Scribd Logo
Upload

Welcome to Scribd!

  • Creation and Installation of SSL Certificate For Key Tool Completed

    Uploaded by

    praveen
    64 views22 pages
    This document provides steps to generate an SSL certificate for WebLogic using the Java keytool utility. It describes: 1. Setting the WebLogic environment variables 2. Creating a folder to store certificate files 3. Generating a keystore and certificate request 4. Obtaining signed certificates from a certificate authority 5. Importing certificates into the keystore 6. Configuring WebLogic to use the keystore for SSL.

    Original Description:

    ssl

    Original Title

    Creation and Installation of SSL Certificate for Key Tool Completed

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides steps to generate an SSL certificate for WebLogic using the Java keytool utility. It describes: 1. Setting the WebLogic environment variables 2. Creating a folder to store certificate files 3. Generating a keystore and certificate request 4. Obtaining signed certificates from a certificate authority 5. Importing certificates into the keystore 6. Configuring WebLogic to use the keystore for SSL.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    64 views22 pages

    Creation and Installation of SSL Certificate For Key Tool Completed

    Uploaded by

    praveen
    This document provides steps to generate an SSL certificate for WebLogic using the Java keytool utility. It describes: 1. Setting the WebLogic environment variables 2. Creating a folder to store certificate files 3. Generating a keystore and certificate request 4. Obtaining signed certificates from a certificate authority 5. Importing certificates into the keystore 6. Configuring WebLogic to use the keystore for SSL.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 22

    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.

    doc

    Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    SSL Configuration for WebLogic

    How to Generate Certificate Using the Key tool for Weblogic

    The keytool is special utility provided by the Java to work with Certificates and security stuff. Here in this we will
    let you know the each option that is useful to create java key store, sign the keystore and

    Step 1 Set the WebLogic environment variables available with the PATH, CLASSPATH etc., by issuing
    C:\bea\weblogic91\server\bin\setWLSEnv.cmd
    On UNIX environments, The profile will be set to work, otherwise you can make sure by running setWLSEnv.sh
    script from $WL_HOME/server/bin path.

    Step 2 Create a dedicated folder (SSLCert- anywhere) to store all Certificate stuff in it. Here we made a folder
    name as ‘cert’ under c:\cert

    Step 3 Generating a “sample.jks” file with java keytool command.

    keytool -genkey -alias one -keyalg RSA -keystore sample.jks

    Note : Please don’t give space while entering your first name and last name as inputs you can enter as sample
    shown.

    Step 4 Creating a certificate request using keytool with the following command

    keytool -certreq -keyalg RSA -alias one -file certreq.csr -keystore sample.jks

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 1/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Better choice to experiment with trail certificates on test environments. Please don’t use this scenario for
    production environment. Easy ways to get a kick start at Google and type SSL Certificate and open VeriSign
    website. Click on “Free 30 day SSL Trial”

    Click on VeriSign @ SSL Test Certificate

    Step 5

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 2/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly
    and the server is properly configured for SSL.

    Now you need to enter the data

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 3/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 4/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Open C:\cert\certreq.csr file and copy the content as specified in the below screen and submit the certreq.csr

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 5/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Click on Submit

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 6/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    You will get the Mail to your mail box as shown below

    VeriSign will send you the Certificate file to your email that you enter while registering. There are two important
    certificate links
    1. Root CA certificate
    2. Intermediate CA certificate

    Click on each link as shown in the lower side of email message that is for download.

    Download the Root CA

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 7/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Click the link

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 8/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 9/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Click on select all button and copy in to one text file in C:\bea\SSLCert and named it as CA.pem Go to second
    link which is given in the email. Do the same for intermediate CA certificate as well.

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 10/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Copy the content and saved as public.pem

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 11/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Total 3 files

    Step 6: To understand these .pem files to Keytool, We need to follow below steps

    keytool -import -alias verisignCA -file CA.pem -keystore sample.jks -trustcacerts

    keytool -import -alias verisignIntermediateCA -file Intermediate.pem -keystore


    sample.jks -trustcacerts

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 12/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Step 7 converting to trusted

    keytool -import -alias one -file public.pem -keystore sample.jks -trustcacerts

    Note : While saving don’t include any spaces in public.pem file

    By using below command check all the reports are successfully imported or not

    Step 8

    keytool -list -keystore mykeystore.jks -v

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 13/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 14/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Go to WebLogic console and enable SSL port


    (domain -> adminserver->configuration -> general)

    Go to keystore tab.

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 15/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    For SSL Tab add the following changes

    Now, restart the WebLogic admin server, open the admin server logs file it will show the following information

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 16/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 17/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Enable Admin server using SSL Port

    When you browser with https first time it will be like this…
    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 18/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Now SSL configuration completed. You can verify that use the https://localhost:7002/console there is no Root
    CA Certificate in your Browser, install RootCA certificate in your browser

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 19/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 20/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Click on Yes button

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 21/22
    8/8/15 Creation_and_Installation_of_SSL_Certificate_for_Key_tool_Completed.doc

    Published by Google Drive – Report Abuse – Updated automatically every 5 minutes

    https://docs.google.com/document/pub?id=1WuxVhrOPzvZ7YUzSGYuhuD5Jbul87vY88d-he9t1a_c 22/22

    You might also like