SSL Configuration for WebLogic
How to Generate Certificate Using the Key tool for Weblogic
The keytool is special utility provided by the Java to work with Certificates and security stuff. Here in this we will let you know the each option that is useful to create java key store, sign the keystore and
Step 1 Set the WebLogic environment variables available with the PATH, CLASSPATH etc., by issuing C:\bea\weblogic91\server\bin\setWLSEnv.cmd
On UNIX environments, The profile will be set to work, otherwise you can make sure by running setWLSEnv.sh script from $WL_HOME/server/bin path.
Step 2 Create a dedicated folder (SSLCert- anywhere) to store all Certificate stuff in it. Here we made a folder name as ‘cert’ under c:\cert
Step 3 Generating a “sample.jks” file with java keytool command.
keytool -genkey -alias one -keyalg RSA -keystore sample.jks
Note : Please don’t give space while entering your first name and last name as inputs you can enter as sample shown.
Step 4 Creating a certificate request using keytool with the following command
keytool -certreq -keyalg RSA -alias one -file certreq.csr -keystore sample.jks
Better choice to experiment with trail certificates on test environments. Please don’t use this scenario for production environment. Easy ways to get a kick start at Google and type SSL Certificate and open VeriSign website. Click on “Free 30 day SSL Trial”
Click on VeriSign @ SSL Test Certificate
Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.
Now you need to enter the data
Open C:\cert\certreq.csr file and copy the content as specified in the below screen and submit the certreq.csr
Click on Submit
You will get the Mail to your mail box as shown below
VeriSign will send you the Certificate file to your email that you enter while registering. There are two important certificate links
1. Root CA certificate
2. Intermediate CA certificate
Click on each link as shown in the lower side of email message that is for download.
Download the Root CA
Click the link
Click on select all button and copy in to one text file in C:\bea\SSLCert and named it as CA.pem Go to second link which is given in the email. Do the same for intermediate CA certificate as well.
Copy the content and saved as public.pem
Total 3 files
Step 6: To understand these .pem files to Keytool, We need to follow below steps
keytool -import -alias verisignCA -file CA.pem -keystore sample.jks -trustcacerts
keytool -import -alias verisignIntermediateCA -file Intermediate.pem -keystore sample.jks -trustcacerts
Step 7 converting to trusted
keytool -import -alias one -file public.pem -keystore sample.jks -trustcacerts
Note : While saving don’t include any spaces in public.pem file
By using below command check all the reports are successfully imported or not
keytool -list -keystore mykeystore.jks -v
Go to WebLogic console and enable SSL port
(domain -> adminserver->configuration -> general)
Go to keystore tab.
For SSL Tab add the following changes
Now, restart the WebLogic admin server, open the admin server logs file it will show the following information
Enable Admin server using SSL Port
When you browser with https first time it will be like this…
Now SSL configuration completed. You can verify that use the https://localhost:7002/console there is no Root CA Certificate in your Browser, install RootCA certificate in your browser
Click on Yes button