Here client needs to authenticate to server resources by providing its certificate, it depends on how strong the server requirement is to verify the clients certificate, Here Client verifies server certificate and server verifies client certificates.
Example : WebServer Connecting to WebLogic Server and exchanging certificates for their communication to establish.
Following Fig. Shows how the client and server go through the initial communication when they are setup in 2 Way SSL
As above picture is self explanatory, I do not see space to explain the whole process, we will proceed to the practicals directly.
Step 1. Create the Identity and Trust Key Store for the WebLogic Server.
Identity Key Store is required to define identity of the WebLogic Server, so that clients can use to Trust the server
And Trust Keystore is required to store the Root Certificates of the clients so that it can trust or Identity the incoming requests from the clients.
Create A Server Identity Keystore with your Public Key and Private Key
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -genkey -alias server_cert -keyalg RSA -keysize 2048 -keystore server_identity.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: ShaileshDyade
What is the name of your organizational unit?
[Unknown]: Personal
What is the name of your organization?
[Unknown]: Technology
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN correct?
[no]: yes
Enter key password for <server_cert>
(RETURN if same as keystore password):
Re-enter new password:
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>
Note : Here I have used Keystore and Key Passwords as different
I am done with creating server identity key store file (.JKS extension stands for Java Key Store). you have multiple formats of Keystore available for use with WebLogic Server.
Generate Certificate Signing Request
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -certreq -v -alias server_cert -file csr_for_mysite.csr -keystore server_identity.jks
Enter keystore password:
Enter key password for <server_cert>
Certification request stored in file <csr_for_mysite.pem>
Submit this to your CA
Example : WebServer Connecting to WebLogic Server and exchanging certificates for their communication to establish.
Following Fig. Shows how the client and server go through the initial communication when they are setup in 2 Way SSL
As above picture is self explanatory, I do not see space to explain the whole process, we will proceed to the practicals directly.
Step 1. Create the Identity and Trust Key Store for the WebLogic Server.
Identity Key Store is required to define identity of the WebLogic Server, so that clients can use to Trust the server
And Trust Keystore is required to store the Root Certificates of the clients so that it can trust or Identity the incoming requests from the clients.
Create A Server Identity Keystore with your Public Key and Private Key
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -genkey -alias server_cert -keyalg RSA -keysize 2048 -keystore server_identity.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: ShaileshDyade
What is the name of your organizational unit?
[Unknown]: Personal
What is the name of your organization?
[Unknown]: Technology
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN correct?
[no]: yes
Enter key password for <server_cert>
(RETURN if same as keystore password):
Re-enter new password:
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>
Note : Here I have used Keystore and Key Passwords as different
I am done with creating server identity key store file (.JKS extension stands for Java Key Store). you have multiple formats of Keystore available for use with WebLogic Server.
Generate Certificate Signing Request
D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -certreq -v -alias server_cert -file csr_for_mysite.csr -keystore server_identity.jks
Enter keystore password:
Enter key password for <server_cert>
Certification request stored in file <csr_for_mysite.pem>
Submit this to your CA
No comments:
Post a Comment