and Custom Trust".

Save your KeyStore file Keystore.jks to the appropriate directory on the server and configure its path and KeyStore File Protection password.

In one-way authentication, the JRE default Truststore file Cacerts needs to be configured. Cacerts default password is Changeit.

Under SSL, configure the private key alias information in the KeyStore. Private key aliases can be viewed using the keystool-list command. Usually the private key protection password is the same as the KeyStore File Protection password.

Once setup is complete, select "Active changes" to save all changes. If you are prompted to restart WebLogic, you will need to reboot before the configuration takes effect.

2. Access Testing

To access Https://youdomain:port, test the installation of the certificate.

Iv. Backup and recovery of server certificates

After you have successfully installed and configured the server certificate, be sure to back up your server certificate according to the following procedure, in case the loss of certificate is inconvenient to you.

1. Backup of the server certificate

Backing up the server certificate keystore file Keystore.jks file completes the backup operation of the server certificate.

2. Recovery of server certificates

Refer to the Server Certificate Installation section, restore the server certificate keystore keystore.jks file to your server, and modify the configuration to restore the application of the server certificate.

WebLogic Installing the SSL certificate guide