In this we will see how to generate self-signed certificate and configure to Weblogic Admin server .Before configuration we have demo certificate
Generated Self-Signed certificate with the below command . We can generate CSR from it and get it signed from third party . SSL configuration steps remain same .
/apps/java11_64/bin/keytool -genkey -v -alias weblogic -keyalg RSA -keysize 2048 -sigalg SHA256withRSA \
-dname “CN=www.abc.com, OU=abc, O=ABC Corp, C=IN, ST=Banglore, L=India” \
–keypass password -storepass password -validity 365 -keystore keystore.jks
Configuring Custom Keystore and truststore will see now .
Login to WLS Admin console
–> Go to Enviroment /Servers and click on the server for which ssl need to enable
–> Go Keystores tab change keystore to Custom Identity and Custom Trust
–> Enter keystore and truststore details then save
–> GO to SSL Tab then enter the certificate to use and keypassword and save
Restart the Admin sever since we did the SSL configuration to Admin server . We need to follow same for each Managed instance on Weblogic for SSL
Now admin logs are loding cert and trust certs from /apps/ssl/keystore.jks Here we used same keystore for both key and trust certs . We can configure seperate trust store if need. <Dec 25, 2020, 12:24:07,261 PM Singapore Standard Time> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias weblogic from the jks keystore file /apps/ssl/keystore.jks.> <Dec 25, 2020, 12:24:07,565 PM Singapore Standard Time> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /apps/ssl/keystore.jks.> <Dec 25, 2020, 12:24:07,929 PM Singapore Standard Time> <Warning> <Security> <BEA-090172> <No trusted certificates have been loaded. Server will not trust to any certificate it receives.>
Expot same cert and import back to same keystore as trust cert. because self signed is signed by it self so same cert is need in trust as well. Export certificate keytool -exportcert -alias weblogic -file wls.cer -keystore keystore.jks Add as trust [wlsuser@localhost ssl]$ /apps/java11_64/bin/keytool -import -alias root -file wls.cer -keystore keystore.jks Enter keystore password: Certificate already exists in keystore under alias <weblogic> Do you still want to add it? [no]: yes Certificate was added to keystore [wlsuser@localhost ssl]$ /apps/java11_64/bin/keytool -list -keystore keystore.jks Enter keystore password: Keystore type: PKCS12 Keystore provider: SUN Your keystore contains 2 entries root, Dec 25, 2020, trustedCertEntry, Certificate fingerprint (SHA-256): B9:CE:10:5C:7C:9D:D9:6B:DF:DC:62:25:DF:FE:86:E2:EF:A0:58:A0:C3:EC:7A:51:93:8E:CC:4D:5E:09:AE:E2 weblogic, Dec 25, 2020, PrivateKeyEntry, Certificate fingerprint (SHA-256): B9:CE:10:5C:7C:9D:D9:6B:DF:DC:62:25:DF:FE:86:E2:EF:A0:58:A0:C3:EC:7A:51:93:8E:CC:4D:5E:09:AE:E2 [wlsuser@localhost ssl]$
If we dont import same cert as trust certificate then the server will start but cannot able to load the page .
After successful SSL configuration we can see new certificate in Weblogic console .
One thought on “How to configure Custom Identity and Custom Trust store in Weblogic”