Skip to content

Instantly share code, notes, and snippets.

@yekki
Created February 11, 2017 01:57
Show Gist options
  • Save yekki/d247e309f40af098afa1223138cd02b3 to your computer and use it in GitHub Desktop.
Save yekki/d247e309f40af098afa1223138cd02b3 to your computer and use it in GitHub Desktop.
2-way SSL for WebLogic
Initialize environment variables via setDomainEnv.sh
1. Use CertGen to Generate Server Private Key and Certificate
java utils.CertGen -selfsigned -certfile MyOwnSelfCA.cer -keyfile MyOwnSelfKey.key -keyfilepass mykeypass -cn "My Own Self CA"
2. Create the Identity Keystore
java utils.ImportPrivateKey -keystore MyOwnIdentityStore.jks -storepass identitypass -keypass keypassword -alias trustself -certfile MyOwnSelfCA.cer.pem -keyfile MyOwnSelfKey.key.pem -keyfilepass mykeypass
3. Import the Certificate into a new Trust keystore
keytool -import -trustcacerts -alias trustself -keystore TrustMyOwnSelf.jks -file MyOwnSelfCA.cer.der -keyalg RSA
WLS Console Settings:
KeyStores
Identity keystore passphrase: identitypass
Trust keystore passphrase: trustpass
SSL
private alias: trustself
private key passphrase: keypassword
4. Testing
WLS Console -> base_domain -> Configuration -> General -> Enable Administration Port (for example: port:2048)
restart WLS
Open following with browser:
https://localhost:2048/console/
The following is for 2-way ssl
1. Create a client certificate using the Self-certified CA certificate
java utils.CertGen -certfile MyClientCert.cer -keyfile MyClientKey.key -keyfilepass clientkeypass -cacert MyOwnSelfCA.cer.der -cakey MyOwnSelfKey.key.der -cakeypass mykeypass -cn "My Client" -e "my.own@self.com" -ou "My Own Self CA"
2. Bundle up the Certificate and Key into a Format the Browser will like (it's PKCS12 if you have to know)
java utils.ImportPrivateKey -keystore MyClientCert.p12 -storepass clientpass -storetype pkcs12 -keypass clientkeypass -alias clientcert -certfile MyClientCert.cer.pem -keyfile MyClientKey.key.pem -keyfilepass clientkeypass
3. Import Trusted CA Certificate and Client Certificate into Browser
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment