How to Deploy SSL Certificates on Oracle Weblogic

How to Deploy SSL Certificates on Oracle Weblogic

Oracle Weblogic uses the Java Keystore architecture to manage and deploy SSL Certificates. We need to get the certificate from the certifying authority and download the root certificate, intermediate and main certificate out of that.

Steps to deploy:

1) Set Weblogic Environment

/wlserver_10.3/server/bin/setWLSenv.sh

2) Concatenate Certificate with Root Certificate(s) into 1 file

Sequence would as below

Main Signed Cert + CA Intermediate(s) + CA Root

and Save file as: fullcertificate.crt

3) Import Full Cert into identity.jks Keystore

keytool -import -trustcacerts -alias funoracle -file fullcertificate.crt -keystore identity.jks

4) Create Empty Trust Store

This Trust Store will be used to store the Root and Intermediate certificates alone

keytool -genkey -keyalg RSA -alias dummy -keystore truststore.jks

## Answers DO NOT MATTER you will delete this dummy record next

What is your first and last name?

[Unknown]:

What is the name of your organizational unit?

[Unknown]:

What is the name of your organization?

[Unknown]:

What is the name of your City or Locality?

[Unknown]:

What is the name of your State or Province?

[Unknown]:

What is the two-letter country code for this unit?

[Unknown]:

Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?

[no]:  yes

Enter key password for

(RETURN if same as keystore password):

Re-enter new password:

 

5) Delete the DUMMY record

Here we remove the “dummy” alias before importing the Trust chain in the next step.

keytool -delete -alias dummy -keystore truststore.jks

 

6) Import the Trust Cert Chain only from the CRT format

CA Intermediate(s) + CA Root

keytool -import -alias root -file inter.crt -keystore truststore.jks

 

7) In Weblogic Console -> Server

Set SSL Listen Port to 443 and disable Listen port for 80 (if you want to force the server to SSL only). Else no action required

8) In Weblogic Console -> Server

Keystore Tab -> Change to Custom Identity and Trust

For Identity set:

Custom Identity Keystore == C:\Oracle\keystore\identity.jks

Custom Identity Keystore Type == JKS

Custom Identity Keystore Passphrase ==

For Trust set:

Custom Trust Keystore == C:\Oracle\keystore\truststore.jks

Custom Trust Keystore Type == JKS

Custom Trust Keystore Passphrase ==

9) In Weblogic Console -> Server

In SSL Tab

Set Private Key Alias == portal

Set Private Key Passphrase ==

In the Advanced Section set Use JSSE SSL on