Configure One-way SSL
By default, SSL is enabled and configured to use the demonstration Identity and Trust keystores. For testing and development purposes, the SSL configuration is complete.
Use the steps in this section to configure SSL for production use.
To configure SSL:
By default, SSL is enabled and configured to use the demonstration Identity and Trust keystores. For testing and development purposes, the SSL configuration is complete.
Use the steps in this section to configure SSL for production use.
To configure SSL:
- Expand the Servers node.
- Select the name of the server for which you want to configure keystores (for example, exampleserver).
- Select the Configuration-->Keystores and SSL tab.
- Information about the demonstration Identity and Trust keystores is displayed in the Keystore Configuration.
- Configure new Identity and Trust keystores for WebLogic Server.
- Click the Change... link in the SSL Configuration to configure attributes for SSL.
- The Configure SSL page appears.
- Specify how the identity and trust for WebLogic Server is stored.
- The following options are available:
- Key Stores—Use this option if you created Identity and Trust keystores for WebLogic Server. If you choose this option, go to step 8.
- Files or Key Store Providers—Use this option if you stored private keys and trusted CA certificates in a file or in a JKS keystore accessed via the WebLogic Keystore provider (as supported in previous releases of WebLogic Server). If you choose this option, go to step 9. This option is available for the purpose of backward compatibility only and it automatcally set with security information from a previous release of WebLogic Server.
- Click Continue.
- Specify the alias used to load the private key into the keystore in the Private Key Alias and the password used to retrieve the private key from the keystore in the Passphrase attibute. You may have specified this information when creating the Identity keystore; however, for the purpose of SSL configuration specify the information again.
- Note: You do not have to specify this information for the Trust keystore because trusted CA certificates are not individually identified to WebLogic Server with aliases. All trusted CA certificates in a keystore identified as trusted by WebLogic Server are trusted. Therefore, WebLogic Server does not require an alias when retrieving a trusted CA certificate from the keystore.
- Specify information about the location of identity and trust for WebLogic Server.
- Note: This step only applies if the Files or Key Store Providers option is specified.
- Private Key File Name—The directory location of the private key for WebLogic Server. Specify a value for this attribute only if you stored the private key for WebLogic Server in a file (versus a WebLogic Keystore provider).
- Private Key Alias—The alias specified when loading the private key for WebLogic Server from the keystore. Specify a value for this field only if you stored the private key for WebLogic Server in a keystore accessed by the WebLogic Keystore provider.
- Passphrase—The password specified when loading the private key for WebLogic Server into the keystore. Specify a value for this field only if you stored the private key for WebLogic Server in a keystore accesssed by the WebLogic Keystore provider. Confirm the password. If you protected the private key file with a password, specify the weblogic.management.pkpassword command-line argument when starting the server.
- Server Certificate File Name— The directory location of the digital certificate for WebLogic Server. If you are using a certificate chain that is deeper than two certificates, you to need to include the entire chain in PEM format in the certificate file.
- Trusted CA File Name—The name of the file containing the PEM-encoded trusted certificate authorities.
- Click Continue.
- Click Finish.
- Reboot WebLogic Server
No comments:
Post a Comment