{"id":4169,"date":"2012-01-24T13:51:18","date_gmt":"2012-01-24T18:51:18","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=4169"},"modified":"2012-08-02T09:18:05","modified_gmt":"2012-08-02T14:18:05","slug":"weblogic11g-configure-ssl","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=4169","title":{"rendered":"WebLogic11g: Configure SSL"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tOverview<\/a>\n\t<\/li>\n\t
  2. \n\t\tDemo Key Stores<\/a>\n\t\t
      \n\t\t\t
    1. \n\t\t\t\tDemoIdentity.jks<\/a>\n\t\t\t<\/li>\n\t\t\t
    2. \n\t\t\t\tDemoTrust.jks<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
    3. \n\t\tConfigure SSL for wlbox<\/a>\n\t\t
        \n\t\t\t
      1. \n\t\t\t\tGenerate Private Key Pair<\/a>\n\t\t\t<\/li>\n\t\t\t
      2. \n\t\t\t\tSign CSR<\/a>\n\t\t\t<\/li>\n\t\t\t
      3. \n\t\t\t\tImport Signed Certificate<\/a>\n\t\t\t<\/li>\n\t\t\t
      4. \n\t\t\t\tCreate Trust Key Store<\/a>\n\t\t\t<\/li>\n\t\t\t
      5. \n\t\t\t\tSetup Identity and Trust Stores for WebLogic<\/a>\n\t\t\t<\/li>\n\t\t\t
      6. \n\t\t\t\tSetup SSL<\/a>\n\t\t\t<\/li>\n\t\t\t
      7. \n\t\t\t\tTurn on SSL Listen Port<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
      8. \n\t\tConfigure SSL for wlbox1 Machine<\/a>\n\t\t
          \n\t\t\t
        1. \n\t\t\t\tGenerate Private Key Pair<\/a>\n\t\t\t<\/li>\n\t\t\t
        2. \n\t\t\t\tSign CSR<\/a>\n\t\t\t<\/li>\n\t\t\t
        3. \n\t\t\t\tImport Signed Certificate<\/a>\n\t\t\t<\/li>\n\t\t\t
        4. \n\t\t\t\tCreate Trust Key Store<\/a>\n\t\t\t<\/li>\n\t\t\t
        5. \n\t\t\t\tSetup Identity and Trust Stores for WebLogic<\/a>\n\t\t\t<\/li>\n\t\t\t
        6. \n\t\t\t\tSetup SSL<\/a>\n\t\t\t<\/li>\n\t\t\t
        7. \n\t\t\t\tTurn on SSL Listen Port<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
        8. \n\t\tEnable SSL between wlbox and wlbox1<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n
           <\/div>\n

          Overview<\/h2><\/span>\n

          * Preferred formats:
          \n– PEM
          \n– JKS<\/p>\n

          Demo Key Stores<\/h2><\/span>\n

          DemoIdentity.jks<\/h3><\/span>\n

          * Contains a demo private key
          \n* Located: $WL_HOME\/weblogic\/wlserver_10.3\/ server\/lib\/DemoIdentity.jks<\/em>
          \n* Key store password: DemoIdentityKeyStorePassPhrase<\/strong>
          \n* Private key password: DemoIdentityPassPhrase<\/strong><\/p>\n

          \r\n# List demoidentity key\r\n$JAVA_HOME\/bin\/keytool -list -v -alias demoidentity -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase\r\n\r\n# Export demoidentity cert\r\n$JAVA_HOME\/bin\/keytool -export -keystore DemoIdentity.jks -alias demoidentity -file demoidentity.der -storepass DemoIdentityKeyStorePassPhrase\r\n<\/pre>\n
          DemoTrust.jks<\/h3><\/span>\n
          * Contains a list of trusted CAs
          \n* Located: $WL_HOME\/server\/lib\/DemoTrust.jks<\/em>
          \n* Trust store password: DemoTrustKeyStorePassPhrase<\/strong><\/p>\n
          \r\n$JAVA_HOME\/bin\/keytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase\r\n<\/pre>\n
          Configure SSL for wlbox<\/h2><\/span>\n
          * Keys are generated in wlbox1 machine
          \n* wlbox1 is also used as CA box<\/p>\n
          Generate Private Key Pair<\/h3><\/span>\n
          \r\n\r\n# Prepare directories to hold identity\r\ncd ~\/\r\nmkdir identity\r\ncd identity\r\nmkdir wlbox\r\ncd wlbox\r\n\r\n# Generate private key. Use -validity to specify validity days which default to 90 days\r\n$JAVA_HOME\/bin\/keytool -genkey -alias wlbox -keyalg RSA -sigalg SHA1withRSA -keystore wlbox.keystore -storepass secret -keypass secret -dname \"CN=wlbox, emailAddress=jd@tmprealm.com, OU=tmpRealm, O=tmpOrg, L=Reston, S=VA, C=US\"\r\n\r\n# Generate CSR\r\n$JAVA_HOME\/bin\/keytool -certreq -alias wlbox -sigalg SHA1withRSA -file wlbox.csr -keystore wlbox.keystore -storepass secret\r\n\r\n#Inspect keys\r\n$JAVA_HOME\/bin\/keytool -list -v -alias wlbox -keystore wlbox.keystore\r\n<\/pre>\n
          Sign CSR<\/h3><\/span>\n
          \r\n# Go to exampleca directory\r\ncd ~\/exampleca\r\n\r\n# Copy csr to ca\r\ncp ~\/identity\/wlbox\/wlbox.csr csr\r\n\r\n# Sign csr. Use -days to specify the number of days to certify the certificate for. Default to 360 days.\r\nopenssl ca -in csr\/wlbox.csr\r\n\r\n# Rename cert to meaningful name\r\ncd certs\r\nmv 02.pem wlbox.pem\r\n<\/pre>\n
          Import Signed Certificate<\/h3><\/span>\n
          * Commands:<\/p>\n
          \r\ncd ~\/identity\/wlbox\r\n\r\n# Copy certs\r\ncp ~\/exampleca\/cacert.pem .\r\ncp ~\/exampleca\/certs\/wlbox.pem .\r\n\r\n# Remove from wlbox.pem all text except those between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----\r\nvi wlbox.pem\r\n\r\n# Import cacer cert\r\n$JAVA_HOME\/bin\/keytool -import -v -keystore wlbox.keystore -alias cacert -storepass secret -file cacert.pem\r\n\r\n# Import wlbox cert\r\n$JAVA_HOME\/bin\/keytool -import -v -keystore wlbox.keystore -alias wlbox -storepass secret -file wlbox.pem\r\n\r\n# List keystore\r\n$JAVA_HOME\/bin\/keytool -list -v -alias wlbox -keystore wlbox.keystore\r\n\r\n<\/pre>\n
          Create Trust Key Store<\/h3><\/span>\n
          * Commands:<\/p>\n
          \r\n# Copy Java cacerts\r\ncp $JAVA_HOME\/jre\/lib\/security\/cacerts .\/wlbox.truststore\r\n\r\n# Import cacer cert\r\n$JAVA_HOME\/bin\/keytool -import -v -keystore wlbox.truststore -alias cacert -storepass changeit -file cacert.pem\r\n\r\n# Import wlbox cert\r\n$JAVA_HOME\/bin\/keytool -import -v -keystore wlbox.truststore -alias wlbox -storepass changeit -file wlbox.pem\r\n\r\n# List keystore\r\n$JAVA_HOME\/bin\/keytool -list -v -alias wlbox -keystore wlbox.truststore\r\n<\/pre>\n
          Setup Identity and Trust Stores for WebLogic<\/h3><\/span>\n
          * Copy wlbox.keystore and wlbox.truststore to wlbox<\/p>\n
          \r\nmkdir ~\/identity\r\n# Copy wlbox.keystore and wlbox.truststore to identity directory\r\n<\/pre>\n
          * Go to domain > Environment > Servers > examplesServer > Configuration > Keysotres<\/em>
          \n* Click Lock & Edit<\/em> and Change<\/em>
          \n* Select Custom Identity and Custom Trust<\/em> and click Save
          \n* Enter:
          \nIdentity:
          \n– Custom Identity Keystore: \/home\/oracle\/identity\/wlbox.keystore
          \n– Custom Identity Keystore Type: jks
          \n– Custom Identity Keystore Passphrase: secret
          \nTrust:
          \n– Custom Trust Keystore: \/home\/oracle\/identity\/wlbox.truststore
          \n– Custom Trust Keystore Type: jks
          \n– Custom Trust Keystore Passphrase: changeit
          \n* Click Save<\/p>\n
          Setup SSL<\/h3><\/span>\n
          * Go to domain > Environment > Servers > examplesServer > Configuration > SSL<\/em>
          \n* Click Lock & Edit<\/em> and Change<\/em>
          \n* Enter:
          \n– Private Key Location:                    # leave blank
          \n– Private Key Passphrase: wlbox
          \n– Private Key Passphrase: secret<\/p>\n
          Turn on SSL Listen Port<\/h3><\/span>\n
          * Go to domain > Environment > Servers > examplesServer > Configuration > General<\/em>
          \n* Click Lock & Edit<\/em>
          \n* Check SSL Listen Port Enabled<\/em>
          \n* Click Save
          \n* Click Activate Changes
          \n* Restart WLS<\/p>\n
          Configure SSL for wlbox1 Machine<\/h2><\/span>\n
          * This is identical to wlbox machine.<\/p>\n
          Generate Private Key Pair<\/h3><\/span>\n
          \r\n\r\n# Prepare directories to hold identity\r\ncd ~\/\r\nmkdir identity\r\ncd identity\r\nmkdir wlbox1\r\ncd wlbox1\r\n\r\n# Generate private key. Use -validity to specify validity days which default to 90 days\r\n$JAVA_HOME\/bin\/keytool -genkey -alias wlbox1 -keyalg RSA -sigalg SHA1withRSA -keystore wlbox1.keystore -storepass secret -keypass secret -dname \"CN=wlbox1, emailAddress=jd@tmprealm.com, OU=tmpRealm, O=tmpOrg, L=Reston, S=VA, C=US\"\r\n\r\n# Generate CSR\r\n$JAVA_HOME\/bin\/keytool -certreq -alias wlbox1 -sigalg SHA1withRSA -file wlbox1.csr -keystore wlbox1.keystore -storepass secret \r\n\r\n#Inspect keys\r\n$JAVA_HOME\/bin\/keytool -list -v -alias wlbox1 -keystore wlbox1.keystore\r\n<\/pre>\n
          Sign CSR<\/h3><\/span>\n
          \r\n# Go to exampleca directory\r\ncd ~\/exampleca\r\n\r\n# Copy csr to ca\r\ncp ~\/identity\/wlbox1\/wlbox1.csr csr\r\n\r\n# Sign csr\r\nopenssl ca -in csr\/wlbox1.csr\r\n\r\n# Rename cert to meaningful name\r\ncd certs\r\nmv 03.pem wlbox1.pem\r\n<\/pre>\n
          Import Signed Certificate<\/h3><\/span>\n
          * Commands:<\/p>\n
          \r\ncd ~\/identity\/wlbox1\r\n\r\n# Copy certs\r\ncp ~\/exampleca\/cacert.pem .\r\ncp ~\/exampleca\/certs\/wlbox1.pem .\r\n\r\n# Remove from wlbox1.pem all text except those between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----\r\nvi wlbox1.pem\r\n\r\n# Import cacer cert\r\n$JAVA_HOME\/bin\/keytool -import -v -keystore wlbox1.keystore -alias cacert -storepass secret -file cacert.pem\r\n\r\n# Import wlbox1 cert\r\n$JAVA_HOME\/bin\/keytool -import -v -keystore wlbox1.keystore -alias wlbox1 -storepass secret -file wlbox1.pem\r\n\r\n# List keystore\r\n$JAVA_HOME\/bin\/keytool -list -v -alias wlbox1 -keystore wlbox1.keystore\r\n\r\n<\/pre>\n
          Create Trust Key Store<\/h3><\/span>\n
          * Commands:<\/p>\n
          \r\n# Copy Java cacerts\r\ncp $JAVA_HOME\/jre\/lib\/security\/cacerts .\/wlbox1.truststore\r\n\r\n# Import cacer cert\r\n$JAVA_HOME\/bin\/keytool -import -v -keystore wlbox1.truststore -alias cacert -storepass changeit -file cacert.pem\r\n\r\n# Import wlbox1 cert\r\n$JAVA_HOME\/bin\/keytool -import -v -keystore wlbox1.truststore -alias wlbox1 -storepass changeit -file wlbox1.pem\r\n\r\n# List keystore\r\n$JAVA_HOME\/bin\/keytool -list -v -alias wlbox1 -keystore wlbox1.truststore\r\n<\/pre>\n
          Setup Identity and Trust Stores for WebLogic<\/h3><\/span>\n
          * Go to domain > Environment > Servers > examplesServer > Configuration > Keysotres<\/em>
          \n* Click Lock & Edit<\/em> and Change<\/em>
          \n* Select Custom Identity and Custom Trust<\/em> and click Save.
          \n* Enter:
          \nIdentity:
          \n– Custom Identity Keystore: \/home\/oracle\/identity\/wlbox1\/wlbox1.keystore
          \n– Custom Identity Keystore Type: jks
          \n– Custom Identity Keystore Passphrase: secret
          \nTrust:
          \n– Custom Trust Keystore: \/home\/oracle\/identity\/wlbox1\/wlbox1.truststore
          \n– Custom Trust Keystore Type: jks
          \n– Custom Trust Keystore Passphrase: changeit
          \n* Click Save<\/p>\n
          Setup SSL<\/h3><\/span>\n
          * Go to domain > Environment > Servers > examplesServer > Configuration > SSL<\/em>
          \n* Click Lock & Edit<\/em> and Change<\/em>
          \n* Enter:
          \n– Private Key Location:                    # leave blank
          \n– Private Key Passphrase: wlbox1
          \n– Private Key Passphrase: secret<\/p>\n
          Turn on SSL Listen Port<\/h3><\/span>\n
          * Go to domain > Environment > Servers > examplesServer > Configuration > General<\/em>
          \n* Click Lock & Edit<\/em>
          \n* Check SSL Listen Port Enabled<\/em>
          \n* Click Save
          \n* Click Activate Changes
          \n* Restart WLS<\/p>\n
          Enable SSL between wlbox and wlbox1<\/h2><\/span>\n
          * Import wlbox server cert into wlbox1 trust store:<\/p>\n
          \r\ncd ~\/identity\/wlbox1\r\ncp wlbox1.truststore wlbox1.truststore.bak\r\ncp ~\/identity\/wlbox\/wlbox.pem .\r\n$JAVA_HOME\/bin\/keytool -import -v -keystore wlbox1.truststore -alias wlbox -storepass changeit -file wlbox.pem\r\n<\/pre>\n
          * Import wlbox1 server cert into wlbox trust store:<\/p>\n
          \r\ncd ~\/identity\/wlbox\r\ncp wlbox.truststore wlbox.truststore.bak\r\ncp ~\/identity\/wlbox1\/wlbox1.pem .\r\n$JAVA_HOME\/bin\/keytool -import -v -keystore wlbox.truststore -alias wlbox1 -storepass changeit -file wlbox1.pem\r\n<\/pre>\n
          * Restart both wlbox and wlbox1 WebLogic servers.<\/p>\n","protected":false},"excerpt":{"rendered":"
          Overview * Preferred formats: – PEM – JKS Demo Key Stores DemoIdentity.jks * Contains a demo private key * Located: $WL_HOME\/weblogic\/wlserver_10.3\/ server\/lib\/DemoIdentity.jks * Key store password: DemoIdentityKeyStorePassPhrase * Private key password: DemoIdentityPassPhrase # List demoidentity key $JAVA_HOME\/bin\/keytool -list -v -alias … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1,104],"tags":[588,155,577,590],"class_list":["post-4169","post","type-post","status-publish","format-standard","hentry","category-uncategorized","category-weblogic11g","tag-11g","tag-keystore","tag-ssl","tag-weblogic"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-15f","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4169"}],"version-history":[{"count":18,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4169\/revisions"}],"predecessor-version":[{"id":4173,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4169\/revisions\/4173"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}