Você está visualizando o conteúdo de ajuda da versão:
- 6.4
- 6.3
- 6.2
- Versões anteriores
To configure SSL on WebLogic Server, you need an SSL credential for authentication. You can use Java keytool to perform the following tasks to create a credential:
Create a public/private key pair, wrap the public key in an X.509 v1 self-signed certificate that is stored as a single-element certificate chain, and then store the certificate chain and the private key in a new keystore. This keystore is the application server’s Custom Identity keystore.
Extract the certificate and insert it into a new keystore. This keystore is the application server’s Custom Trust keystore.
Then, configure WebLogic so that it uses the Custom Identity keystore and Custom Trust keystore that you created. Also, disable the WebLogic Hostname Verification feature because the distinguished name used to create the keystore files did not include the name of the computer that hosts WebLogic.
The keytool command is typically located in the Java jre/bin directory and must include several options and option values, which are listed in the following table.
Keytool option |
Description |
Option value |
---|---|---|
-alias |
The alias of the keystore. |
|
-keyalg |
The algorithm to use to generate the key pair. |
RSA You can use a different algorithm, depending on your company’s policy. |
-keystore |
The location and name of the keystore file. The location can include the absolute path of the file. Or, it can be relative to the current directory of the command prompt where the keytool command is entered. |
|
-file |
The location and name of the certificate file. |
ads-ca.cer |
-validity |
The number of days that the certificate is considered valid. |
3650 You can use a different value, depending on your company’s policy. |
-storepass |
The password that protects the contents of the keystore. |
|
-keypass |
The password that protects the private key of the key pair. |
Use the same password that you used for the -storepass option. The key password must be at least six characters. |
-dname |
The distinguished name that identifies the person who owns the keystore. |
"CN=[User name],OU=[Group Name], O=[Company Name], L=[City Name], S=[State or province], C=[Country Code]"
|
For more information about using the keytool command, see the keytool.html file that is part of your JDK documentation.
-
Enter the following command:
[JAVA_HOME]/bin/keytool -genkey -v -alias ads-credentials -keyalg RSA -keystore "ads-credentials.jks" -validity 3650 -storepass store_password -keypass key_password -dname "CN=Hostname, OU=Group Name, O=CompanyName, L=City Name, S=State,C=Country Code
Observação:
Replace [JAVA_HOME] with the directory where the JDK is installed, and replace the text in italic with values that correspond with your environment.
C:\Program Files\Java\jrockit-jdk1.6.0_24-R28\bin\keytool" -genkey -v -alias ads-credentials -keyalg RSA -keystore "ads-credentials.jks" -validity 3650 -storepass P@ssw0rd -keypass P@ssw0rd -dname "CN=wasnode01, OU=LC, O=Adobe, L=Noida, S=UP,C=91
-
Extract the certificate from the ads-credentials keystore by entering the following command:
[JAVA_HOME]/bin/keytool -export -v -alias ads-credentials
-file "ads-ca.cer" -keystore "ads-credentials.jks"
-storepass store_password
Observação:
Replace [JAVA_HOME] with the directory where the JDK is installed, and replace store_password with the password for the Custom Identity keystore.
C:\Program Files\Java\jrockit-jdk1.6.0_24-R28\bin\keytool" -export -v -alias ads-credentials -file "ads-ca.cer" -keystore "ads-credentials.jks" -storepass P@ssw0rd
-
Insert the certificate into a new keystore file (the Custom Trust keystore) by entering the following command:
[JAVA_HOME]/bin/keytool -import -v -noprompt -alias bedrock -file "ads-ca.cer" -keystore "ads-ca.jks" -storepass store_password -keypass key_password
Observação:
Replace [JAVA_HOME] with the directory where the JDK is installed, and replace store_password and key_password with your own passwords.
C:\Program Files\Java\jrockit-jdk1.6.0_24-R28\bin\keytool" -import -v -noprompt -alias bedrock -file "ads-ca.cer" -keystore "ads-ca.jks" -storepass Password1 -keypass Password1
The Custom Trust keystore file named ‘‘ads-ca.jks’’ is created in the [appserverdomain]/adobe/[server] directory.
Configure WebLogic so that it uses the Custom Identity keystore and Custom Trust keystore that you created. Also, disable the WebLogic Hostname Verification feature because the distinguished name used to create the keystore files did not include the name of the computer that hosts WebLogic Server.
-
Under Identity, specify the following values:
Custom Identity Keystore: [appserverdomain]/adobe/[server name]/ads-credentials.jks, where [appserverdomain] is the actual path and [server name] is the name of the application server.
Custom Identity Keystore Type: JKS
Custom Identity Keystore Passphrase: mypassword (custom identity keystore password)