creation and installation of ssl certificate for key tool new

7/27/2019 Creation and Installation of SSL Certificate for Key Tool New

1/47

Generate SSL Certificate Using the Keytool for Weblogic

SSL Configuration

Keytool is utility provided by the Java software

1) Create a folder (cert- anywhere). Here we are creating cert folder under

C:\cert

2) Set the WLST Environment using C:\bea\weblogic91\server\bin\ setWLenv cmd


2/47

Goto C:\cert directory and run the bellow cmd to generate the keystore

keytool -genkey -alias one -keyalg RSA -keystore sample.jks

Note : Dont give space while entering first name and last name


3/47

Next run the following cmd to generate the CSR

keytool -certreq -keyalg RSA -alias one -file certreq.csr -keystore sample.jks


4/47

Goto google.com and type SSL Certigicate and open Verising site

Click on Free 30 day SSL Trial


5/47

Click on Verisign @ SSL Test Ceritificate


6/47

Click on Continue


7/47

Enter the Technical contact & click on Continue


8/47

Select Server not listed on dropdown list


9/47

Give the server name (here we need give to which server provide security) as

weblogic 9.1


10/47

Open C:\cert\ certreq.csr file and copy the content as specified in the below screen

and submit the certreq.csr


11/47

Accept the Agreement & click on submit


12/47


13/47

You will get the Mail to your mail box as shown below

Verisign will send you the Certificate file in the mail

1. Root CA

2. Intermediate CA


14/47

Click on first link as shown in the below mail to download


15/47

Click the link


16/47

Click on the link


17/47

Click on Select All button and copy in to one text file in C:\cert and named it as CA.pem


18/47

Goto second link which received the mail.

Do the same for intermediate certificate as well


19/47

Click on select all button and copy in to one text file in C:\cert and named it asIntermediateCA.pem


20/47

Copy the content

Bellow the two links and

saved as public.pem


21/47

To understand these pem files to Keytool, We need to follow below steps

keytool -import -alias verisignCA -file CA.pem -keystore sample.jks -trustcacerts

Total 3 files


22/47

Next run the bellow cmd

keytool -import -alias verisignIntermediateCA -file IntermediateCA.pem -keystore

sample.jks -trustcacerts

Next run the following cmd

keytool -import -alias one -file public.pem -keystore sample.jks -trustcacerts

Note : While saving dont include any spaces in public.pem file


23/47

By using below command check all the reports are successfully imported or not

keytool list keystore sample.jks -v


24/47


25/47

Go to weblogic console and enable SSL port

(domain -> adminserver->configuration -> general)


26/47

Go to keystore tab.


27/47

For SSL Tab add the following changes

Give the keytool

password

(Eg: weblogic)

Alias name


28/47

Restart the Weblogic admin server ,

In admin server console it will show the following information


29/47


30/47


31/47

Next open console with https://localhost:7004/console

(Mozilla firefox)

Click on I understand the risks
https://localhost:7004/consolehttps://localhost:7004/console


32/47

Click on Add Exception


33/47

Right click on the console any where select view page Info

Click on details button


34/47

Click on view certificate here we can identify certificate information


35/47


36/47

Next open console with https://localhost:7004/console

(Internet Explorer)

There is no Root CA Certificate in your Browser , install RootCA certificate in yourbrowser

Click on view certificate
https://localhost:7004/consolehttps://localhost:7004/console


37/47

Click on Install certificate


38/47

Click on next button


39/47

Click on next button


40/47

Click on finish


41/47

Click on ok

Click on yes button


42/47

Login here


43/47

Right click on the console any where goto properties


44/47

Click on certificate


45/47

Here we can identify Certifificate Information


46/47

Click on details to know the other details


47/47

Click on certification path to know where it is located

creation and installation of ssl certificate for key tool new

Documents