WebLogic Server 11g and 12c Configure SSL

Posted on by YongJing(敬勇)

最近由于进行安全三级等保,对于web应用要启用https协议,由于修改应用代码需要一些时间,所以选择使用weblogic的ssl来暂时顶替,对Weblogic 11,12c配置SSL需要执行以下操作:
1.创建密钥存储库和证书
2.对Weblogic服务器配置SLL
3.测试通过SSL来访问weblogic

1.创建密钥存储库和证书

[root@ggfwapp1 base_domain]# keytool -genkey -alias server_cert -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "CN=`hostname`,OU=Support,O=Oracle,L=Reading,ST=Berkshire,C=CN" -keypass abcdef -keystore keystore.jks -storepass abcdef -validity 3600


[root@ggfwapp1 base_domain]# keytool -selfcert -v -alias server_cert -keypass abcdef -keystore keystore.jks -storepass abcdef -storetype jks -validity 3600
New certificate (self-signed):
[
[
  Version: V3
  Subject: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 19602090623719098800636488696565132568971729399292278916627114486591858227333395742468863359051755318713390759458530012565088859559851142124513453375262901573573600161911606667875583835689988346028966122749514073743319097824833258333036879524621784635720260866218245014085664041715662535739270842819315383017303960463560367669088786552196892207222513740073834657274289777601277828585874837302630694982849059492221540794576755294558686273906935420995110081764654613750381617199683694501833519148327516410714923674297363912818905309716955901896590958012374365281839683438007996858276943741295216721069229600336393261499
  public exponent: 65537
  Validity: [From: Tue Dec 20 01:10:57 CST 2016,
               To: Thu Oct 29 01:10:57 CST 2026]
  Issuer: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
  SerialNumber: [    585814a1]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 09 FD 21 12 54 58 E6 45   56 C2 B4 FE 79 31 0C EC  ..!.TX.EV...y1..
0010: 35 AF E5 14 B8 94 26 39   DB 8F C6 B7 6E E5 03 7B  5.....&9....n...
0020: CF 48 5F 67 9D E6 3E C8   EA 0E 2E A6 B0 DD F6 1C  .H_g..>.........
0030: 5B E2 13 93 3D CF F4 80   B1 37 0B EE 0A 4E 2C 89  [...=....7...N,.
0040: CB 24 31 88 0F 0A 47 C9   1F 26 59 33 6C A4 6D 8C  .$1...G..&Y3l.m.
0050: A8 4A 7A 93 F7 25 21 9F   0E 61 50 34 8C 63 CF 16  .Jz..%!..aP4.c..
0060: 00 D5 E5 8F AC 2C F0 66   5C 60 1F 37 52 24 85 45  .....,.f\`.7R$.E
0070: BD CF A3 25 02 DF 92 F9   7D 15 D1 48 D7 DD AC D0  ...%.......H....
0080: 5A E1 01 AA 5A BD 99 4B   D6 1A 06 CC BB 31 DC 11  Z...Z..K.....1..
0090: 44 39 38 EC B9 56 8B 59   A6 99 34 54 60 D1 F6 79  D98..V.Y..4T`..y
00A0: C1 B5 0A 56 6A 3A 77 8F   A0 6F 5C B8 D1 D9 F7 AF  ...Vj:w..o\.....
00B0: DE AB 8B 59 FE 76 8E 61   B5 83 F4 F1 F6 04 AC C8  ...Y.v.a........
00C0: 5A B3 FE E5 6E 4E F8 21   FC 3F 0C 95 06 50 24 5B  Z...nN.!.?...P$[
00D0: 12 5E 1C D2 11 D5 C0 71   14 FE A4 73 8E 4E 15 96  .^.....q...s.N..
00E0: D6 28 95 ED 4E 1E 30 6F   AF 26 B7 03 47 25 9E 6F  .(..N.0o.&..G%.o
00F0: EA 15 0A EB 40 F6 F6 D8   DB 32 DD 64 AD 0F F5 70  ....@....2.d...p

]
[Storing keystore.jks]

[root@ggfwapp1 base_domain]# keytool -export -v -alias server_cert -file "`hostname`-rootCA.der" -keystore keystore.jks -storepass abcdef
Certificate stored in file 

[root@ggfwapp1 base_domain]# keytool -import -v -trustcacerts -alias server_cert -file "`hostname`-rootCA.der"   -keystore trust.jks -storepass abcdef
Owner: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
Issuer: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
Serial number: 585814a1
Valid from: Tue Dec 20 01:10:57 CST 2016 until: Thu Oct 29 01:10:57 CST 2026
Certificate fingerprints:
         MD5:  97:3B:58:6C:D0:22:0F:C3:8C:6E:29:99:2D:44:DB:A3
         SHA1: 3B:BA:5B:56:4D:9B:8D:3B:E8:EF:3A:D7:79:D9:B8:9C:43:30:FF:03
         Signature algorithm name: SHA1withRSA
         Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore
[Storing trust.jks]

CN代表服务器的IP地址,注意要记录-alias,-keypass与-storepass参数,因为之后的配置需要使用
Identity Keystore: “/wls12c/user_projects/domains/base_domain/keystore.jks”
Trust Keystore: “/wls12c/user_projects/domains/base_domain/trust.jks”
Alias: server_cert
Store Password: abcdef
Key Password: abcdef
Valid for: 3600 Days (Approx 10 Years)

2.对Weblogic服务器配置SLL
2.1登录weblogic控制台

2.2选择环境->服务器并点击要配置的服务器


2.3选择密钥库

2.4选择密钥库更改选择 定制标识和定制信任(Custom Identity and Custom Trust)

输入以下信息
定制标识密匙库: keystore.jks
定制标识密钥库类型: JKS
定制标识密钥库密码短语: abcdef
确认定制标识密钥库密码短语: abcdef
定制信任密钥库: trust.jks
定制信任密钥库类型: JKS
定制信任密钥库密码短语: abcdef
确认定制信任密钥库密码短语: abcdef

2.5选择SSL页面

私有密钥别名: server_cert
私有密钥密码短语: abcdef
确认私有密钥密码短语句: abcdef

2.6点击一般信息,勾选SSL监听端口

3.测试通过SSL来访问weblogic

发表评论

电子邮件地址不会被公开。

Proudly powered by WordPress | Indrajeet by Sus Hill.