How to Generate Self Signed Certificates and Import in weblogic server.

In this post you will see how to configure SSL for weblogic.

Open a Command prompt and navigate to Java_home/bin

ssl1

Generate a keystore using the below command.

ssl2

Please find the explanation for the above command.

ssl3.jpg

Once the above step is completed , we have successfully created our server certificate and stored it in the location (E:\Oracle\Middleware\user_projects\domains\fmw_domain).

Now in this step we are listing the certificates in the JKS store with alias weblogic.

We are using the below command to do that.

ssl4

Now in this step we will extract the self-signed certificate in to “trust.pem

We are using the below command to do that.

ssl5

Now let’s import the self-signed certificate (which functions as its own certificate authority) in to “mytrust.jks”.

ssl6

Now we have “myIdentitystore.jks” containing your own host specific certificate and private key, and “trust.jks” containing the trusted certificates.

Now we can list ‘mytrust.jks”to check if the export was successful or not.

We are using the below command to do that .

ssl7

Now we are ready with our certificates, so we can start the configuration of our certificates in web logic server. Start the server and navigate to the server console.

Click on servers to access the servers and click on AdminServer.

The first configuration step is to enable the SSL port.

Select the Check box for “SSL Listen Port Enabled”.

ssl8

Next step in the configuration is to configure the custom keystores.

Navigate to keystores tab and change the keystores from “Demo identity and Demo trust” to “Custom Identity and Custom trust”.

Provide the details for Identity and Trust.

ssl9

ssl10

Provide the above details and SAVE.

The next step in the configuration would be to configure the private key information.

Navigate to SSL tab and change the “Identity and Trust Location” to “Keystores”.

Provide the private Key alias as weblogic and the passphrase as weblogic.

ssl11

Update the details and SAVE.

Now Shutdown the server and restart to reflect the changes.

Now try to access the Admin console with SSL port .

Ex: (https://localhost:7002/console)

Now you can see the certificate.

ssl12

Note that you must generate a self-signed certificate for each host system (the CN will be different in each certificate) unless you disable hostname verification ( HostnameVerificationIgnored=”true” in the config.xml file).

As I have not followed that procedure, I would have to turn off the hostname verification flag from console.

Navigate to SSL tab and click on the advanced options as shown below.

ssl13

Change the value to “None” and SAVE.

If there are any errors in the log file regarding the SSL configuration, we can enable SSL debug using the following steps to troubleshoot the issue further.

From the console page navigate to server->Debug tab and enable SSL debug.

Click on “weblogic” then go to “Security” then select “SSL” check box and then click ENABLE.

ssl14

ssl15

Now save the settings.

Now login to EM console and navigate to the Composite that is having the policy “wss_username_token_over_ssl_service_policy”.

Click on Test Button then it will open the test window.

Change the WSDL URL to  https://localhost:7002/soa-infra/services/default/PolicyTest/policytest_client_ep?WSDL

After entering the input details, go to Security tab and Select the “OWSM Security Policies” as “wss_username_token_over_ssl_client_policy” and provide the username and password.

Then Click on Test web service to get the result.

ssl16

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s