OpenSSL Certificate Generation

Create A Keystore with the self signed private key
For the purposes of this document we will have no truck with Verisign or Thawte for signing our keys.

mkdir <jks_path>
cd <jks_path>
keytool -genkey -v -alias <alias> -keyalg rsa -keysize 1024 -dname "CN=<hostname>,OU=IT,O=<company name>,L=<city>,S=<state>,C=US" -validity 7000 -keypass <key_password> -keystore <keystore_name>.jks -storepass <keystore_password>

1. Log into the weblogic console as “system”.
2. In the left hand tree view select “Servers” and then the appropriate server.
3. In the right-hand detail view, select the “General” Tab.
4. Check “SSL Listen Port Enabled” and specify a port.
5. Select the “Keystores & SSL” tab.

You will need the following fields to set up Weblogic in the Weblogic console:

• <jks_path>
• <alias>
• <keystore_name>
• <keystore_password>
• <key_password>

1. Select the “Change” link to specify custom values.
2. For “Specify Keystore Trust” select “Custom Identity and Standard Java Trust”.
3. Select “Continue”.
4. Enter <jks_path>/<keystore_name> for “Custom Identity Key Store File Name”.
5. Enter “JKS” for “Custom Identity Key Store Type”.
6. Enter <keystore_password> for “Custom Identity Key Store Pass Phrase”.

1. For the Standard Java Trust, make sure that the password is blank.
2. Point to $JAVA_HOME/jre/lib/security for the location of the “cacerts” file.

1. Enter <alias> for “Private Key Alias”.
2. Enter <key_password> for “PassPhrase”.

Save Restart the Weblogic Server

cd /etc/apache2/conf/ssl

# generate server key.

openssl genrsa -des3 -rand /dev/urandom -out ./server.key 1024

# remove password for server key

openssl rsa -in ./server.key -out ./server.pem

# generate CSR

openssl req -new -key server.key -out server.csr

# Self Sign the certificate

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

Add the certificates server.pem and server.crt into your web server