Create a Self Signed Sertificate on WLS 10.3.5 Supporting SHA 256 Algorthim.

1) Set domain to call the keytool

$. setDomainEnv.sh


2) Generate the key

$ keytool -genkey -alias selfsignedcert -keyalg RSA -sigalg SHA256withRSA -keypass privatepassword -keystore identity.jks -storepass password -validity 365

What is your first and last name?
[Unknown]:
example-server.com
What is the name of your organizational unit?
[Unknown]: a
What is the name of your organization?
[Unknown]: e
What is the name of your City or Locality?
[Unknown]: i
What is the name of your State or Province?
[Unknown]: o
What is the two-letter country code for this unit?
[Unknown]: U
Is CN=
example-server.com, OU=a, O=e, L=i, ST=o, C=U correct?
[no]: yes



3) Export the root certificate

$ keytool -export -alias selfsignedcert -sigalg SHA256withRSA -file root.cer -keystore identity.jks
Enter keystore password:
Certificate stored in file <root.cer>



4) Import the root certificate to the trust store


$ keytool -import -alias selfsignedcert -sigalg SHA256withRSA -trustcacerts -file root.cer -keystore trust.jks
Enter keystore password:
Re-enter new password:
Owner: CN=
example-server.com, OU=a, O=e, L=i, ST=o, C=U
Issuer: CN=
example-server.com, OU=a, O=e, L=i, ST=o, C=U
Serial number: 4f17459a
Valid from: Wed Jan 16 15:33:22CLST 2012 until: Thu Jan 15 15:33:22 CLST 2013
Certificate fingerprints:
MD5: 7F:08:FA:DE:CD:D5:C3:D3:83:ED:B8:4F:F2:DA:4E:A1
SHA1: 87:E4:7C:B8:D7:1A:90:53:FE:1B:70:B6:32:22:5B:83:29:81:53:4B
Signature algorithm name: SHA256withRSA
Version: 3
Trust this certificate? [no]: yes
Certificate was added to keystore



5) To check the contents of the keystore

keytool -v -list -keystore identity.jks
Enter keystore password:

***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: selfsignedcert
Creation date: Jan 18, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=example
-server.com, OU=a, O=e, L=i, ST=o, C=U
Issuer: CN=
example-server.com, OU=a, O=e, L=i, ST=o, C=U
Serial number: 4f17459a
Valid from: Wed Jan 16 15:42:16CLST 2012 until: Thu Jan 15 15:42:16 CLST 2013
Certificate fingerprints:
MD5: 7F:08:FA:DE:CD:D5:C3:D3:83:ED:B8:4F:F2:DA:4E:A1
SHA1: 87:E4:7C:B8:D7:1A:90:53:FE:1B:70:B6:32:22:5B:83:29:81:53:4B
Signature algorithm name: SHA256withRSA
Version: 3


*******************************************
*******************************************



6) In some cases, this parameter is needed in the server start up parameters.


-Dweblogic.ssl.JSSEEnabled=true


Otherwise, enable it from the Server configuration -> SSL -> Use JSSE checkbox.
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Antonio De Juan Image

I was formerly a Senior Technical Support Engineer in the Middleware Application Server Team. I worked supporting Weblogic Server, Java EE, Jrockit, Coherence among other Oracle products.
You can find my new blog at :
http://antoniodejuan.wordpress.com/
Oracle WebLogic

Search

Categories
Archives
« May 2015
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today