Weblogicssl fix apple iOS itms download problem

Premise:

Install the OpenSSL tool.

Entering the OpenSSL working folder through the Windows cmd command

Unzip the folder as:e:\ openssl-1.0.2-beta1

The working folder is E:\openssl-1.0.2-beta1\inc32\out32dll

Through cmd >cd/d E:\openssl-1.0.2-beta1\inc32\out32dll

Establish certificate store folder:E:\ssl

The following is the process of implementing a CA and issuing certificates using OPENSLL:

1) Generate CA key CA as an authoritative authority, he is also using a certificate to identify himself. The CA itself also has a private key.

In the process of issuing a digital certificate, the CA's private key is used primarily to encrypt user information and public keys in the user's certificate request.

Opensslgenrsa-out E:\SSL\CAKEY.PEM 1024

This command produces a private key file Cakey.pem with a length of 1024 bytes.

2) Generate CA certificate request

Opensslreq-new-out E:\ssl\careq.csr-key e:\ssl\cakey.pem-confige:\openssl-1.0.2-beta1\apps\openssl.cnf

Note: openssl.cnf files are requested in openssl-1.0.2-beta1 Search under Folders. Fill in the Detailed folder

Input Item Description:

AU: Country code CN represents China

Some-state: Region BJ own definition Beijing (here input to 1 below ) Generate initial keystore consistency)

Eg,city: City BJ Self definition beijing (Ibid. to 1 below ) Generate initial keystore consistency)

Internet widgits Pty Ltd: Organization name Cebbbak own definition Everbright (ibid. to be below 1) Generate initial keystore consistency)

Organization name Cebbank own definition Everbright (ibid. to 1 below ) Generate initial keystore consistency)

URL or IP (same as above 1) Generate initial keystore consistency)

The following items can be empty:

This command will generate the requested file CAREQ.CSR for the certificate based on CAKEY.PEM.

3) Self-signed with CA private key

Opensslx509-req-in E:\ssl\careq.csr-out E:\ssl\cacert.pem-signkey E:\ssl\cakey.pem-days 3650

Description: -days Specify the certificate validity period Ten years Define yourself

The command generates a CA certificate based on the certificate request entered and the CA private key. At this point, the certificate required as a CA is ready. The resulting CAKEY.PEM can be used to issue certificates in the future. The CACERT.PEM certificate, as a trusted certificate for the user, needs to be distributed to each entity that issued the certificate by that CA institution.

The server certificate and the client certificate are made slightly different from the client certificate because the server has a different certificate format than the client certificate.

For a server such as Tomcat or WebLogic, a file in JKS format is usually required, where the server private key, the server certificate, and the server root certificate chain are saved ( A list of CA certificates from ROOTCA to the server certification authority).

Server certificate to make this type of certificate, you need to use one of the tools provided by the JDK Keytool.

Note: Here you need to switch to JDK Working Environment:

If local is:D:\ProgramFiles\Java\jdk1.6.0_24\bin

Run CDM >cd/d D:\ProgramFiles\Java\jdk1.6.0_24\bin

The following is the process of making a certificate library using Keytool:

1) generate the initial KeyStore

Keytool-genkey-alias serveralias-keyalg rsa-keysize 1024-dname "Cn=10.192.109.227,ou=cebbank, O=cebbank,l=BJ, St=BJ, C=CN "-keypass password-keystore E:\ssl\server.jks-storepass password-validity 7300

The –dname in the middle of the description: Cn:server domain name or Ip,ou: affiliated institutions. O: the owning unit. L: Region, St: region, c: Country code, Keypass:password, Storepass:password

2) generate a certificate request

Keytool-certreq-alias serveralias-sigalg md5withrsa-file E:/ssl/server.csr-keystore e:/ssl/server.jks-keypass Password-storepass Password

The last generated certificate request file is SERVER.CSR.

The request is sent to the certification authority, which verifies the entity information in the certificate request. Then implement the visa.

Since we are doing our own CA. So this step of the visa is also our own to do.

3) Implementing a Visa visa still uses OpenSSL instead of keytool.

In OpenSSL. Enter the following command:

Switch to: OpenSSL folder

Run the following command:

Opensslx509-req-in e:/ssl/server.csr-out E:/ssl/servercert.pem-cae:/ssl/cacert.pem-cakey E:/ssl/cakey.pem- Cacreateserial-days 3650

The output of the Servercert.pem file is the certificate after the visa, which is the certificate request response.

The CAKEY.PEM used in the command

And Cacert.pem are the CA key files and CA root Certificates that are generated above.

After the CA visa is complete, return the certificate request response together with the CA root certificate to the requester. The applicant needs to import the CA root certificate (chain) and the certificate request response into

The JKS library. The tool used at this time is keytool.

Switch to: JDK folder

Run the following command:

Keytool-import-trustcacerts-keystore e:/ssl/server.jks-file E:/ssl/cacert.pem-alias RootCAkeytool

Run the following command again:

Keytool-import-trustcacerts-keystore e:/ssl/server.jks-file E:/ssl/servercert.pem-alias Serveralias

Note serveralias name in configuration WebLogic practical, detailed configuration WebLogic SSL please refer to Baidu

It is important to note that. The CA root certificate (chain) is imported first, and the certificate request response is imported, and the alias must be the same as the alias used when the JKS library is imported when importing the certificate request response. At this point, the server-side JKS file is complete and can be configured to the corresponding server.

Note: The JDK on WebLogic server needs to support RSA algorithms like some JDK does not support, preferably with WebLogic.

Weblogicssl fix apple iOS itms download problem