I have been getting a lot of request for creating a very simple document for configuring SSL on Weblogic Server.
Its a pretty straight forward configuration, but most people are not aware of it. WLS is by default configured with DemoIdentity and DemoTrust, we just need to enable SSL port under General Tab of the Server and WLS will start listening over SSL on that port. However using Demo Certificates are not recommended in Production Environment so we can either get our certificates signed by a third party certifying authority or use our own root ca which we can use to sign our own certificates. To keep things simple I have developed a simple build script to generate SELF SIGNED CERTIFICATES. You just need to set the environment by running setWLSEnv.cmd present under WL_HOME\server\bin. Run the build script and the keystores will be generated in that directory. I have used keytool to generate the keystores, you can get more details here
http://download.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html
Follow the steps below to configure WLS with your Custom Certificates. Later you can modify the values in the build.xml to suit your requirement. Which makes it very easy to generate the Keys Just by Modifying the Attribute values….
Step1).Create a Directory somewhere like :
C:\MyCertificates
Step2).Write the following “build.xml” file inside “C:\MyCertificates”
———————————————–
<project name=”Generate Keystores” default=”all” basedir=”.”>
<property name=”alias” value=”alias” />
<property name=”dname” value=”CN=localhost, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US”/>
<property name=”keypass” value=”keypass” />
<property name=”identity.jks” value=”identity.jks” />
<property name=”storepass” value=”storepass” />
<property name=”cert.cer” value=”cert.cer” />
<property name=”trust.jks” value=”trust.jks” />
<property name=”jdk.home” value=”C:/bea/jdk150_06? />
<target name=”all” depends=”create-keystores”/>
<property name=”alias” value=”alias” />
<property name=”dname” value=”CN=localhost, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US”/>
<property name=”keypass” value=”keypass” />
<property name=”identity.jks” value=”identity.jks” />
<property name=”storepass” value=”storepass” />
<property name=”cert.cer” value=”cert.cer” />
<property name=”trust.jks” value=”trust.jks” />
<property name=”jdk.home” value=”C:/bea/jdk150_06? />
<target name=”all” depends=”create-keystores”/>
<target name=”create-keystores”>
<echo>Generating Identity of the Server</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-genkey -alias ${alias} -keyalg RSA -keysize 1024 -dname “${dname}” -keypass ${keypass} -keystore ${identity.jks} -storepass ${storepass}’ />
</exec>
<echo>Self Signing the Certificate</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-selfcert -alias ${alias} -dname “${dname}” -keypass ${keypass} -keystore ${identity.jks} -storepass ${storepass}’ />
</exec>
<echo>Exporting the Server certificate</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-export -alias ${alias} -file ${cert.cer} -keystore ${identity.jks} -storepass ${storepass}’ />
</exec>
<echo>Creating Trust Store</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-import -alias ${alias} -file ${cert.cer} -keystore ${trust.jks} -storepass ${storepass} -noprompt’ />
</exec>
</target>
<echo>Generating Identity of the Server</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-genkey -alias ${alias} -keyalg RSA -keysize 1024 -dname “${dname}” -keypass ${keypass} -keystore ${identity.jks} -storepass ${storepass}’ />
</exec>
<echo>Self Signing the Certificate</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-selfcert -alias ${alias} -dname “${dname}” -keypass ${keypass} -keystore ${identity.jks} -storepass ${storepass}’ />
</exec>
<echo>Exporting the Server certificate</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-export -alias ${alias} -file ${cert.cer} -keystore ${identity.jks} -storepass ${storepass}’ />
</exec>
<echo>Creating Trust Store</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-import -alias ${alias} -file ${cert.cer} -keystore ${trust.jks} -storepass ${storepass} -noprompt’ />
</exec>
</target>
</project>
———————————————–
———————————————–
Step3).Now Open a command/Shell Prompt and then run the “. ./setWLSEnv.sh” to setup the Environment.
Step4).Now Just run the ANT script by typing “ant” in the command prompt…. It will create all the required Certificates.
Step5). Now Login to the Amdin Console to Configure these Certificates…
Step5). Now Login to the Amdin Console to Configure these Certificates…
Home >Summary of Servers >AdminServer > General
SSL Listen Port: Enabled (Check)
SSL Listen Port: 7002
SSL Listen Port: Enabled (Check)
SSL Listen Port: 7002
Home >Summary of Servers >AdminServer > Keystores
Keystores: Custom Identity Custom Trust
Identity
Custom Identity Keystore: <path>/identity.jks
Custom Identity Keystore Type: JKS
Custom Identity Keystore Passphrase: storepass
Confirm Custom Identity Keystore Passphrase: storepass
Trust
Custom Trust Keystore:<path>/trust.jks
Custom Trust Keystore Type: JKS
Custom Trust Keystore Passphrase: storepass
Confirm Custom Trust Keystore Passphrase: storepass
Click SAVE
Keystores: Custom Identity Custom Trust
Identity
Custom Identity Keystore: <path>/identity.jks
Custom Identity Keystore Type: JKS
Custom Identity Keystore Passphrase: storepass
Confirm Custom Identity Keystore Passphrase: storepass
Trust
Custom Trust Keystore:<path>/trust.jks
Custom Trust Keystore Type: JKS
Custom Trust Keystore Passphrase: storepass
Confirm Custom Trust Keystore Passphrase: storepass
Click SAVE
Home >Summary of Servers >AdminServer > SSL
Identity and Trust Locations: Keystores
Private Key Alias: alias
Private Key Passphrase: keypass
Confirm Private Key Passphrase: keypass
Click SAVE
Identity and Trust Locations: Keystores
Private Key Alias: alias
Private Key Passphrase: keypass
Confirm Private Key Passphrase: keypass
Click SAVE
Step6).Now try to access the Admin Console…on HTTPS port
https://localhost:7002/console
Hi,
ReplyDeletevery useful info, and Your blog Content Attracting Visitors to read and Spend sometime. The Information which you provided is very much useful for WebLogic Server Administration Training Learners.