Command 1 :
To create 1024 bit certificate use this:
keytool -genkey -alias certkey -keyalg RSA -keysize 1024 -validity 365 -keypass Welcome1 -keystore testcert.jks -storepass Welcome1
OR:
To create a 2048 bit SHA2/SHA256 certificate use the following command :
>> keytool -genkey -alias mykey -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 1095 -keypass Welcome1 -keystore identity.jks -storepass Welcome1
Command 2 :
>> keytool -export -alias mykey -file root.cer -keystore identity.jks -storepass Welcome1
Command 3 :
>> keytool -import -alias mykey -file root.cer -keystore trust.jks -storepass Welcome1
------------------------------------------------------------------
To see the contents of the keystore use the following command :
Command :
>> keytool -list -v -keystore identity.jks -storepass Welcome1
To see the contents of an individual certificate ( like root.cer in our case ).
Command :
>> keytool -printcert -file root.cer
--------------------------------------------------------------------
Changes Required From The Console:
--------------------------------------------------------------------
Step 1 :
>> Login to Weblogic Admin console --> Environment --> Servers -->
---> AdminServer/bi_server1
--> Configuration ->
--> General
--> SSL Listen Port Enabled ( Check )
Note : The default SSL Listen Port would be 7002, change it if required.
Step 2 :
>> Click on Keystores tab under " Configuration " tab :
Step 2a :
>> Click on the drop down menu next to Keystores and select " Custom Identity and Custom Trust "
Step 2b :
>> Now fill in the following information :
---Identity---
Custom Identity Keystore: <location_with_file_name_of_identity_keystore_that_you_have_created
NOTE : By default WLS will look for this keystore file in domain_home location.
Custom Identity Keystore Type : jks
Custom Identity Keystore Passphrase: < This_would_be_your_storepass >
---Trust---
Custom Trust Keystore : < location_of_trust_keystore_that_you_have_created>
NOTE : By default WLS will look for this keystore file in domain_home location.
Custom Trust Keystore Type : jks
Custom Trust Keystore Passphrase: < This_would_be_your_storepass >
Step 2c :
Now save the changes and click on " SSL " tab :
Private Key Alias: < This_would_be_your_certificate_alias >
Private Key Passphrase: < This_would_be_your_keypass >
Step 3 :
Save the changes and click on the " >Advanced " field under the " SSL " tab :
Set the " Hostname Verification: " to None ( from the drop down menu ).
Note : We need to select the hostname verification as none if the CN of the certificate is not the same as the hostname of the machine where WLS is installed.
Step 4:
Now access your Weblogic Admin console over https URL :
https://Adminserver/bi_server_ip:7002/console
To create 1024 bit certificate use this:
keytool -genkey -alias certkey -keyalg RSA -keysize 1024 -validity 365 -keypass Welcome1 -keystore testcert.jks -storepass Welcome1
OR:
To create a 2048 bit SHA2/SHA256 certificate use the following command :
>> keytool -genkey -alias mykey -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 1095 -keypass Welcome1 -keystore identity.jks -storepass Welcome1
Command 2 :
>> keytool -export -alias mykey -file root.cer -keystore identity.jks -storepass Welcome1
Command 3 :
>> keytool -import -alias mykey -file root.cer -keystore trust.jks -storepass Welcome1
------------------------------------------------------------------
To see the contents of the keystore use the following command :
Command :
>> keytool -list -v -keystore identity.jks -storepass Welcome1
To see the contents of an individual certificate ( like root.cer in our case ).
Command :
>> keytool -printcert -file root.cer
--------------------------------------------------------------------
Changes Required From The Console:
--------------------------------------------------------------------
Step 1 :
>> Login to Weblogic Admin console --> Environment --> Servers -->
---> AdminServer/bi_server1
--> Configuration ->
--> General
--> SSL Listen Port Enabled ( Check )
Note : The default SSL Listen Port would be 7002, change it if required.
Step 2 :
>> Click on Keystores tab under " Configuration " tab :
Step 2a :
>> Click on the drop down menu next to Keystores and select " Custom Identity and Custom Trust "
Step 2b :
>> Now fill in the following information :
---Identity---
Custom Identity Keystore: <location_with_file_name_of_identity_keystore_that_you_have_created
NOTE : By default WLS will look for this keystore file in domain_home location.
Custom Identity Keystore Type : jks
Custom Identity Keystore Passphrase: < This_would_be_your_storepass >
---Trust---
Custom Trust Keystore : < location_of_trust_keystore_that_you_have_created>
NOTE : By default WLS will look for this keystore file in domain_home location.
Custom Trust Keystore Type : jks
Custom Trust Keystore Passphrase: < This_would_be_your_storepass >
Step 2c :
Now save the changes and click on " SSL " tab :
Private Key Alias: < This_would_be_your_certificate_alias >
Private Key Passphrase: < This_would_be_your_keypass >
Step 3 :
Save the changes and click on the " >Advanced " field under the " SSL " tab :
Set the " Hostname Verification: " to None ( from the drop down menu ).
Note : We need to select the hostname verification as none if the CN of the certificate is not the same as the hostname of the machine where WLS is installed.
Step 4:
Now access your Weblogic Admin console over https URL :
https://Adminserver/bi_server_ip:7002/console
