2-way SSL for WebLogic

gistfile1.txt

Initialize environment variables via setDomainEnv.sh

1. Use CertGen to Generate Server Private Key and Certificate

java utils.CertGen -selfsigned -certfile MyOwnSelfCA.cer -keyfile MyOwnSelfKey.key -keyfilepass mykeypass -cn "My Own Self CA"

2. Create the Identity Keystore

java utils.ImportPrivateKey -keystore MyOwnIdentityStore.jks -storepass identitypass -keypass keypassword -alias trustself -certfile MyOwnSelfCA.cer.pem -keyfile MyOwnSelfKey.key.pem -keyfilepass mykeypass

3. Import the Certificate into a new Trust keystore

keytool -import -trustcacerts -alias trustself -keystore TrustMyOwnSelf.jks -file MyOwnSelfCA.cer.der -keyalg RSA


WLS Console Settings:

KeyStores
Identity keystore passphrase: identitypass
Trust keystore passphrase: trustpass

SSL
private alias: trustself
private key passphrase: keypassword




4. Testing

WLS Console -> base_domain -> Configuration -> General -> Enable Administration Port (for example: port:2048)

restart WLS

Open following with browser:
https://localhost:2048/console/


The following is for 2-way ssl

1. Create a client certificate using the Self-certified CA certificate

java utils.CertGen -certfile MyClientCert.cer -keyfile MyClientKey.key -keyfilepass clientkeypass -cacert MyOwnSelfCA.cer.der -cakey MyOwnSelfKey.key.der -cakeypass mykeypass -cn "My Client" -e "[email protected]" -ou "My Own Self CA"

2. Bundle up the Certificate and Key into a Format the Browser will like (it's PKCS12 if you have to know)

java utils.ImportPrivateKey -keystore MyClientCert.p12 -storepass clientpass -storetype pkcs12 -keypass clientkeypass -alias clientcert -certfile MyClientCert.cer.pem -keyfile MyClientKey.key.pem -keyfilepass clientkeypass

3. Import Trusted CA Certificate and Client Certificate into Browser