Monday, November 26, 2007

SSL in Weblogic

This blog is a bit specific to the application level. Well, but will try to make it generalized so that this entry can be useful to others. And thanks to Abhishek who hepled me in setting for my app.

For making your application SSL secured ,which is deployed in Weblogic application server here are the the following steps :

Steps to setup SSL in Weblogic -

1. Firslty you need to create the java keystore :
a) Type the command -

 C:\bea\jrockit81sp4_142_05\bin> keytool -genkey -alias servercert -keyalg RSA
 -keysize 1024 -dname "CN=jsvede.bea.com,OU=DRE,O=BEA,L=Denver,S=Colorado,C=US"
 -keypass test -keystore server_keystore.jks -storepass test

b) To view the jks file generated -

 C:\bea\jrockit81sp4_142_05\bin> keytool -list -v -keystore server_keystore.jks
 -storepass test


2. Create csr file ie, .per file :

a) Type the command -

 C:\bea\jrockit81sp4_142_05\bin> keytool -certreq -v -alias servercert
 -file csr-for-myserver.pem -keypass test -storepass test
 -keystore server_keystore.jks

b) To view the generated .pem file -

 C:\bea\jrockit81sp4_142_05\bin> more csr-for-myserver.pem


3. Configure in the weblogic :

a) Goto Weblogic console -> Servers -> myserver -> KeyStores & SSL ->
   KeyStore Configuration -> Change

b) Select Custom Identity and Java Standard Trust.

c) Set the following properties -
- Custom Identity KeyStore : E:\bea\jrockit81sp4_142_05\bin\server_keystore.jks
- Custom Identity Keystore Type : jks
- Custom Identity Keystore Pass Phrase : tradex
- Java Standard Trust Key Store Pass Phrase : tradex
- Click on continue
- Private Key Alias : servercert
- Pass Phrase : tradex
- Click on Continue
- Finish

d) In domains -> mydomain -> config.xml,

Set the following in the <server> tag

<SSL Enabled="true" HostnameVerificationIgnored="false"
IdentityAndTrustLocations="KeyStores" Name="admin"
ServerPrivateKeyAlias="servercert"
 ServerPrivateKeyPassPhraseEncrypted="{3DES}OoO7mtolODVhXfQVNGO+8Q=="/>

(You can give the encrypted password as empty also.)

e) In web.xml, set <transport-guarantee> value as
   'INTEGRAL' or 'CONFIDENTIAL'.


Note :
pem - Privacy Enhanced Mail Security Certificate.
jks - JavaKeyStores
csr - Certificate Signing Request
Posted by at
Labels:

2 comments:

Madhu APPS DBA said...

Hi,

Its good a description for SSL but can explain it bit more ...
for example 1)key size why we use keysize 1024 , I hope we use 256 and 512.

2) Can give more steps where did we use per and csr files.

Thanks

May 2, 2013 at 7:02:00 AM PDT
Madhu APPS DBA said...

Hi,

Its good a description for SSL but can explain it bit more ...
for example 1)key size why we use keysize 1024 , I hope we use 256 and 512.

2) Can give more steps where did we use per and csr files.

Thanks

May 2, 2013 at 7:06:00 AM PDT

Post a Comment

Subscribe to: Post Comments (Atom)