Skip to main content

How to Deploy SSL Certificates on Oracle Weblogic

How to Deploy SSL Certificates on Oracle Weblogic


Oracle Weblogic uses the Java Keystore architecture to manage and deploy SSL Certificates. We need to get the certificate from the certifying authority and download the root certificate, intermediate and main certificate out of that.


Steps to deploy:


1) Set Weblogic Environment

/wlserver_10.3/server/bin/setWLSenv.sh

2) Concatenate Certificate with Root Certificate(s) into 1 file

Sequence would as below

Main Signed Cert + CA Intermediate(s) + CA Root

and Save file as: fullcertificate.crt

3) Import Full Cert into identity.jks Keystore
keytool -import -trustcacerts -alias funoracle -file fullcertificate.crt -keystore identity.jks

4) Create Empty Trust Store
This Trust Store will be used to store the Root and Intermediate certificates alone

keytool -genkey -keyalg RSA -alias dummy -keystore truststore.jks

## Answers DO NOT MATTER you will delete this dummy record next

What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]:  yes

Enter key password for
(RETURN if same as keystore password):
Re-enter new password:
 

5) Delete the DUMMY record
Here we remove the “dummy” alias before importing the Trust chain in the next step.

keytool -delete -alias dummy -keystore truststore.jks
 

6) Import the Trust Cert Chain only from the CRT format
CA Intermediate(s) + CA Root

keytool -import -alias root -file inter.crt -keystore truststore.jks
 

7) In Weblogic Console -> Server
Set SSL Listen Port to 443 and disable Listen port for 80 (if you want to force the server to SSL only). Else no action required



8) In Weblogic Console -> Server
Keystore Tab -> Change to Custom Identity and Trust

For Identity set:

Custom Identity Keystore == C:\Oracle\keystore\identity.jks
Custom Identity Keystore Type == JKS
Custom Identity Keystore Passphrase ==
For Trust set:

Custom Trust Keystore == C:\Oracle\keystore\truststore.jks
Custom Trust Keystore Type == JKS
Custom Trust Keystore Passphrase ==

9) In Weblogic Console -> Server
In SSL Tab

Set Private Key Alias == portal
Set Private Key Passphrase ==
In the Advanced Section set Use JSSE SSL on


Labels:

Comments

Post a Comment

Popular posts from this blog

WebLogic migration to OCI using WDT tool

WebLogic migration to OCI using WDT tool Oracle WebLogic Deploy Tool (WDT) is an open-source project designed to simplify and streamline the management of Oracle WebLogic Server domains. With WDT, you can export configuration and application files from one WebLogic Server domain and import them into another, making it a highly effective tool for tasks like migrating on-premises WebLogic configurations to Oracle Cloud. This blog outlines a detailed step-by-step process for using WDT to migrate WebLogic resources and configurations. Supported WLS versions Why Use WDT for Migration? When moving Oracle WebLogic resources from an on-premises environment to Oracle Cloud (or another WebLogic Server), WDT provides an efficient and reliable approach to: Discover and export domain configurations and application binaries. Create reusable models and archives for deployment in a target domain. Key Pre-Requisites Source System: An Oracle WebLogic Server with pre-configured resources such as: Applica...
Post a Comment
Read more

How to Validate TDE Wallet Password in Oracle Database

How to Validate TDE Wallet Password in Oracle Database Validating the Transparent Data Encryption (TDE) wallet password is crucial, especially when ensuring that the password is correct without using the OPEN or CLOSE commands in the database. This blog post explains a straightforward method to validate the TDE password using the mkstore utility. Steps to Validate TDE Wallet Password Follow these steps to validate the TDE wallet password: Step 1: Copy the Keystore/Wallet File Navigate to your existing TDE wallet directory. Copy only the ewallet.p12 file to a new directory. If a cwallet.sso file exists, do not copy it . The absence of cwallet.sso ensures that the wallet does not use auto-login, forcing the utility to prompt for the password. Step 2: Validate Using mkstore Use the mkstore utility to check the contents of the wallet file. The mkstore utility will prompt you for the TDE wallet password, allowing you to validate its correctness. Command Syntax To display the conten...
Post a Comment
Read more

Rename a PDB in Oracle Database Multitenant Architecture in TDE and Non TDE Environment

Rename a PDB in Oracle Database Multitenant Architecture I am sharing a step-by-step guide to help you rename a PDB. This approach uses SQL commands. Without TDE or encryption Wallet Initial Check Check the Current Database Name and Open Mode: SQL > SELECT NAME, OPEN_MODE FROM V$DATABASE; NAME OPEN_MODE --------- -------------------- BEECDB READ WRITE List Current PDBs: SQL > SHOW PDBS; CON_ID CON_NAME OPEN MODE RESTRICTED ---------- ------------------------------ ---------- ---------- 2 PDB$SEED READ ONLY NO 3 FUAT READ WRITE NO We need to RENAME FUAT to BEE  Steps to Rename the PDB Step 1: Export ORACLE_SID Set the Oracle SID to the Container Database (CDB): export ORACLE_SID=BEECDB Step 2: Verify Target PDB Name Availability If the target PDB name is different from the current PDB name, ensure no service exists with the target PDB name. Run SQL to Check Exi...
Post a Comment
Read more