STEP 1: Creating a Keystore (.jks file )
(this is the prime entity that stores your certificates)
# Generate a public key$ keytool -genkey -alias punit -keyalg RSA -keysize 2048 -keystore identity_keystore.jks -storepass weblogic1it will prompt you for following questions: What is your first and last name? [Unknown]: abc.com What is the name of your organizational unit? [Unknown]: MW What is the name of your organization? [Unknown]: CTS What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: INit will prompt for confirmation so give > yes this will create a file named > identityKeystore.jks
STEP 2: Generating CSR (Certificate Signing Request )
$ keytool -certreq -alias punit -file csr.txt -keystore identity_keystore.jks -storepass weblogic1this will create a file named > csr.txt
copy the content of csr.txt and send it to the signing authority, they will encrypt their private key into the CSR's and send three files (root.pem, interim.pem & server.pem)
STEP 3: Importing the Certificates:
open all the three certificates and copy & paste the content into certificate_chain.pem in order
server > intermediate > root
now import this certificate_chain.pem into identity keystore (identity_keystore.jks) using below command
$ keytool -v -import -alias punit -file certificate_chain.pem -keystore identity_keystore.jks -storepass weblogic1or $ keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"
(use alias & password defined by you while requesting the certificate)
it will prompt you for Yes/No > Yes
this will import the certificate chain (Root, Interim, Server) into identity_keystore.jks
if required import (Root, Interim) into trust_keystore.jks as well (optional/Depends)
(now define the ssl & keystore properties from Admin console for identity & trust keystore and bounce the servers)
**
Select keystore type as: Custom Identity and Command-Line Trust
Define attributes for the Identity keystore
Custom Identity Keystore File Name - The fully qualified path to the Identity keystore
Keystore type - The type of the keystore. Generally, this attribute is jks
Keystore PassPhrase—The password defined when creating the keystore
-Enable SSL port of server (from server SSL tab)
-click continue
-click finish
-Reboot weblogic server
NOTE: for SHA2 certs we need to enable JSSE ssl options corresponding to the servers & sometimes if required add below java_options also in server starts or in nodemanger.properties files if node manager is configured.
it will prompt you for Yes/No > Yes
this will import the certificate chain (Root, Interim, Server) into identity_keystore.jks
if required import (Root, Interim) into trust_keystore.jks as well (optional/Depends)
(now define the ssl & keystore properties from Admin console for identity & trust keystore and bounce the servers)
**
Select keystore type as: Custom Identity and Command-Line Trust
Define attributes for the Identity keystore
Custom Identity Keystore File Name - The fully qualified path to the Identity keystore
Keystore type - The type of the keystore. Generally, this attribute is jks
Keystore PassPhrase—The password defined when creating the keystore
-Enable SSL port of server (from server SSL tab)
-click continue
-click finish
-Reboot weblogic server
**
NOTE: for SHA2 certs we need to enable JSSE ssl options corresponding to the servers & sometimes if required add below java_options also in server starts or in nodemanger.properties files if node manager is configured.
-Dweblogic.security.SSL.enableJSSE=true (client)
-Dweblogic.ssl.JSSEEnabled=true (server)
No comments:
Post a Comment