WebLogic.SSL

#在nodemanager.hosts文件中，添加信任的Admin机器名

#在nodemanager.properties文件中，添加参数

PropertiesVersion=8.1

JavaHome=/usr/java/j2sdk1.4.2_09

bea.home=/home/bea

WeblogicHome=/home/bea/weblogic81

ReverseDnsEnabled=true

KeyStores=CustomIdentityAndCustomTrust

CustomIdentityAlias=FinalFantasyKey

CustomIdentityPrivateKeyPassPhrase=password

CustomIdentityKeyStoreFileName=myKeyStore.jks

CustomIdentityKeyStoreType=JKS

CustomIdentityKeyStorePassPhrase=password

CustomTrustKeyStoreFileName=myKeyStore.jks

 

Console --> Server --> Keystore & SSL --> Advanced Options将"Hostname Verification"修改为None即可。

4、生成证书

#$WLS_HOME/server/bin/setWLSEnv.sh

#keytool -list -v -alias demoidentity -keystore DemoIdentity.jks

Passphrase： DemoIdentityKeyStorePassPhrase

 

   $keytool -genkey -alias support -Keyalg RSA -keysize 1024 -dname "CN=www.bea.com, U=support, O=BEA Systems Inc, L=Burlington, S=Massachusetts, C=US" -keypass weblogic -keystore C:\support.jks -storepass support

6、Generate certificate request

   $keytool -certreq -alias support -sigalg "MD5withRSA" -file C:\certreq.pem -keypass weblogic -keystore C:\support.jks -storepass support

7、Receive certificate from Certification Authority

8、Create Certificate and TrustedCA files

9、Import root CA into custom trust keystore

   $keytool -import -alias rootca -trustcacerts -file C:\rootCA.cer -keystore C:\supporttrust.jks -storepass rootca

10、Import signed certificate into custom identity keystore

   $keytool -import -trustcacerts -alias support -file C:\supportcert.pem -keypass weblogic -keystore C:\support.jks -storepass support

11、Check files created

 

使用WebLogic自带的CertGen工具生成相应的证书以及密钥，并加入KeyStore。

1、拷贝$WLS_HOME/server/lib目录下的CertGenCA.der和CertGenCAKey.der到一个临时目录

2、生成myKeyStore.jks文件

#java utils.der2pem CertGenCAKey.der

#java utils.der2pem CertGenCA.der
    #keytool -noprompt -import -trustcacerts -alias CA -file CertGenCA.der -keystore myKeyStore.jks -storepass password

#java utils.CertGen password CakeCert CakeKey export Cake

#java utils.CertGen password FinalFantasyCert FinalFantasyKey export FinalFantasy

#java utils.CertGen password ArmageddonCert ArmageddonKey export Armageddon

#copy /b CakeCert.pem + CertGenCA.pem CakeCertChain.pem

#copy /b FinalFantasyCert.pem + CertGenCA.pem FinalFantasyChain.pem

#copy /b ArmageddonCert.pem + CertGenCA.pem ArmageddonChain.pem

#keytool -import -alias CakeCert -file CakeCert.pem -keypass password -keystore myKeyStore.jks -storepass password

#keytool -import -alias FinalFantasyCert -file FinalFantasyCert.pem -keypass password -keystore myKeyStore.jks -storepass password

#keytool -import -alias ArmageddonCert -file ArmageddonCert.pem -keypass password -keystore myKeyStore.jks -storepass password

#java utils.ImportPrivateKey myKeyStore.jks password CakeKey password CakeCertChain.pem CakeKey.pem

#java utils.ImportPrivateKey myKeyStore.jks password FinalFantasyKey password FinalFantasyChain.pem FinalFantasyKey.pem

#java utils.ImportPrivateKey myKeyStore.jks password ArmageddonKey password ArmageddonChain.pem ArmageddonKey.pem

#java utils.ValidateCertChain -jks CakeKey myKeyStore.jks password

#java utils.ValidateCertChain -jks FinalFantasyKey myKeyStore.jks password

#java utils.ValidateCertChain -jks ArmageddonKey myKeyStore.jks password

 

命令语法:

keytool-import [-v] [-noprompt] [-trustcacerts] [-alias]
        [-file] [-keypass]
        [-keystore] [-storepass]
        [-storetype] [-provider] ...