Leave a Comment:
18 comments
Hi,
Can you tell me if the CA always sends back intermediate certificates? I received via email only one txt file which I believe is the SSL certificate.
Thanks,
-Abhishek
Reply@Abhishek
Verisign CA always sends back an email which contains-
1) link to navigate to root CA certificate code
2) link to navigate to intermediate CA certificate codes
3) SSL certificate in form of text at bottom of mail.
In the mail, it will be mention in Step 2- To download intermedtiate certs along with a link.
Regards
Neha Mittal
@ abhishek,
As Neha mentioned, if CA send certificate with intermediate CA then that will be part of certificate itself. You can extract certificate.
Usually for test certificates its manily with intermediate CA but with actual certificates CA usually send just one certificate (Though this is not mandatory, actual certificates can also come with intermediate CA)
ReplyThank you both for your responses.
FYI Neha: This is one of the most helpful posts I have read for using SSL with WebLogic.
We are using Entrust as a CA instead of Verisign. Once I asked our security folks about the intermediate cert, I was sent 3 files.
File 1: Entrust Root Certificate
File 2: Entrust L1 Chain Certificate
File 3: It’s called .NERCERT.txt which I’m assuming is the SSL cert
My questions are:
(1) Is the Entrust Root Certificate my primary certificate as mentioned in the instructions above (Step 3 part 1)?
(2) Is the Entrust L1 Chain Certificate the secondary certificate as mentioned in step 3 above?
(3) Can you confirm that the .NEWCERT.txt is my SSL cert and I need to import it as described in step 4 above?
Thanks again for all your help.
-Abhishek
ReplyHi Neha,
I have deployed an web application on Weblogic server.It comes with the URL with HTTP only.
I want to change it to HTTPS .
Please advise if I need to configure SSL on weblogic in this case or any application level changes allow me to do so.
Please if you could advise me as its really urgent.
Thanks,
Ashish
@ Weblogic Admin and Managed server comes with both HTTP and HTTPS (this is disabled by default). You just need to enabled HTTPS. SSL certificates are pre-bundled so for production you may wish to use certificates from verisign or other certifying authority (CA)
ReplyHello,
I have a few apps running on a weblogic server (using 10g oid and 10g oid) where only one app needs the ssl.
How do i enable ssl for this just app?
The F5 VIP is the front end
Thanks, Joe
Reply@Joe
You can create another managed server in WLS Domain and deploy that specific application on the new managed server.
Then use the above steps to enable SSL on the new managed server where only this app is deployed.
Thanks
Neha
@ Joe,
Do as Neha said or weblogic server can run on both ssl and non ssl listener and then it is down to you to decide which protocol (SSL or Non SSL) to use while accessing application.
Update:
This app wont through sso so no need for sso registration
On the F5 created new new vip with https, added its cert profile for client and server(had created the cert already) add the pool where http ohs is a member in, and was it.
https://newvip.fqdn/appname
Hi Neha,
I have a weblogic server with 2 managed servers. For this cluster there is vip on F5 with http:///analytics.
To implement SSL, do I need to just implement it the vip level by asking the F5 team to create a new vip with https and add the vip’s cert profile to all the servers in the weblogic cluster ?
Please help me understand as this is a critical requirement to us to implement SSL in all our obiee 11g clusters.
Thanks
Maggi
@ Maggi,
Its down to where you want to terminate SSL. F5 supports SSL termincation at load balancer which means you have two options
a) SSL terminate at F5 : Client — SSL—> F5 —– Non SSL —–> WebLogic : In this case weblogic managed server are listening on non SSL
b) SSL terminate at webLogic : Client — SSL—> F5 —– SSL —–> WebLogic : In this case weblogic managed server are listening on SSL
You don’t change any thing at F5 but ask F5 team to
1. Enable SSL at F5
2. Import certificate of site (anayltics) to F5
3. Configure F5 on ssl port to forward request to WebLogic port (ssl or non ssl depending on where are you terminating SSL)
Hi Atul,
Can you explain more on the second point which u have mentioned above i.e.
2. Import certificate of site (anayltics) to F5
How to import the certificate of a site?
Reply@ Certificates for site (analytics) are issued by certifying authority (CA). If you have load balancer then these must be imported in to load balancer using tool provided by load balancer
ReplyHI All,
My Doubt is:
If I configure SSL with identity and trust keystore in weblogic server.
If some one in my team changed the keystore or saved NON SSL, then how can I roll back that configurations as before.
Please anyone reply to this question & do needful.
Thanks.
ReplyDo we have any configuration file or any location to restore or rollback the SSL old configurations…..??
ReplyHi ,
Its not possible if you r looking for old file on server itself however if a backup of sever is running then you can get it re-stored by backup team. It may cost your firm to restore the file.
Regards,
Ashish