tech:unix:openssl_hints
Table of Contents
OpenSSL Certificate Generation
Configuration for Weblogic
Create A Keystore with the self signed private key
For the purposes of this document we will have no truck with Verisign or Thawte for signing our keys.
mkdir <jks_path> cd <jks_path> keytool -genkey -v -alias <alias> -keyalg rsa -keysize 1024 -dname "CN=<hostname>,OU=IT,O=<company name>,L=<city>,S=<state>,C=US" -validity 7000 -keypass <key_password> -keystore <keystore_name>.jks -storepass <keystore_password>
Setting Up the Weblogic Console
- Log into the weblogic console as “system”.
- In the left hand tree view select “Servers” and then the appropriate server.
- In the right-hand detail view, select the “General” Tab.
- Check “SSL Listen Port Enabled” and specify a port.
- Select the “Keystores & SSL” tab.
You will need the following fields to set up Weblogic in the Weblogic console:
- <jks_path>
- <alias>
- <keystore_name>
- <keystore_password>
- <key_password>
Keystore
- Select the “Change” link to specify custom values.
- For “Specify Keystore Trust” select “Custom Identity and Standard Java Trust”.
- Select “Continue”.
- Enter <jks_path>/<keystore_name> for “Custom Identity Key Store File Name”.
- Enter “JKS” for “Custom Identity Key Store Type”.
- Enter <keystore_password> for “Custom Identity Key Store Pass Phrase”.
Trust
- For the Standard Java Trust, make sure that the password is blank.
- Point to $JAVA_HOME/jre/lib/security for the location of the “cacerts” file.
SSL Configuration
- Enter <alias> for “Private Key Alias”.
- Enter <key_password> for “PassPhrase”.
Save Restart the Weblogic Server
Configuration for Apache2
cd /etc/apache2/conf/ssl
# generate server key.
openssl genrsa -des3 -rand /dev/urandom -out ./server.key 1024
# remove password for server key
openssl rsa -in ./server.key -out ./server.pem
# generate CSR
openssl req -new -key server.key -out server.csr
# Self Sign the certificate
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Add the certificates server.pem and server.crt into your web server
tech/unix/openssl_hints.txt · Last modified: 2024/06/21 12:04 by 127.0.0.1