Generate private Key : (Identity Key)
keytool -genkey -keyalg RSA -alias privkey -keystore yourdomain-private.jks
Generate CSR certificate :
keytool -certreq -v -alias privkey -keystore yourdomain-private.jks
Send CSR certificate to the SSL Vendor.
The Server certificate, Root CA, Intermediate certificate and CA Chain certificate will be sent to you.
Combine three certificates into one certificate in the same order as below :
Public.cert (Server Certificate we received in the name of number.crt)
Intermediate.cert(Intermediate Certificate)
Root.cert ( Root CA Certificate)
Save these three certificates into one file yourdomain.crt
Import yourdomain.crt file into yourdomain-private.jks
keytool -import -alias privkey -file yourdomain.crt -keystore yourdomain-private.jks -trustcacerts
keytool -list -v -keystore yourdomain-private.jks (To check the certificate is imported properly or not)
Import Trust identity (Trusted Root certificate)
keytool -import -alias yourdomain -file RootCA.crt -keystore yourdomaintrust.jks -trustcacerts
keytool -list -v -keystore yourdomaintrust.jks ( To check the certificate is imported properly or not)
Login to WebLogic console
Goto Environment and select Servers - (Example Server1).
Click on KeyStores Tab.
Provide the following details under identitiy.
Keystores: Custom Identity and Custom Trust
Custom Identity Keystore : /Path/to/keystore.jks
Custom Identity Keystore : jks
Custom Identity Keystore Passphrase:
Confirm Custom Identity Keystore Passphrase:
Provide the following details under trust..
Custom Trust Keystore: /Path/to/trustkeystore.jks
Custom Trust Keystore Type: jks
Custom Trust Keystore Passphrase:
Confirm Custom Trust Keystore Passphrase:
Click on SSL tab.
Provide the Private Key Alias (the one we provided while generating private key) and passphrase.
Click on General Tab.
Check the box named: Enable SSL Listen port.
Your application is SSL ready!
Ref:
http://m-button.blogspot.com/2008/11/how-to-configure-weblogic-to-use-ssl.html
what about public key?
ReplyDeleteHow do we create public keys and which we are suppose to share to external user or third party ?