{"id":2400,"date":"2011-04-18T16:31:15","date_gmt":"2011-04-18T20:31:15","guid":{"rendered":"http:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/"},"modified":"2011-04-18T16:31:15","modified_gmt":"2011-04-18T20:31:15","slug":"implement-ssl-in-weblogic","status":"publish","type":"post","link":"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/","title":{"rendered":"Implement SSL In Weblogic"},"content":{"rendered":"

SSL<\/strong>– Secure Socket Layer Protocol which employs a third party, a certificate authority to identify secure transactions of data at both ends.<\/p>\n

In layman\u2019s terms, this means that all data transmitted between the client & web-server is encrypted & hence is secured.<\/p>\n

Basic terms to understand-<\/p>\n

1) Private Key\/Public Key<\/strong><\/u> :-
\nYou generate a key pair using various tools like (keytool, certgen) out of which one is kept secret which is called the Private key & is used to decrypt the data. Other key known as Public key is distributed to everybody so that they can send an encrypted message.
\nThe encryption using a private key\/public key pair ensures that the data can be encrypted by one key but can only be decrypted by the other key pair.<\/p>\n

2) Certificate & certificate Authority<\/u> <\/strong>– A certificate, contains information about the owner of the certificate, like e-mail address, owner’s name, certificate usage, duration of validity, resource location or Distinguished Name (DN) which includes the Common Name (CN) (web site address or e-mail address depending of the usage) and the certificate ID of the person who certifies (signs) this information.This certifying body is called Certificate Authority.Well known CA’s include Verisgn & Entrust etc.<\/p>\n

3) The trusted certificate authority (CA) certificate establishes trust for a certificate<\/p>\n

4) Private keys and trusted CA certificates are stored in a keystore.
\nThe preferred keystore format in weblogic is JKS<\/strong>(Java KeyStore).<\/p>\n

5) The PEM (Privacy Enhanced Mail) format is the preferred format for private keys, digital certificates, and trusted certificate authorities (CAs).<\/p>\n

6)Servers need a private key, a digital certificate containing the matching public key, and a certificate for at least one trusted certificate authority<\/p>\n

7)\u00a0 WebLogic Server supports private keys, digital certificates, and trusted CA certificates from the following sources:
\n*\u00a0\u00a0\u00a0\u00a0\u00a0 The demonstration digital certificates, private keys, and trusted CA certificates in the WL_HOME\\server\\lib directory and the JAVA_HOME\\jre\\lib\\security directory.
\n*\u00a0\u00a0\u00a0\u00a0\u00a0 Sun Microsystem’s keytool utility can also be used to generate a private key, a self-signed digital certificate for WebLogic Server, and a Certificate Signing Request (CSR).
\n*\u00a0\u00a0\u00a0\u00a0 The CertGen utility generates digital certificates and private keys that should be used only for demonstration or testing purposes in a development environment.<\/p>\n

.<\/p>\n

Steps- To implement SSL in weblogic<\/strong><\/u><\/p>\n

1)First step is to Generate CSR (Certificate signing request)<\/p>\n

Generally to create a CSR we use key tool utility (Location in Linux- $JDK_HOME\/bin) . Follow the below keytool commands to create a CSR.<\/p>\n

.\/keytool -genkey -alias mykey -keyalg RSA -keysize 2048 -dname “CN=<domain name like test.com etc>, OU=<unite like Customer Support etc>, O=<your organization>, L=<your location>, ST=<state>, C=<country code like US>” -keystore identity.jks <\/font>.\/keytool -certreq -alias mykey -file cert.csr -keystore identity.jks<\/font><\/p>\n

By executing the above commands you can create a CSR with name cert.csr which can be forwarded to the signing team for further process of signing.<\/p>\n

CA will issue you root CA certificate , intermediate certificate & SSL certificate which you need to install in your browser & trust keystores respectively.<\/p>\n

2) Install the test root CA certificate into the browser from where you will access the webserver, in my case its firefox
\n2.1. Click on the \u201c Download Secure Site Trial Root Certificate\u201d link
\n2.2. Save the certificate into a file with a .cer extension.
\n2.3. Open a Firefox browser.
\n2.4. Go to Tools> Options > Advanced > View Certificates>Authorities.
\n2.5. Click Import.
\n2.6. Select the Trial Root certificate > click Open.
\n2.7. A dialog box appears that says, “Do you want to trust ‘VeriSign Trial Secure Server Test Root CA’ for the following purposes?”.\u00a0 Check “Trust this CA to identify web sites”.
\n2.8. Click OK.<\/p>\n

3) Install the Trial SSL Intermediate CA Certificates.<\/p>\n

CA will issue two intermediate certificate- Primary & secondary, we have to install them in a keystore, lets say “trust”<\/p>\n

save the codes of primary & secondary certificates in notepad files with .cer extension.Then issue below commands:-<\/p>\n

.\/keytool -import -alias primaryca -keystore trust.jks -trustcacerts -file primaryintermediate.cer
\nEnter keystore password:
\nRe-enter new password:
\n<\/font>Certificate was added to keystore.\/keytool -import -alias secondaryca -keystore trust.jks -trustcacerts -file secondaryintermidiate.cer
\nEnter keystore password:\u00a0
\n<\/font>Certificate was added to keystore<\/p>\n

4) Install the trial SSl certificate in keystore<\/p>\n

CA will send you code of your SSL certificate in email, copy it & save it in notepad with .cer extension. Then run following from webserver<\/p>\n

.\/keytool -import -alias sslcert -keystore trust.jks -trustcacerts -file ssl.cer
\nEnter keystore password:\u00a0 <\/font><\/p>\n

Once you enter password you will see lines like
\n=======================================================
\nOwner: CN=innowave03.com, OU=Terms of use at www.verisign.com\/cps\/testca (c)05, OU=Customer Support, O=ABC, L=London, ST=England, C=UK
\nIssuer: CN=VeriSign Trial Secure Server CA – G2, OU=Terms of use at https:\/\/www.verisign.com\/cps\/testca (c)09, OU=”For Test Purposes Only.\u00a0 No assurances.”, O=”VeriSign, Inc.”, C=US
\nTrust this certificate? [no]:\u00a0 yes
\nCertificate was added to keystore<\/p>\n

================================================================================<\/p>\n

.<\/p>\n

5) Configure Keystore & SSL in weblogic<\/strong><\/u>
\nTo configure SSL:<\/p>\n

5.1. Go to weblogic administration console (http:\/\/<hostname>:<port>\/console). Under Domain–>Environment, expand the Servers node.
\n5.2. Select the name of the server for which you want to configure keystores (for example, testserver).
\n5.3. Select the Configuration–>Keystores and SSL tab.
\nInformation about the demonstration Identity and Trust keystores is displayed in the Keystore Configuration.
\n5.4. Configure new Identity and Trust keystores for WebLogic Server.<\/p>\n

5.5. Click the Change. link in the SSL Configuration to configure attributes for SSL.<\/p>\n

The Configure SSL page appears.<\/p>\n

5.6. Specify how the identity and trust for WebLogic Server is stored. The following options are available:
\n* Key Stores\u2014Use this option if you created Identity and Trust keystores for WebLogic Server. If you choose this option, go to step 8.
\n* Files or Key Store Providers\u2014Use this option if you stored private keys and trusted CA certificates in a file or in a JKS keystore accessed via the WebLogic Keystore provider<\/p>\n

In our case its keystores
\n5.7. Click Continue.
\n5.8. Specify the alias used to load the private key into the keystore . Then the Private Key Alias and the password used to retrieve the private key from the keystore in the Passphrase attibute. You may have specified this information when creating the Identity keystore; however, for the purpose of SSL configuration specify the information again. Skip to step 10.<\/p>\n

5.9. Specify information about the location of identity and trust for WebLogic Server.<\/p>\n

Note: This step only applies if the Files or Key Store Providers option is specified.<\/p>\n

5.10. Click Continue.
\n5.11. Click save.<\/p>\n

Note- By default, WebLogic Server has host name verification enabled. As a function of the SSL handshake, WebLogic Server compares the common name in the SubjectDN in the SSL server’s digital certificate with the host name of the SSL server used to accept the SSL connection.If it doesn’t match, connection drops. For testing purpose you can set it to “NONE” in case your common name is different then what mention in certificate<\/p>\n

5.12 Go to general tab of configuration under the selected server & tick mark the ssl port mark.
\n5.13. Restart WebLogic Server.<\/p>\n

You shall now be able to access the weblogic server on https:\/\/<hostaname>:<ssl port> <\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

SSL– Secure Socket Layer Protocol which employs a third party, a certificate authority to identify secure transactions of data at […]<\/p>\n","protected":false},"author":115,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[39,217],"tags":[],"class_list":["post-2400","post","type-post","status-publish","format-standard","hentry","category-ssl","category-weblogic"],"yoast_head":"\nImplement SSL In Weblogic -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Implement SSL In Weblogic -\" \/>\n<meta property=\"og:description\" content=\"SSL– Secure Socket Layer Protocol which employs a third party, a certificate authority to identify secure transactions of data at […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/\" \/>\n<meta property=\"article:published_time\" content=\"2011-04-18T20:31:15+00:00\" \/>\n<meta name=\"author\" content=\"Masroof Ahmad\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Masroof Ahmad\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/\",\"url\":\"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/\",\"name\":\"Implement SSL In Weblogic -\",\"isPartOf\":{\"@id\":\"https:\/\/onlineappsdba.com\/#website\"},\"datePublished\":\"2011-04-18T20:31:15+00:00\",\"author\":{\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb\"},\"breadcrumb\":{\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/onlineappsdba.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Implement SSL In Weblogic\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/onlineappsdba.com\/#website\",\"url\":\"https:\/\/onlineappsdba.com\/\",\"name\":\"\",\"description\":\"Oracle Implementation & Training Experts\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/onlineappsdba.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb\",\"name\":\"Masroof Ahmad\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g\",\"caption\":\"Masroof Ahmad\"},\"url\":\"https:\/\/onlineappsdba.com\/index.php\/author\/masroof\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Implement SSL In Weblogic -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/","og_locale":"en_US","og_type":"article","og_title":"Implement SSL In Weblogic -","og_description":"SSL– Secure Socket Layer Protocol which employs a third party, a certificate authority to identify secure transactions of data at […]","og_url":"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/","article_published_time":"2011-04-18T20:31:15+00:00","author":"Masroof Ahmad","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Masroof Ahmad","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/","url":"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/","name":"Implement SSL In Weblogic -","isPartOf":{"@id":"https:\/\/onlineappsdba.com\/#website"},"datePublished":"2011-04-18T20:31:15+00:00","author":{"@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb"},"breadcrumb":{"@id":"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/onlineappsdba.com\/index.php\/2011\/04\/18\/implement-ssl-in-weblogic\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/onlineappsdba.com\/"},{"@type":"ListItem","position":2,"name":"Implement SSL In Weblogic"}]},{"@type":"WebSite","@id":"https:\/\/onlineappsdba.com\/#website","url":"https:\/\/onlineappsdba.com\/","name":"","description":"Oracle Implementation & Training Experts","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/onlineappsdba.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb","name":"Masroof Ahmad","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g","caption":"Masroof Ahmad"},"url":"https:\/\/onlineappsdba.com\/index.php\/author\/masroof\/"}]}},"_links":{"self":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts\/2400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/users\/115"}],"replies":[{"embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/comments?post=2400"}],"version-history":[{"count":0,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts\/2400\/revisions"}],"wp:attachment":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/media?parent=2400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/categories?post=2400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/tags?post=2400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}