WebLogic Server 11g and 12c Configure SSL

eric0435發表於2016-12-19
WebServer

最近由於進行安全三級等保,對於web應用要啟用https協議,由於修改應用程式碼需要一些時間,所以選擇使用weblogic的ssl來暫時頂替,對Weblogic 11,12c配置SSL需要執行以下操作:
1.建立金鑰儲存庫和證書
2.對Weblogic伺服器配置SLL
3.測試透過SSL來訪問weblogic

1.建立金鑰儲存庫和證書 

[root@ggfwapp1 base_domain]# keytool -genkey -alias server_cert -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "CN=`hostname`,OU=Support,O=Oracle,L=Reading,ST=Berkshire,C=CN" -keypass abcdef -keystore keystore.jks -storepass abcdef -validity 3600


[root@ggfwapp1 base_domain]# keytool -selfcert -v -alias server_cert -keypass abcdef -keystore keystore.jks -storepass abcdef -storetype jks -validity 3600
New certificate (self-signed):
[
[
  Version: V3
  Subject: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 19602090623719098800636488696565132568971729399292278916627114486591858227333395742468863359051755318713390759458530012565088859559851142124513453375262901573573600161911606667875583835689988346028966122749514073743319097824833258333036879524621784635720260866218245014085664041715662535739270842819315383017303960463560367669088786552196892207222513740073834657274289777601277828585874837302630694982849059492221540794576755294558686273906935420995110081764654613750381617199683694501833519148327516410714923674297363912818905309716955901896590958012374365281839683438007996858276943741295216721069229600336393261499
  public exponent: 65537
  Validity: [From: Tue Dec 20 01:10:57 CST 2016,
               To: Thu Oct 29 01:10:57 CST 2026]
  Issuer: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
  SerialNumber: [    585814a1]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 09 FD 21 12 54 58 E6 45   56 C2 B4 FE 79 31 0C EC  ..!.TX.EV...y1..
0010: 35 AF E5 14 B8 94 26 39   DB 8F C6 B7 6E E5 03 7B  5.....&9....n...
0020: CF 48 5F 67 9D E6 3E C8   EA 0E 2E A6 B0 DD F6 1C  .H_g..>.........
0030: 5B E2 13 93 3D CF F4 80   B1 37 0B EE 0A 4E 2C 89  [...=....7...N,.
0040: CB 24 31 88 0F 0A 47 C9   1F 26 59 33 6C A4 6D 8C  .$1...G..&Y3l.m.
0050: A8 4A 7A 93 F7 25 21 9F   0E 61 50 34 8C 63 CF 16  .Jz..%!..aP4.c..
0060: 00 D5 E5 8F AC 2C F0 66   5C 60 1F 37 52 24 85 45  .....,.f\`.7R$.E
0070: BD CF A3 25 02 DF 92 F9   7D 15 D1 48 D7 DD AC D0  ...%.......H....
0080: 5A E1 01 AA 5A BD 99 4B   D6 1A 06 CC BB 31 DC 11  Z...Z..K.....1..
0090: 44 39 38 EC B9 56 8B 59   A6 99 34 54 60 D1 F6 79  D98..V.Y..4T`..y
00A0: C1 B5 0A 56 6A 3A 77 8F   A0 6F 5C B8 D1 D9 F7 AF  ...Vj:w..o\.....
00B0: DE AB 8B 59 FE 76 8E 61   B5 83 F4 F1 F6 04 AC C8  ...Y.v.a........
00C0: 5A B3 FE E5 6E 4E F8 21   FC 3F 0C 95 06 50 24 5B  Z...nN.!.?...P$[
00D0: 12 5E 1C D2 11 D5 C0 71   14 FE A4 73 8E 4E 15 96  .^.....q...s.N..
00E0: D6 28 95 ED 4E 1E 30 6F   AF 26 B7 03 47 25 9E 6F  .(..N.0o.&..G%.o
00F0: EA 15 0A EB 40 F6 F6 D8   DB 32 DD 64 AD 0F F5 70  ....@....2.d...p

]
[Storing keystore.jks]

[root@ggfwapp1 base_domain]# keytool -export -v -alias server_cert -file "`hostname`-rootCA.der" -keystore keystore.jks -storepass abcdef
Certificate stored in file 

[root@ggfwapp1 base_domain]# keytool -import -v -trustcacerts -alias server_cert -file "`hostname`-rootCA.der"   -keystore trust.jks -storepass abcdef
Owner: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
Issuer: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
Serial number: 585814a1
Valid from: Tue Dec 20 01:10:57 CST 2016 until: Thu Oct 29 01:10:57 CST 2026
Certificate fingerprints:
         MD5:  97:3B:58:6C:D0:22:0F:C3:8C:6E:29:99:2D:44:DB:A3
         SHA1: 3B:BA:5B:56:4D:9B:8D:3B:E8:EF:3A:D7:79:D9:B8:9C:43:30:FF:03
         Signature algorithm name: SHA1withRSA
         Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore
[Storing trust.jks]

CN代表伺服器的IP地址,注意要記錄-alias,-keypass與-storepass引數,因為之後的配置需要使用
Identity Keystore: "/wls12c/user_projects/domains/base_domain/keystore.jks"
Trust Keystore: "/wls12c/user_projects/domains/base_domain/trust.jks"
Alias: server_cert
Store Password: abcdef
Key Password: abcdef
Valid for: 3600 Days (Approx 10 Years)

2.對Weblogic伺服器配置SLL
2.1登入weblogic控制檯

2.2選擇環境->伺服器並點選要配置的伺服器


2.3選擇金鑰庫

2.4選擇金鑰庫?更改選擇 定製標識和定製信任(Custom Identity and Custom Trust)

輸入以下資訊
定製標識密匙庫: keystore.jks
定製標識金鑰庫型別: JKS
定製標識金鑰庫密碼短語: abcdef
確認定製標識金鑰庫密碼短語: abcdef
定製信任金鑰庫: trust.jks
定製信任金鑰庫型別: JKS
定製信任金鑰庫密碼短語: abcdef
確認定製信任金鑰庫密碼短語: abcdef

2.5選擇SSL頁面

私有金鑰別名: server_cert
私有金鑰密碼短語: abcdef
確認私有金鑰密碼短語句: abcdef

2.6點選一般資訊,勾選SSL監聽埠

3.測試透過SSL來訪問weblogic

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26015009/viewspace-2130962/,如需轉載,請註明出處,否則將追究法律責任。

相關文章