Databases Reference
In-Depth Information
(RETURN if same as keystore password): <ENTER>
Generate a new CSR using
PRODIdentity.jks
:
1. Execute the
keytool
utility to generate the CSR.
[wls@prod01]$ keytool -certreq -v -alias prodcert -file PRODCert.
csr -keystore PRODIdentity.jks
2. Type the password when required:
Enter keystore password: <Type the password>
Certification request stored in file <PRODCert.csr>
Submit this to your CA
Sign the CSR and import it into the identity keystore:
1. Submit
PRODCert.csr
to the Certificate Authority of your choice to get the digital
certificate and its private key. For demonstration purposes, this recipe will use the
CertGen
utility to create and sign the certificate from the CSR.
CertGen
uses the
WebLogic Demo CA (
CertGenCA.der
):
[wls@prod01]$ java utils.CertGen -keyfile PRODCertPrivateKey
-keyfilepass password -certfile PRODCert -cn "*.domain.local"
Generating a certificate with common name *.domain.local and key
strength 1024
/oracle/Middleware/wlserver_12.1/server/lib/CertGenCA.der file and
key from /oracle/Middleware/wlserver_12.1/server/lib/CertGenCAKey.
der file
2. Import the server certificate and private keys to the
PRODIdentity.jks
keystore:
[wls@prod01]$ java utils.ImportPrivateKey -keystore PRODIdentity.
jks -keyfile PRODCertPrivateKey.pem -keyfilepass password
-certfile PRODCert.pem -storepass password -alias prodcert
Create the custom trust keystore
PRODTrust.jks
on the
prod01
machine:
1. Create the
PRODTrust.jks
keystore by making a copy from the Standard Java Trust.
[wls@prod01]$ cp /oracle/jvm/jre/lib/security/cacerts ./PRODTrust.
jks
2. Change the default
cacerts
password. The default is
changeit
. Change it to
a new one:
[wls@prod01]$ keytool -storepasswd -keystore PRODTrust.jks
Enter keystore password: changeit
New keystore password: <Type the new password>
Search WWH ::
Custom Search