Databases Reference
In-Depth Information
Setting up SSL for production environments
WebLogic Server 12
c
supports SSL to add security and encryption to the data transmitted
over the network.
In this recipe, SSL will be enabled in the
PROD_AdminServer
instance of the
PROD_DOMAIN
domain.
A new identity keystore and a new trusted keystore will be created to store the new certificate.
The WebLogic Server instances and the Node Manager will be configured to enable the SSL
protocol and use the custom keystores.
Getting ready
The keystores are created with the
keytool
command-line utility, and we will demonstrate
signing a certificate with the
CertGen
Java utility.
keytool
comes as standard with the
Java distribution, and
CertGen
is part of the WebLogic Server. Both utilities run from the
command line, so log in to the Linux shell.
How to do it...
Create the identity keystore
PRODIdentity.jks
on the
prod01
machine:
1. Log in to shell as the user
wls
, and create a new folder named
/oracle/
Middleware/user_projects/domains/PROD_DOMAIN/keystores
:
[wls@prod01]$ mkdir /oracle/Middleware/user_projects/domains/PROD_
DOMAIN/keystores
2. Set the
PROD_DOMAIN
environment variables with the
setDomainEnv.sh
script
and create the keystore:
[wls@prod01]$ cd /oracle/Middleware/user_projects/domains/PROD_
DOMAIN/bin
[wls@prod01]$ . ./setDomainEnv.sh
[wls@prod01]$ cd keystores
[wls@prod01]$ keytool -genkeypair -alias prodcert -keyalg RSA
-keysize 1024 -dname "CN=*.domain.local,OU=MyOrganization,O=MyComp
any,L=MyCity,S=MyState,C=US" -keystore PRODIdentity.jks
3. Type and confirm the password for the keystore, and then type
<ENTER>
to use the
same password for
prodcert
:
Enter keystore password: <Type a new password>
Re-enter new password: <Re-type the password>
Enter key password for <prodcert>
Search WWH ::
Custom Search