WebLogic Server 11g and 12c Configure SSL
最近由於進行安全三級等保,對於web應用要啟用https協議,由於修改應用程式碼需要一些時間,所以選擇使用weblogic的ssl來暫時頂替,對Weblogic 11,12c配置SSL需要執行以下操作:
1.建立金鑰儲存庫和證書
2.對Weblogic伺服器配置SLL
3.測試通過SSL來訪問weblogic
1.建立金鑰儲存庫和證書
[root@ggfwapp1 base_domain]# keytool -genkey -alias server_cert -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "CN=`hostname`,OU=Support,O=Oracle,L=Reading,ST=Berkshire,C=CN" -keypass abcdef -keystore keystore.jks -storepass abcdef -validity 3600
[root@ggfwapp1 base_domain]# keytool -selfcert -v -alias server_cert -keypass abcdef -keystore keystore.jks -storepass abcdef -storetype jks -validity 3600
New certificate (self-signed):
[
[
Version: V3
Subject: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 19602090623719098800636488696565132568971729399292278916627114486591858227333395742468863359051755318713390759458530012565088859559851142124513453375262901573573600161911606667875583835689988346028966122749514073743319097824833258333036879524621784635720260866218245014085664041715662535739270842819315383017303960463560367669088786552196892207222513740073834657274289777601277828585874837302630694982849059492221540794576755294558686273906935420995110081764654613750381617199683694501833519148327516410714923674297363912818905309716955901896590958012374365281839683438007996858276943741295216721069229600336393261499
public exponent: 65537
Validity: [From: Tue Dec 20 01:10:57 CST 2016,
To: Thu Oct 29 01:10:57 CST 2026]
Issuer: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
SerialNumber: [ 585814a1]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 09 FD 21 12 54 58 E6 45 56 C2 B4 FE 79 31 0C EC ..!.TX.EV...y1..
0010: 35 AF E5 14 B8 94 26 39 DB 8F C6 B7 6E E5 03 7B 5.....&9....n...
0020: CF 48 5F 67 9D E6 3E C8 EA 0E 2E A6 B0 DD F6 1C .H_g..>.........
0030: 5B E2 13 93 3D CF F4 80 B1 37 0B EE 0A 4E 2C 89 [...=....7...N,.
0040: CB 24 31 88 0F 0A 47 C9 1F 26 59 33 6C A4 6D 8C .$1...G..&Y3l.m.
0050: A8 4A 7A 93 F7 25 21 9F 0E 61 50 34 8C 63 CF 16 .Jz..%!..aP4.c..
0060: 00 D5 E5 8F AC 2C F0 66 5C 60 1F 37 52 24 85 45 .....,.f\`.7R$.E
0070: BD CF A3 25 02 DF 92 F9 7D 15 D1 48 D7 DD AC D0 ...%.......H....
0080: 5A E1 01 AA 5A BD 99 4B D6 1A 06 CC BB 31 DC 11 Z...Z..K.....1..
0090: 44 39 38 EC B9 56 8B 59 A6 99 34 54 60 D1 F6 79 D98..V.Y..4T`..y
00A0: C1 B5 0A 56 6A 3A 77 8F A0 6F 5C B8 D1 D9 F7 AF ...Vj:w..o\.....
00B0: DE AB 8B 59 FE 76 8E 61 B5 83 F4 F1 F6 04 AC C8 ...Y.v.a........
00C0: 5A B3 FE E5 6E 4E F8 21 FC 3F 0C 95 06 50 24 5B Z...nN.!.?...P$[
00D0: 12 5E 1C D2 11 D5 C0 71 14 FE A4 73 8E 4E 15 96 .^.....q...s.N..
00E0: D6 28 95 ED 4E 1E 30 6F AF 26 B7 03 47 25 9E 6F .(..N.0o.&..G%.o
00F0: EA 15 0A EB 40 F6 F6 D8 DB 32 DD 64 AD 0F F5 70 ....@....2.d...p
]
[Storing keystore.jks]
[root@ggfwapp1 base_domain]# keytool -export -v -alias server_cert -file "`hostname`-rootCA.der" -keystore keystore.jks -storepass abcdef Certificate stored in file
[root@ggfwapp1 base_domain]# keytool -import -v -trustcacerts -alias server_cert -file "`hostname`-rootCA.der" -keystore trust.jks -storepass abcdef
Owner: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
Issuer: CN=ggfwapp1, OU=Support, O=Oracle, L=Reading, ST=Berkshire, C=CN
Serial number: 585814a1
Valid from: Tue Dec 20 01:10:57 CST 2016 until: Thu Oct 29 01:10:57 CST 2026
Certificate fingerprints:
MD5: 97:3B:58:6C:D0:22:0F:C3:8C:6E:29:99:2D:44:DB:A3
SHA1: 3B:BA:5B:56:4D:9B:8D:3B:E8:EF:3A:D7:79:D9:B8:9C:43:30:FF:03
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]: yes
Certificate was added to keystore
[Storing trust.jks]
CN代表伺服器的IP地址,注意要記錄-alias,-keypass與-storepass引數,因為之後的配置需要使用
Identity Keystore: "/wls12c/user_projects/domains/base_domain/keystore.jks"
Trust Keystore: "/wls12c/user_projects/domains/base_domain/trust.jks"
Alias: server_cert
Store Password: abcdef
Key Password: abcdef
Valid for: 3600 Days (Approx 10 Years)
2.對Weblogic伺服器配置SLL
2.1登入weblogic控制檯
2.2選擇環境->伺服器並點選要配置的伺服器
2.3選擇金鑰庫
2.4選擇金鑰庫?更改選擇 定製標識和定製信任(Custom Identity and Custom Trust)
輸入以下資訊
定製標識密匙庫: keystore.jks
定製標識金鑰庫型別: JKS
定製標識金鑰庫密碼短語: abcdef
確認定製標識金鑰庫密碼短語: abcdef
定製信任金鑰庫: trust.jks
定製信任金鑰庫型別: JKS
定製信任金鑰庫密碼短語: abcdef
確認定製信任金鑰庫密碼短語: abcdef
2.5選擇SSL頁面
私有金鑰別名: server_cert
私有金鑰密碼短語: abcdef
確認私有金鑰密碼短語句: abcdef
2.6點選一般資訊,勾選SSL監聽埠
3.測試通過SSL來訪問weblogic
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26015009/viewspace-2130962/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- weblogic配置SSLWeb
- configure shared serverServer
- configure vnc server in linuxVNCServerLinux
- 中介軟體weblogic 12c管理伺服器manage server的日誌logWeb伺服器Server
- 【YEP】專案Oracle考卷後續之Oracle Weblogic Server 11g PassOracleWebServer
- Spring Boot和WebLogic 12cSpring BootWeb
- HTTPS訪問:weblogic下配置SSLHTTPWeb
- git gitlab server install and configureGitlabServer
- Configure the DNS Server for SCAN VIP on LinuxDNSServerLinux
- How to Install and Configure VNC Server in CentOS 7VNCServerCentOS
- Using WebLogic Server With Oracle RAC(轉)WebServerOracle
- BEA交付WebLogic Server虛擬版WebServer
- Weblogic Admin Server , Managed Server記憶體調整WebServer記憶體
- error:14090086:SSL routines:ssl3_get_server_certificateErrorServer
- oracle 12c 匯入11gOracle
- How To Configure Server Side Transparent Application FailoverServerIDEAPPAI
- 修改WebLogic中Managed Server及Admin Server JVM大小 [final]WebServerJVM
- weblogic 11g部署報錯及解決Web
- Oracle 11g升級到12COracle
- MAX-OPEN-SOCK-COUNT weblogic 12C 打補丁方法Web
- 如何解除安裝redhat 5.4上面的weblogic 12cRedhatWeb
- How to Configure the DNS Server for 11gR2 SCAN On LinuxDNSServerLinux
- Weblogic Server連線池建立會話慢WebServer會話
- WebSphere Application Server啟用IHS的SSLWebAPPServer
- Windows下Weblogic 11G叢集安裝與配置WindowsWeb
- 如何刪除lok正常開啟weblogic managed serverWebServer
- 求助:weblogic8.1 : Error 500--Internal Server ErrorWebErrorServer
- 將 WebLogic Server 和 Oracle RAC 一起使用WebServerOracle
- BEA Weblogic Server 北京研發部門招聘廣告WebServer
- Config server pool in oracle 12c racServerOracle
- oracle 11g rman configure retention policy to recovery window of days系列一Oracle
- How to configure password openldap server in Red Hat Enterprise Linux 5?LDAServerLinux
- weblogic管理2 - 建立並啟動一個managed serverWebServer
- WebLogic中修改AdminServer及Managed Server的埠WebServer
- Linux上安裝JDeveloper版Weblogic server 10.3LinuxDeveloperWebServer
- 11g R2 RAC: SERVER POOLSServer
- Oracle 11g/12c 監聽器白名單的配置Oracle
- 角色resource在11g和12c中的區別