Configure SSL in Weblogic application server

1.      Create a Directory C:\MyCertificates

2.      Go to above created folder & add new file – build.xml

<project name=”Generate Keystores” default=”all” basedir=”.”> <property name=”alias” value=”alias” /> <property name=”dname” value=”CN=localhost, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US”/> <property name=”keypass” value=”keypass” /> <property name=”identity.jks” value=”identity.jks” /> <property name=”storepass” value=”storepass” /> <property name=”cert.cer” value=”cert.cer” /> <property name=”trust.jks” value=”trust.jks” /> <property name=”jdk.home” value=”C:/bea/jdk150_06″ /> <target name=”all” depends=”create-keystores”/> <target name=”create-keystores”> <echo>Generating Identity of the Server</echo> <exec executable=”${jdk.home}/bin/keytool.exe”> <arg line=’-genkey -alias ${alias} -keyalg RSA -keysize 1024 -dname “${dname}” -keypass ${keypass} -keystore ${identity.jks} -storepass ${storepass}’ /> </exec> <echo>Self Signing the Certificate</echo> <exec executable=”${jdk.home}/bin/keytool.exe”> <arg line=’-selfcert -alias ${alias} -dname “${dname}” -keypass ${keypass} -keystore ${identity.jks} -storepass ${storepass}’ /> </exec> <echo>Exporting the Server certificate</echo> <exec executable=”${jdk.home}/bin/keytool.exe”> <arg line=’-export -alias ${alias}  -file  ${cert.cer} -keystore ${identity.jks} -storepass ${storepass}’ /> </exec> <echo>Creating Trust Store</echo> <exec executable=”${jdk.home}/bin/keytool.exe”> <arg line=’-import -alias ${alias}  -file  ${cert.cer} -keystore ${trust.jks} -storepass ${storepass} -noprompt’ /> </exec> </target> </project>

 

3.      Now Open a command/Shell Prompt and then run the <bea.home>\weblogic92\server\bin\startWLS.cmd to weblogic specific environment details.

4.      Run the <ant.home>/bin/ant to create all the required Certificates.

 

5.      Create a wlst script to configure the ssl on weblogic, copy below contain to text file and name as ssl.py.

Note that we need to edit the details highlighted in

cd ("/Servers/" + server_name) set ("ListenAddress", “”) set ("ListenPort", “7001”) set("AdministrationPort", server_domain_override_port) set ("KeyStores", "CustomIdentityAndCustomTrust") enc_pass = encrypt (trustpass, domain_home) set ("CustomTrustKeyStorePassPhraseEncrypted", enc_pass) set ("CustomTrustKeyStoreType", "JKS") set ("CustomIdentityKeyStoreFileName", keystore_file) enc_pass = encrypt (keypass, domain_home) set ("CustomIdentityKeyStorePassPhraseEncrypted", enc_pass) set ("CustomIdentityKeyStoreType", "JKS") set ("CustomTrustKeyStoreFileName", truststore_file) ###set ("MSIFileReplicationEnabled", "true") # Managed Server SSL Settings cd ("/Servers/" + server_name + "/SSL/" + server_name) set ("Enabled", "true") set ("ListenPort", server_ssl_listen_port) set ("HostnameVerificationIgnored", "true") set ("ServerPrivateKeyAlias", "weblogic-key") set ("ServerPrivateKeyPassPhraseEncrypted", enc_pass)

 

6.      Run the command <bea.home>\weblogic92\common\bin\wlst.cmd

Or even we can configure manually by using Admin console for that follow below steps

7.      Now Login to the Admin Console to Configure these Certificates…

Home >Summary of Servers >AdminServer > General SSL Listen Port: Enabled (Check) SSL Listen Port: 7002 Home >Summary of Servers >AdminServer > Keystores Keystores: Custom Identity Custom Trust Identity Custom Identity Keystore: <path>/identity.jks Custom Identity Keystore Type: JKS Custom Identity Keystore Passphrase: storepass Confirm Custom Identity Keystore Passphrase: storepass Trust Custom Trust Keystore:<path>/trust.jks Custom Trust Keystore Type: JKS Custom Trust Keystore Passphrase: storepass Confirm Custom Trust Keystore Passphrase: storepass Click SAVE Home >Summary of Servers >AdminServer > SSL Identity and Trust Locations: Keystores Private Key Alias: alias Private Key Passphrase: keypass Confirm Private Key Passphrase: keypass Click SAVE

 

 

Now try to access the Admin Console…on HTTPS port

https://localhost:7002/console