Enabling SSL in Oracle Weblogic

This how-to is based on Oracle Weblogic 10.3.3 on Solaris 10 (Unix/Linux), lately the release is faster ~.~, the environment will like three tier application where web-app-db reside in the different host.

Make sure to create generic JAVA_HOME, WLS_HOME, and Keystore directory the same in each host. In this case

JAVA_HOME = /opt/jdk1.6
WLS_HOME = /opt/oracle11
Keystore Dir. = /opt/oracle11/ssl

1. Create keystore and exported keystore in Web, cn suppose to be hostname, to find it just type hostname in the console.

keytool -genkeypair -keyalg RSA -keysize 1024 -dname "cn=hostname, ou=anything, o=anything" -alias keystore-alias-web -keypass keypass-password -keystore /opt/oracle11/ssl/webkeystore.jks -storepass storepass-password -validity 9999

keytool -export -rfc -alias keystore-alias-web -storepass storepass-passw0rd -keypass keypass-password -keystore /opt/oracle11/ssl/webkeystore.jks -file /opt/oracle11/ssl/webkeystoreexport.pub

2. Create keystore and exported keystore in App, cn suppose to be hostname, to find it just type hostname in the console.

keytool -genkeypair -keyalg RSA -keysize 1024 -dname "cn=hostname, ou=anything, o=anything" -alias keystore-alias-app -keypass keypass-password -keystore /opt/oracle11/ssl/appkeystore.jks -storepass storepass-password -validity 9999

keytool -export -rfc -alias keystore-alias-app -storepass storepass-passw0rd -keypass keypass-password -keystore /opt/oracle11/ssl/appkeystore.jks -file /opt/oracle11/ssl/appkeystoreexport.pub

3. (Do this in WEB) Copy App’s exported keystore to Web and import it in web trust key (in this case using JDK’s trustkey), can be using SCP or FTP. Before doing it, create a backup of JDK’s trustkey.

keytool -import -alias keystore-alias-app -file /aprisma/oracle11/ssl/appkeystoreexport.pub -keystore /aprisma/jdk1.6/jre/lib/security/cacerts -storepass changeit

4. (Do this in APP) Copy Web’s exported keystore to App and import it in app trust key (in this case using JDK’s trustkey), can be using SCP or FTP. Before doing it, create a backup of JDK’s trustkey.

keytool -import -alias keystore-alias-web -file /aprisma/oracle11/ssl/webkeystoreexport.pub -keystore /aprisma/jdk1.6/jre/lib/security/cacerts -storepass changeit

5. Repeat steps 6 – 8 for each servers that want to listen HTTPS.

6. In the “general” tab enable the “SSL Listen Port Enabled” selectbox and enter a corresponding port (SSL Listen Port: e.g. 7002).

7. Select the tab “keystores” and select “Custom Identity and Java Standard Trust”. Now enter the following information:

Custom Identity Keystore: /opt/oracle11/ssl/webkeystore.jks
Custom Identity Keystore Type: jks
Custom Identity Keystore Passphrase: storepass-passw0rd
Confirm Custom Identity Keystore Passphrase: storepass-passw0rd

8. Move on to the SSL tab and enter the following:

Private Key Alias: keystore-alias-web
Private Key Passphrase: keypass-password
Confirm Private Key Passphrase: keypass-password

Make sure that change all the configuration to SSL type, such as HTTPS, IIOPS, or T3S.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s