To configure the Two Way SSL.
On the Admin Server
Select SSL tab: Advanced options
Select SSL tab: Advanced options
Two Way Client Cert Behaviour should be Client Cert Requested and Enforced.
Save it.
Now if you will can try to access the Admin Console over SSL then you will throw some SSL Handshake exception. Because of this process two way SSL, Client is also requested to submit the certificate and we have not configured any certificate for our client
So, we need to configure the certificate for the Client and for that again we need the Certificates for the Client.
We will be using the same CertGen utility of Weblogic Server to create the certificate.
java utils.CertGen <-certfile >ClientCert <-keyfile>ClientKey <-keyfilepass> keypass
java utils.CertGen <-certfile >ClientCert <-keyfile>ClientKey <-keyfilepass> keypass
Again it will create four certificates for the client.
To convert the client certificate into the PKCS12 format because the browsers generally accept PKSC12 keystore format for storing certificates.
Go to the OpenSSL bin directory and run the openssl.exe file then it will open up the OpenSSL command window where we can run the OpenSSL command.
On this OpenSSL command use run the following command:
pkcs12 -export -in C:ServerCertClientCert.pem -inkey C:ServerCertClientKey.pem -out C:ServerCertclient-pkcs-12-cert
- This will ask for a ClientKey.pem password: <xxxx>
- Enter the Export Password: <xxx>
- Confirm the Export Pass:<xxx>
- This will create the client-pkcs-12-cert.
- Now configuring the above certificate into the Browser:
- Open Mozilla Firefox >>> Tools >>> Options >>> Encryption >>> View Certificates:
- Certificates Tab >>> click on import >>>
- Select the client-pkcs-12-cert created above.
- Enter the Key password: <xxx>
- This will import the Client certificate into the Browser.
- Now Restart the required Browser.
- Try accessing the Admin Console through the Bowser.
- Now the Browser will be able to access the Admin Console.
