yekki/gist:d247e309f40af098afa1223138cd02b3

## gistfile1.txt
Initialize environment variables via setDomainEnv.sh

1. Use CertGen to Generate Server Private Key and Certificate

java utils.CertGen -selfsigned -certfile MyOwnSelfCA.cer -keyfile MyOwnSelfKey.key -keyfilepass mykeypass -cn "My Own Self CA"

2. Create the Identity Keystore

java utils.ImportPrivateKey -keystore MyOwnIdentityStore.jks -storepass identitypass -keypass keypassword -alias trustself -certfile MyOwnSelfCA.cer.pem -keyfile MyOwnSelfKey.key.pem -keyfilepass mykeypass

3. Import the Certificate into a new Trust keystore

keytool -import -trustcacerts -alias trustself -keystore TrustMyOwnSelf.jks -file MyOwnSelfCA.cer.der -keyalg RSA


WLS Console Settings:

KeyStores
Identity keystore passphrase: identitypass
Trust keystore passphrase: trustpass

SSL
private alias: trustself
private key passphrase: keypassword


4. Testing

WLS Console -> base_domain -> Configuration -> General -> Enable Administration Port (for example: port:2048)

restart WLS

Open following with browser:
https://localhost:2048/console/


The following is for 2-way ssl

1. Create a client certificate using the Self-certified CA certificate

java utils.CertGen -certfile MyClientCert.cer -keyfile MyClientKey.key -keyfilepass clientkeypass -cacert MyOwnSelfCA.cer.der -cakey MyOwnSelfKey.key.der -cakeypass mykeypass -cn "My Client" -e "my.own@self.com" -ou "My Own Self CA"

2. Bundle up the Certificate and Key into a Format the Browser will like (it's PKCS12 if you have to know)

java utils.ImportPrivateKey -keystore MyClientCert.p12 -storepass clientpass -storetype pkcs12 -keypass clientkeypass -alias clientcert -certfile MyClientCert.cer.pem -keyfile MyClientKey.key.pem -keyfilepass clientkeypass

3. Import Trusted CA Certificate and Client Certificate into Browser
	Initialize environment variables via setDomainEnv.sh

	1. Use CertGen to Generate Server Private Key and Certificate

	java utils.CertGen -selfsigned -certfile MyOwnSelfCA.cer -keyfile MyOwnSelfKey.key -keyfilepass mykeypass -cn "My Own Self CA"

	2. Create the Identity Keystore

	java utils.ImportPrivateKey -keystore MyOwnIdentityStore.jks -storepass identitypass -keypass keypassword -alias trustself -certfile MyOwnSelfCA.cer.pem -keyfile MyOwnSelfKey.key.pem -keyfilepass mykeypass

	3. Import the Certificate into a new Trust keystore

	keytool -import -trustcacerts -alias trustself -keystore TrustMyOwnSelf.jks -file MyOwnSelfCA.cer.der -keyalg RSA


	WLS Console Settings:

	KeyStores
	Identity keystore passphrase: identitypass
	Trust keystore passphrase: trustpass

	SSL
	private alias: trustself
	private key passphrase: keypassword




	4. Testing

	WLS Console -> base_domain -> Configuration -> General -> Enable Administration Port (for example: port:2048)

	restart WLS

	Open following with browser:
	https://localhost:2048/console/


	The following is for 2-way ssl

	1. Create a client certificate using the Self-certified CA certificate

	java utils.CertGen -certfile MyClientCert.cer -keyfile MyClientKey.key -keyfilepass clientkeypass -cacert MyOwnSelfCA.cer.der -cakey MyOwnSelfKey.key.der -cakeypass mykeypass -cn "My Client" -e "my.own@self.com" -ou "My Own Self CA"

	2. Bundle up the Certificate and Key into a Format the Browser will like (it's PKCS12 if you have to know)

	java utils.ImportPrivateKey -keystore MyClientCert.p12 -storepass clientpass -storetype pkcs12 -keypass clientkeypass -alias clientcert -certfile MyClientCert.cer.pem -keyfile MyClientKey.key.pem -keyfilepass clientkeypass

	3. Import Trusted CA Certificate and Client Certificate into Browser