2-way SSL with WebLogic server 10.3

Gerald Nguyen
Gerald Nguyen
2 min read ยท
Previous | Next
On this page

TOOLS

  1. keytool: a key and certificate management tool. Provided as part of Sun’s JDK Online reference: http://java.sun.com/javase/6/docs/technotes/tools/windows/keytool.htm.

  2. utils.CertGen: a certification generate tool provided by WLS. By default it will generate certificates from default CertGenCA.der and CertGenCAKey.der; but have not been able to generate certificate from other cert and key (probably because of the lack of original cert & key AND CertGenCA has constraint of max 1 descendant). Online renference: http://download.oracle.com/docs/cd/E13222_01/wls/docs103/admin_ref/utils.html#wp1198920

  3. utils.ImportPrivateKey: a tool provided by WLS. Used to import certificate generated by CertGen to keystore as PrivateKey (normal keytool’s importcert store imported key as trustedCertEntry which is unsuitable for Identity & personal keystore)

GENERATE CERTIFICATE FROM WLS CERTIFICATE

  1. Run keytool -genkeypair to generate new certificate into Identity keystore keytool -genkeypair -keystore identity.jks -alias localhost -keypass password

  2. Run utils.CertGen to generate a pair of Certificate and Private Key. java utils.CertGen -keyfilepass pass -certfile testcert -keyfile testkey

  3. Run utils.ImportPrivateKey to import the new Certificate into PKCS12 keystore. java utils.ImportPrivateKey -certfile testcert.der -keyfile testkey.der -keystore personal.p12 -storetype pkcs12 -alias test -storepass pass -keyfilepass pass

  4. Run keytool -importcert to import the WLS root certificate into JKS trust keystore. keytool -importcert -keystore trust.jks -alias root -file CertGenCA.de

  5. Set up WLS to use Indentity keystore identity.jks and Trust keystore trust.jks.

  6. Import PKCS12 keystore to browser (IE, Firefox).

  7. Test

GENERATE YOUR OWN CERTIFICATE

  1. Run keytool -genkeypair to generate new certificate into Identity keystore keytool -genkeypair -keystore identity.jks -alias localhost -keypass password

  2. Run keytool -genkeypair to generate new certificate into PKCS12 Personal keystore keytool -genkeypair -keystore personal.p12 -storetype pkcs12 -alias test -keypass password

  3. Run keytool -exportcert to generate a Certificate from the Personal keystore keytool -exportcert -keystore personal.p12 -storetype pkcs12 -alias test -file test.cer

  4. Run keytool -importcert to import the newly exported Certificate into JKS trust keystore. keytool -importcert -keystore trust.jks -alias test -file test.cer

  5. Run keytool -genkeypair to generate new certificate into Identity keystore keytool -genkeypair -keystore identity.jks -alias localhost -keypass password

  6. Set up WLS to use Indentity keystore identity.jks and Trust keystore trust.jks.

  7. Import PKCS12 keystore to browser (IE, Firefox).

  8. Test