This post covers basics of SSL in WebLogic Server and how to configure SSL with Custom Certificates and Certifying Authority. For SSL in Oracle E-Business Suite click here, SSL in Oracle Internet Directory (OID) click here , SSL in Oracle Virtual Directory (OVD) click here , and for SSL in Oracle Access Manager (OAM) click here

Secure Socket Layer (SSL) is used to encrypt data between client and Server (WebLogic in this case).

1. When user connects to WebLogic Server they can connect
a) Directly to WebLogic Server (Admin or Managed Server Port , more on WebLogic Admin/Managed Server here ) or
b) via Web Server or Load Balancer (Web Server or Load Balancer then connects to WebLogic Server). To configure WebServer (OHS) in front of WebLogic Server click here

User –> Load Balancer (or WebServer) –> WebLogic Server
User –> WebLogic Server

a) You can terminate SSL at Load Balancer (or WebServer) and communication from Load Balancer (or WebServer) to WebLogic Server as non SSL (In this case Load Balancer (or Web Server) is configured to listen on SSL but WebLogic Server is configured to listen on NON SSL)
or
b) You can terminate SSL at WebLogic Server (In this case Load Balancer (or Web Server) and WebLogic Server are all configured to listen on SSL)

2. WebLogic Server (Admin or Managed Server) are configured for both both non-SSL and SSL port (To enable SSL you just need to select SSL Listen Port Enabled in WebLogic Console).

3. SSL certificates are issued to a Server by an certificate signing authority (aka Certifying Authority or CA)

4. There could be one Certifying Authority (root CA) and zero or more intermediate Certifying Authority (root CA delegates authority to issue certificates to intermediary CA)

In above screen
a) Root CA is “Class 3 Public Primary Certification Authority” that issued certificate to
b)VeriSign Class 3 Public Primary Certification Authority – G5” (intermediate CA) that issued certificate to
c)VeriSign Class 3 International Server CA – G3” (intermediate CA) that issued certificate to
d) *.oracle.com

In this case *.oracle.com is certificate where as three certificates above that are trusted certificates (certificates of certifying authority)

5. By default certificates for SSL Listener on WebLogic are Self Signed (i.e. Certificate and Certifying Authority both are WebLogic Server)

6. There are two types of certificate
a) Trusted Certificates - These are certificates of Certifying Authority (CA) . In second screen shot (above) certificates of “VeriSign Class 3 International Server CA – G3” or “VeriSign Class 3 Public Primary Certification Authority – G5” are trusted certificates
b) Identity Certificates – These are certificates of Server to which certificates are issued. In above screen shot certificate of *.oracle.com is identity certificate

7. Certificates (Trusted and Identity) for WebLogic are stored in Keystore. There are various types of Keystore that WebLogic Server Supports. Most common of them is Java Key Store (JKS) , file based repository with extension .jks

8. Java Key Store (JKS) stores two type of keys
a) Trust Store – to store Trusted Certificates (or certificates of certifying authority)
b) Identity Store – to store Identity Certificates (or certificates issues to a server by CA)

Note: You can keep both Trust Store and Identity Store in same Keystore (JKS) or they can be stored in different Keystore (one jks file for identity certificate and second jks file for trust certificates)

 

9. WebLogic comes with default (self signed) identity and trust store under $WL_HOME/server/lib
a) DemoIdentity.jks – Identity Store containing certificates of server (identity certificate)
b) DemoTrust.jks – Identity Store containing certificates of CA (trusted certificate)

10. keystore is managed by java utility keytool. keytool is used to generate certificates request, import certificates (issues by CA) or to import CA’s certificates.

 

Related

More on SSL certificates , keytool and configuring SSL with WebLogic in next post

Related Posts for Learn WebLogic with Us


  1. Oracle WebLogic Installation Steps
  2. Domain , Administration & Managed Server, Cluster in Oracle WebLogic
  3. Create Domain in Oracle WebLogic
  4. Oracle WebLogic Server – Startup/Shutdown
  5. Oracle WebLogic Server 10g R3 10.3 is out now
  6. Deploy Application on Oracle WebLogic Server
  7. Cluster Architecture : Oracle WebLogic Server
  8. Start WebLogic Server on Linux on port 80, 443 <= 1024
  9. JDBC (Java DataBase Connectivity ) in Oracle WebLogic – Overview
  10. WebLogic Server JDBC for Database connection : Step by Step
  11. Security in Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users
  12. Deploy ADF application to Oracle WebLogic Server
  13. Node Manager in Oracle WebLogic Server
  14. Configure Oracle HTTP Server infront of Oracle WebLogic Server mod_wl_ohs
  15. How to install weblogic server on 64 bit O.S. (Linux /Solaris) ?
  16. Oracle WebLogic Login Issue : Password is not correct (Password Lock Policy)
  17. Oracle WebLogic Server : Node Manager in nutshell
  18. Certification : 1Z0-108 Oracle WebLogic Server 10g System Administrator Certified Expert
  19. How to integrate WebLogic with Oracle Internet Directory for Login : Authentication
  20. opatch, adpatch and now “smart update” (BSU) to apply weblogic patches
  21. Disater Recovery documentation for Oracle WebLogic Server 11g (Fusion Middleware)
  22. Authentication Providers in #WebLogic – Oracle Access Manager Identity Assertion for Single Sign-On and OAM Authenticator
  23. Error while starting WebLogic Server : java.lang.NumberFormatException: null
  24. #WebLogic startup prompting from username password : boot.properties
  25. BEA-000286 : Failed to invoke startup class “JRF Startup Class” oracle.jrf.wls.JRFStartup
  26. WebLogic Kerberos (SSO) Authentication Issue : Error 401 Forbidden : No Configuration was registered that can handle the configuration named com. sun. security. jgss. krb5. accept
  27. How to reset Lost Oracle WebLogic Password for Fusion Middleware Applications
  28. Oracle WebLogic Server Certification : 1Z0-108 Practice Question and Dumps
  29. WebLogic Startup fails with Unable to obtain lock on Server may already be running
  30. Oracle Weblogic 12c Launch : Attend online on 1 Dec 2011
  31. Oracle WebLogic 12c (12.1.1) is now available to download
  32. How to Install WebLogic 12C (12.1.1) on Mac
  33. Oracle #WebLogic Server 12c : SE vs EE vs Suite License Options
  34. SSL in WebLogic (CA, KeyStore, Identity & Trust Store) : Things you must know – Part I
  35. SSL in WebLogic Server – Part II : Create KeyStore, generate CSR, Import CERT and configure KeyStore with WebLogic
  36. WebLogic Admin Server Start-up hanging at “Initializing self-tuning thread pool”
  37. Error in WebLogic Clustering : socket MaxMessage Size Exceeded Exception
  38. Changed or New Features in WebLogic 12.1.2
  39. WebLogic SSL configuration : Inconsistent security configuration Cannot convert identity certificate
  40. Dynamic Cluster in WebLogic 12.1.2 : New Features in WebLogic 12c
  41. Identity Propagation between two WebLogic Domains : Cross Domain Security VS Global Trust
  42. WebLogic Admin Server Start Up hangs at ‘Log Management’ BEA-170019 IIOP subsystem enabled
  43. Security:090294 could not get connection javax. net. ssl. SSLKeyException FATAL Alert BAD_CERTIFICATE – A corrupt or unuseable certificate was received
  44. WLST connecting to WebLogic Admin Server failed : Bootstrap to [IP:Port] failed. It is likely that the remote side declared peer gone on this JVM