Thursday, 26 September 2013

Generating the Keystore for SSL enabled Weblogic server

How to generate a Keystore .jks for weblogic

Open command prompt as an administrator
Go to java folder that you installed in your system eg: c:\Program files\java\jdk1.6.0_26\bin
Enter the command   “ Keytool  -genkey -alias tomcat -keyalg RSA –keystore  keystore.jks”
Answer the questions that cmd asks
  Eg:- what is your first name & last name,
What is your organization unit, what is the name of your organization , city,state,country , Y or N.
Answer all the questions above as per you.
Enter key password for weblogic , re-enter .
Now the keystore.jks fille will be generated in bin folder.
You can verify keystore contents using this command: “keytool –list –v –keystore keystore.jks”
If you are using self certificate then you can save the keystore.jks file and do the following.
(“If you are using the third party certificate then use this

Generate the Certificate Signing Request (CSR) using this command:keytool -certreq -v -alias tomcat -file csr-for-myserver.pem -keystore keystore.jks”
You will get response cert from vendor then save the file & do the following”)

Log into the Admin Console, select the server on which you want to configure the SSL certificate.
Servers-click on the keystore tab,by default it points to the demo certificates.

Server  –>  Click on the Keystore tab. By default it points to the Demo Certificates.
From the dropdown list select the “Custom Identity and  Custom Trust” option.
Enter the identity and trust keystore details

 Configure the identity of the server:
Click on the SSL tab and enter the alias of the private key i.e. client in this case and the keypass password.

NOTE: If you enable the SSL for a WebLogic Server, by default it would be One Way SSL. If you want to change to Two Way SSL, you would require to select  the two way SSL behavior from the Advanced option list.

Configure the SSL port.
By default it would be 7002.
Go to server –> General tab –> Specify  and enable SSL port.

You can see the below messages in the server logs which indicate that the certificates are loaded.
Now you can test the web logic with HTTPS

No comments:

Post a Comment