Goal is to renew SSL certificate and link it to WebLogic server.
Identify current environment, keystore and SSL configuration on the server.
On the unix box where WebLogic server is installed; get to $cd $JAVA_HOME/bin; >> $jdk1.7.0_79/bin/bin
Below command has to happen as a single line cmd; Don't copy as is
e.g: keytool -genkey -alias bravo -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 824 -keypass app123 -keystore identity.jks -storepass app123
Above command creates identity.jks file.
Below command creates a csr file; which can be supplied to 3rd party to get it signed.
2. keytool -keystore identity.jks -certreq -alias <alias_name> -ext SAN=dns:<!--Enter Server Name--> -keyalg rsa -file <!--ServerName.csr-->>
Answer the questions to get the CSR for. (First and Last Name: itwasea897.vs.com)
e.g: keytool -keystore identity.jks -certreq -alias appName -ext SAN=dns:itwasea897.vs.com -keyalg rsa -file itwasea897.csr
--> After signing 3rd party software would give us a cer file. itwasea897.cer .
Below command imports intermediate & root certificates to trust.jks
Finally import
Below command imports intermediate & root certificates to identity.jks
Finally import
Make sure to update the WebLogic settings to read from latest trust & identity keystore and restart WebLogic server.
Intermediate & Root certificates are shown in below example -
Identify current environment, keystore and SSL configuration on the server.
On the unix box where WebLogic server is installed; get to $cd $JAVA_HOME/bin; >> $jdk1.7.0_79/bin/bin
Below command has to happen as a single line cmd; Don't copy as is
- keytool -genkey -alias bravo -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity <no of days to get certificate for> -keypass <enter private password here> -keystore identity.jks -storepass <enter public password here>
e.g: keytool -genkey -alias bravo -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 824 -keypass app123 -keystore identity.jks -storepass app123
Above command creates identity.jks file.
Below command creates a csr file; which can be supplied to 3rd party to get it signed.
2. keytool -keystore identity.jks -certreq -alias <alias_name> -ext SAN=dns:<!--Enter Server Name--> -keyalg rsa -file <!--ServerName.csr-->>
Answer the questions to get the CSR for. (First and Last Name: itwasea897.vs.com)
e.g: keytool -keystore identity.jks -certreq -alias appName -ext SAN=dns:itwasea897.vs.com -keyalg rsa -file itwasea897.csr
--> After signing 3rd party software would give us a cer file. itwasea897.cer .
Below command imports intermediate & root certificates to trust.jks
- keytool -import -alias inter -file intermediate_3rd_party.cer -keystore trust.jks
- keytool -import -alias root -file root_3rd_party.cer -keystore trust.jks
Finally import
- keytool -import -alias appName -file itwasea897.cer -keystore trust.jks
Below command imports intermediate & root certificates to identity.jks
- keytool -import -alias inter -file intermediate_3rd_party.cer -keystore identity.jks
- keytool -import -alias root -file root_3rd_party.cer -keystore identity.jks
Finally import
- keytool -import -alias appName -file itwasea897.cer -keystore identity.jks
Make sure to update the WebLogic settings to read from latest trust & identity keystore and restart WebLogic server.
Intermediate & Root certificates are shown in below example -
No comments:
Post a Comment