Weblogic SSL Configuration

Steps to configure weblogic SSL

1. Create identity store

keytool -genkey -alias weblogicServer -keyalg RSA -keysize 1024 -keystore weblogic_identity.jks

Where Weblogic_identity.jks is name of identity store which will be created and weblogicServer is the private key alias name.

2. Create CSR

keytool -certreq -alias weblogicServer -file device.csr -keystore weblogic_identity.jks

Where device.csr is the certificate signing request created.

3. Submit Signing request

Now submit this CSR to any certification authorities to get public certificate and root/intermediate certificates.

If using internal CA using openssl execute below command to generate signed certificate from CSR.

openssl x509 -req -in device.csr -CA ca_root_cert.pem -CAkey ca_privkey.pem -CAcreateserial -out device.pem –days 3650

Where ca_root_cert.pem is CA root certificate and ca_privkey.pem is CA private key.

4. Create trust store and import root certificate to trust store

keytool -import -trustcacerts -alias myRoot -file /path/to/ca_root_cert.pem -keystore weblogic_trust.jks

Where ca_root_cert.pem is CA root certificate and myRoot is the root alias name for trust store.

5. Import root certificate to identity store

keytool -import -trustcacerts -alias entRoot -file /path/to/ca_root_cert.pem -keystore weblogic_identity.jks

Where ca_root_cert.pem is CA root certificate and entRoot is the root alias name for identity store.

6. Import signed certificate to identity store

keytool -import -trustcacerts -alias weblogicServer -file /path/to/device.pem -keystore weblogic_identity.jks

Where device.pem is the signed certificate and weblogicServer is private key alias name.

Follow below steps to configure weblogic server to use above keystores:

1. Login to admin console

2. Navigate to servers>[server_name]>Configuration>Keystores

3. Select Custom Identity and Custom Trust and provide below details:

a. -Custom Identity Keystore: /path/to/weblogic_identity.jks

b. -Custom Identity Keystore Type: jks

c. -Custom Identity Keystore Passphrase:<password>

d. -Confirm Custom Identity Keystore Passphrase:<password>

e. -Custom Trust Keystore: /path/to/weblogic_trust.jks

f. -Custom Trust Keystore Type: jks

g. -Custom Trust Keystore Passphrase:<password>

h. -Confirm Custom Trust Keystore Passphrase:<password>

4. Then click on SSL tab next to Keystores and provide values for below parameters:

a. -Private Key Alias: weblogicServer

b. -Private Key Passphrase: <password>

c. -Confirm Private Key Passphrase: <password>

5. Then enable SSL port for that particular weblogic server by navigating servers>[server_name]>Configuration>General

6. Enable SSL port for that particular weblogic server by navigating servers>[server_name]>Configuration>General

7. Save and activate changes.

Note: If SSL port is enabled for first time you need to restart server.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s