User Tools

Site Tools


tech:unix:openssl_hints

OpenSSL Certificate Generation

Configuration for Weblogic

Create A Keystore with the self signed private key
For the purposes of this document we will have no truck with Verisign or Thawte for signing our keys.

mkdir <jks_path>
cd <jks_path>
keytool -genkey -v -alias <alias> -keyalg rsa -keysize 1024 -dname "CN=<hostname>,OU=IT,O=<company name>,L=<city>,S=<state>,C=US" -validity 7000 -keypass <key_password> -keystore <keystore_name>.jks -storepass <keystore_password>

Setting Up the Weblogic Console

  1. Log into the weblogic console as “system”.
  2. In the left hand tree view select “Servers” and then the appropriate server.
  3. In the right-hand detail view, select the “General” Tab.
  4. Check “SSL Listen Port Enabled” and specify a port.
  5. Select the “Keystores & SSL” tab.

You will need the following fields to set up Weblogic in the Weblogic console:

  • <jks_path>
  • <alias>
  • <keystore_name>
  • <keystore_password>
  • <key_password>
Keystore
  1. Select the “Change” link to specify custom values.
  2. For “Specify Keystore Trust” select “Custom Identity and Standard Java Trust”.
  3. Select “Continue”.
  4. Enter <jks_path>/<keystore_name> for “Custom Identity Key Store File Name”.
  5. Enter “JKS” for “Custom Identity Key Store Type”.
  6. Enter <keystore_password> for “Custom Identity Key Store Pass Phrase”.
Trust
  1. For the Standard Java Trust, make sure that the password is blank.
  2. Point to $JAVA_HOME/jre/lib/security for the location of the “cacerts” file.
SSL Configuration
  1. Enter <alias> for “Private Key Alias”.
  2. Enter <key_password> for “PassPhrase”.

Save Restart the Weblogic Server

Configuration for Apache2

cd /etc/apache2/conf/ssl

# generate server key.

openssl genrsa -des3 -rand /dev/urandom -out ./server.key 1024

# remove password for server key

openssl rsa -in ./server.key -out ./server.pem

# generate CSR

openssl req -new -key server.key -out server.csr

# Self Sign the certificate

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

Add the certificates server.pem and server.crt into your web server

tech/unix/openssl_hints.txt · Last modified: 2024/02/21 19:09 by 127.0.0.1

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki