1、设置环境变量CLASSPATH=$WLS_HOME/server/lib/weblogic.jar
2、编辑$WLS_HOME/common/nodemanager目录下的nodemanager.hosts和nodemanager.properties文件
#在nodemanager.hosts文件中,添加信任的Admin机器名
#在nodemanager.properties文件中,添加参数
PropertiesVersion=8.1
JavaHome=/usr/java/j2sdk1.4.2_09
bea.home=/home/bea
WeblogicHome=/home/bea/weblogic81
ReverseDnsEnabled=true
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityAlias=FinalFantasyKey
CustomIdentityPrivateKeyPassPhrase=password
CustomIdentityKeyStoreFileName=myKeyStore.jks
CustomIdentityKeyStoreType=JKS
CustomIdentityKeyStorePassPhrase=password
CustomTrustKeyStoreFileName=myKeyStore.jks
3、设置“Hostname Verification
Check”
Console --> Server --> Keystore
& SSL --> Advanced Options将"Hostname
Verification"修改为None即可。
4、生成证书
#$WLS_HOME/server/bin/setWLSEnv.sh
#keytool -list -v -alias demoidentity
-keystore DemoIdentity.jks
Passphrase:
DemoIdentityKeyStorePassPhrase
5、Generate private key/public certificate
pair
$keytool -genkey -alias support -Keyalg RSA -keysize 1024 -dname
"CN=www.bea.com, U=support, O=BEA Systems Inc, L=Burlington,
S=Massachusetts, C=US" -keypass weblogic -keystore C:\support.jks
-storepass support
6、Generate certificate request
$keytool -certreq -alias support -sigalg "MD5withRSA" -file
C:\certreq.pem -keypass weblogic -keystore C:\support.jks
-storepass support
7、Receive certificate from
Certification Authority
8、Create Certificate and TrustedCA
files
9、Import root CA into custom trust
keystore
$keytool -import -alias rootca -trustcacerts -file C:\rootCA.cer
-keystore C:\supporttrust.jks -storepass rootca
10、Import signed certificate into
custom identity keystore
$keytool -import -trustcacerts -alias support -file
C:\supportcert.pem -keypass weblogic -keystore C:\support.jks
-storepass support
11、Check files created
使用WebLogic自带的CertGen工具生成相应的证书以及密钥,并加入KeyStore。
1、拷贝$WLS_HOME/server/lib目录下的CertGenCA.der和CertGenCAKey.der到一个临时目录
2、生成myKeyStore.jks文件
#java utils.der2pem
CertGenCAKey.der
#java utils.der2pem
CertGenCA.der
#keytool
-noprompt -import -trustcacerts -alias CA -file CertGenCA.der
-keystore myKeyStore.jks -storepass password
#java utils.CertGen password CakeCert
CakeKey export Cake
#java utils.CertGen password
FinalFantasyCert FinalFantasyKey export FinalFantasy
#java utils.CertGen password
ArmageddonCert ArmageddonKey export Armageddon
#copy /b CakeCert.pem + CertGenCA.pem
CakeCertChain.pem
#copy /b FinalFantasyCert.pem +
CertGenCA.pem FinalFantasyChain.pem
#copy /b ArmageddonCert.pem +
CertGenCA.pem ArmageddonChain.pem
#keytool -import -alias CakeCert
-file CakeCert.pem -keypass password -keystore myKeyStore.jks
-storepass password
#keytool -import -alias
FinalFantasyCert -file FinalFantasyCert.pem -keypass password
-keystore myKeyStore.jks -storepass password
#keytool -import -alias
ArmageddonCert -file ArmageddonCert.pem -keypass password -keystore
myKeyStore.jks -storepass password
#java utils.ImportPrivateKey
myKeyStore.jks password CakeKey password CakeCertChain.pem
CakeKey.pem
#java utils.ImportPrivateKey
myKeyStore.jks password FinalFantasyKey password
FinalFantasyChain.pem FinalFantasyKey.pem
#java utils.ImportPrivateKey
myKeyStore.jks password ArmageddonKey password ArmageddonChain.pem
ArmageddonKey.pem
#java utils.ValidateCertChain -jks
CakeKey myKeyStore.jks password
#java utils.ValidateCertChain -jks
FinalFantasyKey myKeyStore.jks password
#java utils.ValidateCertChain -jks
ArmageddonKey myKeyStore.jks password
命令语法:
keytool
-import [-v] [-noprompt] [-trustcacerts]
[-alias]
[-file] [-keypass]
[-keystore] [-storepass]
[-storetype] [-provider]
...
Usage: java
utils.CertGen
[-cacert] [-cakey]
[-cakeypass] [-selfsigned]
[-certfile] [-keyfile]
[-keyfilepass] [-strength]
[-cn] [-ou] [-o]
[-l] [-s] [-c]
[-subjectkeyid]
[-subjectkeyidformat UTF-8|BASE64]
Usage: java
utils.ImportPrivateKey
[-keystore] [-storepass]
[-storetype] [-keypass] [-alias]
[-certfile] [-keyfile]
[-keyfilepass]
Usage:
java
utils.ValidateCertChain -file pemcertificatefilename
java utils.ValidateCertChain -pem pemcertificatefilename
java utils.ValidateCertChain -pkcs12store pkcs12storefilename
java utils.ValidateCertChain -pkcs12file pkcs12filename
password
java utils.ValidateCertChain -jks alias storefilename
[storePass]