Monday May 05, 2014

Steps to configure Custom Identity and Custom Trust with Weblogic Server

Below are the steps to configure Custom Identity and Custom Trust with Weblogic Server :

Step 1 :

Login to Weblogic Admin console --> Environment --> Servers --> < server_name_where_ssl_has_to_be_configured > --> Configuration -> General --> SSL Listen Port Enabled ( Check )

Note : The default SSL Listen Port would be 7002, change it if required. 

Step 2 :

Click on Keystores tab under " Configuration " tab :

Step 2a :

Click on the drop down menu next to Keystores and select " Custom Identity and Custom Trust " 

Step 2b :

Now fill in the following information :

---Identity---  

Custom Identity Keystore : < location_of_identity_keystore_that_you_have_created>

NOTE : By default WLS will look for this keystore file in domain_home location.

 Custom Identity Keystore Type : jks

 Custom Identity Keystore Passphrase: < This_would_be_your_storepass >

 ---Trust---

 Custom Trust Keystore : < location_of_trust_keystore_that_you_have_created>

NOTE : By default WLS will look for this keystore file in domain_home location.

 Custom Trust Keystore Type : jks

 Custom Trust Keystore Passphrase: < This_would_be_your_storepass >

Step 2c :

Now save the changes and click on " SSL " tab :

Private Key Alias: < This_would_be_your_certificate_alias >

Private Key Passphrase: < This_would_be_your_keypass >

Step 3 :

Save the changes and click on the " >Advanced " field under the " SSL " tab :  

Set the " Hostname Verification: " to None ( from the drop down menu ).

NOTE : We need to select the hostname verification as none if the CN of the certificate is not the same as the hostname of the machine where WLS is installed. 

 Now access your Weblogic Admin console over https URL :

 " https://localhost:7002/console "


NOTE : 

To get rid of the above warnings create a csr and get it signed from a third party CA like GoDaddy, Verisign, Thawte etc and configure Custom Identity and Custom Trust in Weblogic Server.

Steps to create a csr and get it signed from a third party CA :

Link : https://blogs.oracle.com/blogbypuneeth/entry/steps_to_create_a_csr

Saturday Aug 24, 2013

Steps to create a self-signed certificate and configure Custom Identity and Custom Trust with Weblogic Server using Keytool...

 What are self signed certificates and how to create them ?

A self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies.

 This term has nothing to do with the identity of the person or organization that actually performed the signing procedure. In technical terms a self-signed certificate is one signed with its own private key.
 Note :
 Identity keystores must contain a private key entry
 Trust store must contain all trusted key entries
 Below are few default values when using keytool command on JDK 1.6 :
 -alias "mykey"
 -keyalg
    "DSA" (when using -genkeypair)
    "DES" (when using -genseckey)
-keysize
    1024 (when using -genkeypair)
    56 (when using -genseckey and -keyalg is "DES")
    168 (when using -genseckey and -keyalg is "DESede")
-validity 90

Note :

-genkey is used in the example here. This was an old name used in previous releases. This old name is still supported in this release and will be supported in future releases, but for clarify the new name, -genkeypair, is preferred going forward.

Changes in keytool in Java 1.6 :

keytool no longer displays password input when entered by users. Since password input can no longer be viewed when entered, users will be prompted to re-enter passwords any time a password is being set or changed (for example, when setting the initial keystore password, or when changing a key password).

Some commands have simply been renamed, and other commands deemed obsolete are no longer listed in this document. All previous commands (both renamed and obsolete) are still supported in this release and will continue to be supported in future releases. The following summarizes all of the changes made to the keytool command interface:

Renamed commands:

-export, renamed to -exportcert
-genkey, renamed to -genkeypair
-import, renamed to -importcert
Commands deemed obsolete and no longer documented:

-keyclone
-identitydb

-selfcert

In this post we will see how to create self-signed cretificates and configure it Weblogic Server 10.3.6 ( CustomIdentityandCustomTrust ).

[Read More]
About

Oracle Fussion Middleware - WebLogic

Search

Archives
« February 2015
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
       
       
Today