Hello There,
Sometimes it sounds difficult to configure the Apache to WebLogic Over SSL, We may end up in lot of troubles with SSL Certificates in WebLogic as well as Apache Web Server.
Here are some simple steps to configure the Apache Web Server with WebLogic Over SSL.
Prerequisites :
1. Install WebLogic Application Server
2. Install Apache Web Server with OpenSSL included as we need OpenSSL library to generate certificates.
Steps to Follow : Apache SSL :
Step 1. Create a Private Key and Certificate Signing Request with OpenSSL
Go to Directory : C:\Program Files\Apache Software Foundation\Apache2.2\bin
C:\Program Files\Apache Software Foundation\Apache2.2\bin>openssl genrsa -out localhost.key 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
..........++++++
................++++++
e is 65537 (0x10001)
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
..........++++++
................++++++
e is 65537 (0x10001)
You can change the bits size to more value as per your requirements, if you want to have more secure encryption select the value larger than 1024.
>>>>localhost.key got created.
You can extract the Public Key From this file as below.
C:\Program Files\Apache Software Foundation\Apache2.2\bin>openssl rsa -in localhost.key -pubout
writing RSA key
writing RSA key
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN+yNAZpk4tFdP8S7DAi3JGGiq
/rWas87+zNH0ii3j0Iatx59SEkGPA7NmjkNtDHrATYLtsMp6wQPY2pIXz9CRmW4Y
1ljS/IYbMAgeJ9NwZWPdzz1JIVZ+4qpsa+t2tMsIIPxCBphi/bAi2j04e/YGEtQe
IRlXaqNcKXmWdH2cFwIDAQAB
-----END PUBLIC KEY-----
Private Key (localhost.key) will look like as below.
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDN+yNAZpk4tFdP8S7DAi3JGGiq/rWas87+zNH0ii3j0Iatx59S
EkGPA7NmjkNtDHrATYLtsMp6wQPY2pIXz9CRmW4Y1ljS/IYbMAgeJ9NwZWPdzz1J
IVZ+4qpsa+t2tMsIIPxCBphi/bAi2j04e/YGEtQeIRlXaqNcKXmWdH2cFwIDAQAB
AoGBAJz+oESyrnAQzEerHSgXHgya5RQHpSUvjUKZnCEVvJpZ0nzbnKwyK/O0L2Wo
Yu3XyCuQKI2/5OQg/yymkxlBFMa2kcuXutvqbZTgLbusZKCfK8PDUIpGY/ktlNCl
1j81X1QW58j0dOK5kyz38T4sj4FLlnlV0A+tL+31MQtJtnN5AkEA62cuynEZWt8y
wdWyWSENMMhU3AclCk7GROxm3zp+VSnlvsV8Uz9Rn1rR3XNRdG5JkyL9q7UH0s5l
dXTdroYuFQJBAOAA7Wk0MojNpsunXAl9Uq2nSscqXaOiRgcwjKRO1LcxXD5zwsCg
rxlUmefaFOD937ucFsajBKdbi8jLlzdFmHsCQQCwgpUmPPnrFpNjno31oP/YBU8E
EONoQDsQ8UYNujmCOEFJ86DOdxsH5zyX1WFNcWj/x+v39W0hV5viH7gdpgUlAkBH
uQRLQyNLGk3lt1iI0U+/umj/DFmfIz443xqpIXSKk4ttk7Mv6kMmYShGTFWTFLam
Y3wHbfr3eyBu0oFAeVAxAkAlin/Q/okqPDE+uRzi7BazXCWoxvLu+Mgw8U9tcNMh
oc1UJk6weELQVPTEbfE3d7vG/vB5MAF6qoIG1eneensr
-----END RSA PRIVATE KEY-----
MIICXQIBAAKBgQDN+yNAZpk4tFdP8S7DAi3JGGiq/rWas87+zNH0ii3j0Iatx59S
EkGPA7NmjkNtDHrATYLtsMp6wQPY2pIXz9CRmW4Y1ljS/IYbMAgeJ9NwZWPdzz1J
IVZ+4qpsa+t2tMsIIPxCBphi/bAi2j04e/YGEtQeIRlXaqNcKXmWdH2cFwIDAQAB
AoGBAJz+oESyrnAQzEerHSgXHgya5RQHpSUvjUKZnCEVvJpZ0nzbnKwyK/O0L2Wo
Yu3XyCuQKI2/5OQg/yymkxlBFMa2kcuXutvqbZTgLbusZKCfK8PDUIpGY/ktlNCl
1j81X1QW58j0dOK5kyz38T4sj4FLlnlV0A+tL+31MQtJtnN5AkEA62cuynEZWt8y
wdWyWSENMMhU3AclCk7GROxm3zp+VSnlvsV8Uz9Rn1rR3XNRdG5JkyL9q7UH0s5l
dXTdroYuFQJBAOAA7Wk0MojNpsunXAl9Uq2nSscqXaOiRgcwjKRO1LcxXD5zwsCg
rxlUmefaFOD937ucFsajBKdbi8jLlzdFmHsCQQCwgpUmPPnrFpNjno31oP/YBU8E
EONoQDsQ8UYNujmCOEFJ86DOdxsH5zyX1WFNcWj/x+v39W0hV5viH7gdpgUlAkBH
uQRLQyNLGk3lt1iI0U+/umj/DFmfIz443xqpIXSKk4ttk7Mv6kMmYShGTFWTFLam
Y3wHbfr3eyBu0oFAeVAxAkAlin/Q/okqPDE+uRzi7BazXCWoxvLu+Mgw8U9tcNMh
oc1UJk6weELQVPTEbfE3d7vG/vB5MAF6qoIG1eneensr
-----END RSA PRIVATE KEY-----
For Creating Private Key you can use DES encryption Mechanism as below
C:\Program Files\Apache Software Foundation\Apache2.2\bin>openssl genrsa -des3 -out localhost.key 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
............++++++
.....................................................................++++++
e is 65537 (0x10001)
Enter pass phrase for localhost1.key:**********
Verifying - Enter pass phrase for localhost1.key:**********
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
............++++++
.....................................................................++++++
e is 65537 (0x10001)
Enter pass phrase for localhost1.key:**********
Verifying - Enter pass phrase for localhost1.key:**********
While we configure this key in Apache, for every start the server asks for the password we have given, so to avoid this we remove the password from this as below.
Rename localhost.key to localhost.key.secure
C:\Program Files\Apache Software Foundation\Apache2.2\bin>openssl rsa -in localhost.key.secure -out localhost.key
Enter pass phrase for localhost1.key.secure:
writing RSA key
Enter pass phrase for localhost1.key.secure:
writing RSA key
Now we have a private key without password.
Step 2 . Create Certificate Signing Request
C:\Program Files\Apache Software Foundation\Apache2.2\bin>openssl req -new -config "C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf" -key localhost.key -out localhost.csr
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Karnataka
Locality Name (eg, city) []:Bangalore
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SDyade
Organizational Unit Name (eg, section) []:Technology
Common Name (eg, YOUR name) []:localhost
Email Address []:admin@localhost.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Karnataka
Locality Name (eg, city) []:Bangalore
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SDyade
Organizational Unit Name (eg, section) []:Technology
Common Name (eg, YOUR name) []:localhost
Email Address []:admin@localhost.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Specify the details as per your requirements as in above, CN should be same as you will specify at the server side (WebLogic Server to Perform the One-Way SSL Communication)
Now we have one more file created that is : localhost.csr, now with this file you can sign your own certificate or you can send it to a Public CA to sign it for you, well we will see both options.
Step 3. Signing the Certificate
Self Signing the Certificate :
C:\Program Files\Apache Software Foundation\Apache2.2\bin>openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
Loading 'screen' into random state - done
Signature ok
subject=/C=IN/ST=Karnataka/L=Bangalore/O=SDyade/OU=Technology/CN=localhost/emailAddress=admin@localhost.com
Getting Private key
Loading 'screen' into random state - done
Signature ok
subject=/C=IN/ST=Karnataka/L=Bangalore/O=SDyade/OU=Technology/CN=localhost/emailAddress=admin@localhost.com
Getting Private key
You have received the Signed Certificate as localhost.crt, Which is a Self Signed Certificate Contents of the certificates is as below.
-----BEGIN CERTIFICATE-----
MIICnzCCAggCCQDpllYtvJcQLTANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC
SU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ8wDQYD
VQQKEwZTRHlhZGUxEzARBgNVBAsTClRlY2hub2xvZ3kxEjAQBgNVBAMTCWxvY2Fs
aG9zdDEiMCAGCSqGSIb3DQEJARYTYWRtaW5AbG9jYWxob3N0LmNvbTAeFw0xMTA2
MTExOTQ5NDBaFw0xMjA2MTAxOTQ5NDBaMIGTMQswCQYDVQQGEwJJTjESMBAGA1UE
CBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxDzANBgNVBAoTBlNEeWFk
ZTETMBEGA1UECxMKVGVjaG5vbG9neTESMBAGA1UEAxMJbG9jYWxob3N0MSIwIAYJ
KoZIhvcNAQkBFhNhZG1pbkBsb2NhbGhvc3QuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDN+yNAZpk4tFdP8S7DAi3JGGiq/rWas87+zNH0ii3j0Iatx59S
EkGPA7NmjkNtDHrATYLtsMp6wQPY2pIXz9CRmW4Y1ljS/IYbMAgeJ9NwZWPdzz1J
IVZ+4qpsa+t2tMsIIPxCBphi/bAi2j04e/YGEtQeIRlXaqNcKXmWdH2cFwIDAQAB
MA0GCSqGSIb3DQEBBQUAA4GBALUy/L9x6BNiSqzdgeELV9YVC+yOnaWBZ+gQEBgU
T+RcQ6LuqCeHG3P3m93oLDBFQGOzf30CRhTFc5Uy/SyU0s2RmjRiXRJducGL5Dac
BwVjYOWz7Z9aT4XCIRgKSgS8J9Vd33/RYCjmjstyxlW4Xejbk6WWHxG1rVKjTjKm
A2iB
-----END CERTIFICATE-----
MIICnzCCAggCCQDpllYtvJcQLTANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC
SU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ8wDQYD
VQQKEwZTRHlhZGUxEzARBgNVBAsTClRlY2hub2xvZ3kxEjAQBgNVBAMTCWxvY2Fs
aG9zdDEiMCAGCSqGSIb3DQEJARYTYWRtaW5AbG9jYWxob3N0LmNvbTAeFw0xMTA2
MTExOTQ5NDBaFw0xMjA2MTAxOTQ5NDBaMIGTMQswCQYDVQQGEwJJTjESMBAGA1UE
CBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxDzANBgNVBAoTBlNEeWFk
ZTETMBEGA1UECxMKVGVjaG5vbG9neTESMBAGA1UEAxMJbG9jYWxob3N0MSIwIAYJ
KoZIhvcNAQkBFhNhZG1pbkBsb2NhbGhvc3QuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDN+yNAZpk4tFdP8S7DAi3JGGiq/rWas87+zNH0ii3j0Iatx59S
EkGPA7NmjkNtDHrATYLtsMp6wQPY2pIXz9CRmW4Y1ljS/IYbMAgeJ9NwZWPdzz1J
IVZ+4qpsa+t2tMsIIPxCBphi/bAi2j04e/YGEtQeIRlXaqNcKXmWdH2cFwIDAQAB
MA0GCSqGSIb3DQEBBQUAA4GBALUy/L9x6BNiSqzdgeELV9YVC+yOnaWBZ+gQEBgU
T+RcQ6LuqCeHG3P3m93oLDBFQGOzf30CRhTFc5Uy/SyU0s2RmjRiXRJducGL5Dac
BwVjYOWz7Z9aT4XCIRgKSgS8J9Vd33/RYCjmjstyxlW4Xejbk6WWHxG1rVKjTjKm
A2iB
-----END CERTIFICATE-----
You can view contents of the certificate with below command as well.
openssl x509 -text -in localhost.crt
You can use this certificate to configure the Apache Web Server to Secure the Connection.
-- Install the certificate to the System Certificate Store by double clicking on the file as below.
However we have one more method to sign the certificate, i.e. from a Public CA.
Here we will choose most popular CA as VeriSign. and for testing purpose they are providing the Trial SSL Certificate, so this should be helpful for us to test here.
Click on following URL and enter all basic information :
https://securitycenter.verisign.com/celp/enroll/retail
https://securitycenter.verisign.com/celp/enroll/processWelcome -- Enter Details here.
Click on continue
Select the Server Platform as Apache and in the empty box just below of this enter the content of localhost.csr file. (Of course without copying any extra spaces)
Note : This Option is Optional and You can select as Server Not Listed to
Select the Usage as Web Server and Click on Continue, Next Screen will ask you to confirm the certificate signing request on the basis of common name you have entered, please verify the same.
Add the Challenge Phrase which will help in keeping track of the certificates and which will be asked during renewal of this certificate.
Click Continue to Summery of your Order --> Click Continue --> Order Confirmation.
Waif for 5 Minutes you will receive a mail from support@Verisign as below.
ORDER NUMBER: 500210255
COMMON NAME: LOCALHOST
Dear Shailesh Dyade,
Congratulations! VeriSign has approved your request for a Trial SSL Certificate, and is included at the end of this email.
In order for your Trial SSL Certificate to function properly, perform all the 3 steps below:
Step 1. Download and install the Test Root CA Certificate.
Open the link below and follow the steps to install the Root certificate in your internet browser:
Step 2. Download the Trial SSL Intermediate CA Certificate.
To download the Trial Intermediate CA on each Web server you are testing with, go to:
http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html
Note: Microsoft Internet Information Services (IIS) 5.0 and above automatically installs the Intermediate CA Certificate when you install the SSL Certificate and does not require separate installation and can skip this step. All other Web servers require you to install the Intermediate CA separately.
Step 3. Install the Intermediate CA and your Trial SSL certificate:
For detailed installation instructions for your Trial SSL Certificate and the Intermediate CA, go to:
Also, please visit the VeriSign Support Web site, where you will find a range of support tools to help you: http://www.verisign.com/support/sslsupport.
Note: After testing your Trial SSL Certificate, you will need to purchase a full-service Secure Site SSL Certificate.
As VeriSign has a full range of products to choose from, a sales representative will contact you to assist in implementing an appropriate security solution specific to your business requirements. Should you wish to contact our sales person immediately, please dial 866.893.6565 or 650.426.5112 option 3 or send an email to internet-sales@verisign.com
Thank you for your interest in VeriSign!
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIQaiFuJZztPRKT9ctIEZrI+jANBgkqhkiG9w0BAQUFADCB
yzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL
EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xQjBABgNV
BAsTOVRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3Bz
L3Rlc3RjYSAoYykwOTEtMCsGA1UEAxMkVmVyaVNpZ24gVHJpYWwgU2VjdXJlIFNl
cnZlciBDQSAtIEcyMB4XDTExMDYxMjAwMDAwMFoXDTExMDcxMjIzNTk1OVowgacx
CzAJBgNVBAYTAklOMRIwEAYDVQQIEwlLYXJuYXRha2ExEjAQBgNVBAcUCUJhbmdh
bG9yZTELMAkGA1UEChQCU0QxEzARBgNVBAsUClRlY2hub2xvZ3kxOjA4BgNVBAsU
MVRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMp
MDUxEjAQBgNVBAMUCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAtJkS//T0w6Z8239NJcEyDym8vth7T5rk9vHHhJI9axqraaOUC8Z4/4iHMym7
P1yAZiK76pVWjrpSs8bWVgw+JXdR8+TO2MpXJbj96cPszKJSsE1Ov8K59GOrbwpX
HvHx8iFuYVVXz9QGEHwnRQV1dfXYxta8SRccihHwZMkdON0CAwEAAaOCAdMwggHP
MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6
Ly9TVlJUcmlhbC1HMi1jcmwudmVyaXNpZ24uY29tL1NWUlRyaWFsRzIuY3JsMEoG
A1UdIARDMEEwPwYKYIZIAYb4RQEHFTAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3
dy52ZXJpc2lnbi5jb20vY3BzL3Rlc3RjYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwHwYDVR0jBBgwFoAUKBcTir3WorXcBiy3to7aEGZgbuUwdAYIKwYB
BQUHAQEEaDBmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20w
PgYIKwYBBQUHMAKGMmh0dHA6Ly9TVlJUcmlhbC1HMi1haWEudmVyaXNpZ24uY29t
L1NWUlRyaWFsRzIuY2VyMG4GCCsGAQUFBwEMBGIwYKFeoFwwWjBYMFYWCWltYWdl
L2dpZjAhMB8wBwYFKw4DAhoEFEtruSiWBgy70FI4mymsSweLIQUYMCYWJGh0dHA6
Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28xLmdpZjANBgkqhkiG9w0BAQUFAAOC
AQEAsJUlJwz5zYDoCUrtn7GXPgDLSh2n0auCMTHRjbCikqIGKAzot3xpL5jIAq5I
bVjPIcp438zmimylWRYgQT9yzljbz4TKplHXYpH1VullBVm8bS5g7ShQ7W746jPa
SeU19vERqBc8k42/gzE280oDZIT0OyPQ+KdBLi0o+reObeToRykLkZU0rKaXTbyW
T4/e4tvaAZn0WMhHVWaEdvLiaho12I/jLSQ2TFrFsVGH0QSvxUTzWO8SByDyoNrA
2RXleLudru1I5zeaL0YT0t0lFZ3Lfye04J/CUHngs5PBH7eHhTEyR/9bs+dRhQdn
felgP0VjvhJTv7oEZpv5ET0ryw==
-----END CERTIFICATE-----
Now we are all set, we have Root CA certificate, Signed Certificate and Intermediate CA Certificate
Create a Directory called SSL in Apache's Home Directory to keep all the SSL related files.
Copy localhost.key, localhost.csr to this directory and copy the certificates provided by Verisign to this directory
As per the mail you have received your Public Certificate Already pasted in the email, copy it and save it to SSL directory with name localhost.cer,download the Intermediate CA Certificate as per the instructions explained in the email rename both certificates as RootCA.cer and IntermediateCA.cer
Copy all files obtained above to SSL directory created
Now the Time to Configure Apache Web Server.
Step 4. Open httpd.conf and carry out following changes.
** Uncomment the line LoadModule ssl_module modules/mod_ssl.so as it will load the SSL libraries for Apache to work in SSL mode.
** Uncomment Include line as below.
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-ssl.conf
Step 5 : Open httpd-ssl.conf file in conf/extra directory and carry out following modifications.
Enable SSLEngine if it is Disabled
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLEngine on
Enable and perform necessary changes for
SSLCertificateFile
SSLCertificateKeyFile
SSLCertificateChainFile
SSLCACertificateFile
Add the path for localhost.cer, localhost.key, IntermidateCA.cer and RootCA.cer for the Above Parameters and Uncomment them Respectively.
Restart the server, You are All Set Now.!!
Verify the Logs, It should start listening to 443 along with 80, if you get to see some warning messages like
[Sun Jun 12 11:59:20 2011] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
[Sun Jun 12 11:59:20 2011] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
[Sun Jun 12 11:59:20 2011] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
its httpd-ssl.conf file, Verify the ServerName Parameter in this file to troubleshoot this
Access the URL : https://localhost/
To Verify the Certificate Information : Click on View Certificate.
Apache is Secure Now..!!
Turn for WebLogic Application Server
Note : It is Assumed here that you have already installed the WebLogic Application Server - I am experimenting WebLogic Application Server 10.3.2
Follow the below steps to Secure the WebLogic Application Server
Step 1. Generate Selft Signed Certificate and Private Key
To Work On SSL Oracle Recommends to use "keytool" utility which comes with Java SE.
D:\>keytool -v -genkey -alias server_cert -keyalg RSA -keysize 1024 -dname "CN=localhost ,OU=Technology, O=SD, L=Bangalore, S=Karnataka, C=IN" -keypass <secret-key-passphrase> -keystore localhost.jks -storepass <secret-store-password>
This command will create a self signed certificate and a private key, whose (both of them) pass phrase is secret-key-pass phrase using a 1024 bit RSA algorithm and stores them in the keystore file called localhost.jks, whose password is secret-store-password under the alias server_cert.
Note : CN Should be same as the client which is going to connect to it, normally you can set it a host name.
Step 2. Generate a Certificate Signing Request for a Public CA and Submit.
D:\>keytool -certreq -v -alias server_cert -file localhost.pem -keypass secret_key_passphrase -storepas secret_store_password -keystore localhost.jks
The PEM File has the Certificate Signing Request, Open it and copy the contents to CA like Verisign
Provide the Basic Contact Information as you have provided During Certificate Order for Apache.
There, this time you will not find the Server Listed As WebLogic - Select Server Not Listed and Enter WebLogic Application Server in the Box Below (optional).
Paste the CSR contents and Provide the Challenge Pass Phrase to Manage the certificates in future
Submit the Order.
Wait for 5 Minutes, You should receive the confirmation of Order Processed.
You will receive following information Via Email.
ORDER NUMBER: 500166976
COMMON NAME: LOCALHOST
Dear Shailesh Dyade,
Congratulations! VeriSign has approved your request for a Trial SSL Certificate, and is included at the end of this email.
In order for your Trial SSL Certificate to function properly, perform all the 3 steps below:
Step 1. Download and install the Test Root CA Certificate.
Open the link below and follow the steps to install the Root certificate in your internet browser:
Step 2. Download the Trial SSL Intermediate CA Certificate.
To download the Trial Intermediate CA on each Web server you are testing with, go to:
http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html
Note: Microsoft Internet Information Services (IIS) 5.0 and above automatically installs the Intermediate CA Certificate when you install the SSL Certificate and does not require separate installation and can skip this step. All other Web servers require you to install the Intermediate CA separately.
Step 3. Install the Intermediate CA and your Trial SSL certificate:
For detailed installation instructions for your Trial SSL Certificate and the Intermediate CA, go to:
Also, please visit the VeriSign Support Web site, where you will find a range of support tools to help you: http://www.verisign.com/support/sslsupport.
Note: After testing your Trial SSL Certificate, you will need to purchase a full-service Secure Site SSL Certificate.
As VeriSign has a full range of products to choose from, a sales representative will contact you to assist in implementing an appropriate security solution specific to your business requirements. Should you wish to contact our sales person immediately, please dial 866.893.6565 or 650.426.5112 option 3 or send an email to internet-sales@verisign.com
Thank you for your interest in VeriSign!
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIQY5sr60NXl03Mjr/KNu8L+zANBgkqhkiG9w0BAQUFADCB
yzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL
EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xQjBABgNV
BAsTOVRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3Bz
L3Rlc3RjYSAoYykwOTEtMCsGA1UEAxMkVmVyaVNpZ24gVHJpYWwgU2VjdXJlIFNl
cnZlciBDQSAtIEcyMB4XDTExMDYxMTAwMDAwMFoXDTExMDcxMTIzNTk1OVowgbYx
CzAJBgNVBAYTAklOMRIwEAYDVQQIEwlLYXJuYXRha2ExEjAQBgNVBAcUCUJhbmdh
bG9yZTEaMBgGA1UEChQRU2hhaWxlc2hEeWFkZS5jb20xEzARBgNVBAsUClRlY2hu
b2xvZ3kxOjA4BgNVBAsUMVRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29t
L2Nwcy90ZXN0Y2EgKGMpMDUxEjAQBgNVBAMUCWxvY2FsaG9zdDCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAsj4NZrE/JElan2S51aB2sC2xF15eAyGCohz2Tmed
zPxlb7CBMGaG9ijQ8ai7Ui2eyZ8B51fzhD5MCtFNUdBDKbRWBl4/ODdUQ4dIPRYw
NS0/6hZJIL2PvaWADk/QXkyAUGD0eYUP5Lh/xrlSvkUJyO5hL8Vx+9iICs8O2X6p
ROcCAwEAAaOCAdMwggHPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEMGA1UdHwQ8
MDowOKA2oDSGMmh0dHA6Ly9TVlJUcmlhbC1HMi1jcmwudmVyaXNpZ24uY29tL1NW
UlRyaWFsRzIuY3JsMEoGA1UdIARDMEEwPwYKYIZIAYb4RQEHFTAxMC8GCCsGAQUF
BwIBFiNodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzL3Rlc3RjYTAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUKBcTir3WorXcBiy3
to7aEGZgbuUwdAYIKwYBBQUHAQEEaDBmMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC52ZXJpc2lnbi5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9TVlJUcmlhbC1HMi1h
aWEudmVyaXNpZ24uY29tL1NWUlRyaWFsRzIuY2VyMG4GCCsGAQUFBwEMBGIwYKFe
oFwwWjBYMFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFEtruSiWBgy70FI4myms
SweLIQUYMCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28xLmdpZjAN
BgkqhkiG9w0BAQUFAAOCAQEAZprRG9MOx7IKemCIWt9GVboRYS1McvmVjDAIT8Op
3gRV0Oj883PLAbZ/SLfHL108ZNHmSG3Nktly2wqrxa3XHc2CsHl3wcHIRjs9R5vD
dPHHD19Pr0xpMss1dKy5HEfR6N60OHCthewXAGOQmy8mkQXW0cSVkTLXG+4ZVtNK
BdalegZzI3EODrmR4t91hUfpKR8Y21aL/2cbaPI2GJbWnE5Yj51rBVoJV9qRsLFq
J9zVw6yQGQ6Hr0I9zs6PiwRbK4b97iIB407vYF/KIJQlXTR6SkygP350FpWmoPzN
Ia8tJQ0QIcI719WX/a8wQKFtjCKoIbPAla6aHPVw/SDoeg==
-----END CERTIFICATE-----
Copy the necessary files as below, copy the certificates with .pem extensions as we need to import all of the certificates to our keystore.
RootCA.pem -- Download Lik
IntermediateCA.pem -- Download Link
localhostCA.pem - Certificate Pasted in the Email
Step 3: Import All necessary certificates into Keystore.
Import RootCA.pem
D:\>keytool -import -alias verisignCA -file RootCA.pem -keystore localhost.jks -trustcacerts
Import IntermediateCA.pem
D:\>keytool -import -alias verisignIntermediateCA -file IntermediateCA.pem -keystore localhost.jks -trustcacerts
Import localhostCA.pem
D:\>keytool -import -alias server_cert -file localhostCA.pem -keystore localhost.jks -trustcacerts
Now the jks file has all three certificates, to view the JKS file contents, execute the below command.
D:\>keytool -list -keystore localhost.jks -v
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
Alias name: server_cert
Creation date: Jun 12, 2011
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=localhost, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=Technology, O=ShaileshDyade.com, L=Bangalore, ST=Karnataka, C=IN
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 639b2beb4357974dcc8ebfca36ef0bfb
Valid from: Sat Jun 11 05:30:00 IST 2011 until: Tue Jul 12 05:29:59 IST 2011
Certificate fingerprints:
MD5: 62:3D:87:C3:B0:46:32:5F:25:66:96:64:84:E5:80:7C
SHA1: 5B:CE:E0:61:CE:16:07:ED:78:88:86:F0:73:9E:DE:10:0B:75:F0:76
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.verisign.com, accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://SVRTrial-G2-aia.verisign.com/SVRTrialG2.cer]
]
#3: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRTrial-G2-crl.verisign.com/SVRTrialG2.crl]
]]
#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.21]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 23 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 .#https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 2F 74 risign.com/cps/t
0020: 65 73 74 63 61 estca
]] ]
]
#6: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
#7: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#8: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 17 13 8A BD D6 A2 B5 DC 06 2C B7 B6 8E DA 10 (.........,.....
0010: 66 60 6E E5 f`n.
]
]
Certificate[2]:
Owner: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 7e3bb784bbc654abd2b8d677ecc394a8
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Mon Apr 01 05:29:59 IST 2019
Certificate fingerprints:
MD5: 71:13:D9:3A:CD:21:F2:EE:9F:59:17:8D:A6:F9:AE:14
SHA1: BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A:7F:B0
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 28 17 13 8A BD D6 A2 B5 DC 06 2C B7 B6 8E DA 10 (.........,.....
0010: 66 60 6E E5 f`n.
]
]
#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.verisign.com]
]
#5: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
#6: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.verisign.com/SVRTrialRootG2.crl]
]]
#7: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.21]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 24 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 .$https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 2F 74 risign.com/cps/t
0020: 65 73 74 63 61 2F estca/
]] ]
]
#8: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 19 E7 92 6F 92 9D 34 63 99 C0 F0 99 C8 D6 A5 H...o..4c.......
0010: 8C 8C 7F 65 ...e
]
]
Certificate[3]:
Owner: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 168164a428ca12dfab12f19fb1b93554
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Sun Apr 01 05:29:59 IST 2029
Certificate fingerprints:
MD5: E0:19:F5:FC:C0:9A:13:0E:38:B7:BF:0D:02:40:D3:C2
SHA1: 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA:D3:01:B9:36
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 19 E7 92 6F 92 9D 34 63 99 C0 F0 99 C8 D6 A5 H...o..4c.......
0010: 8C 8C 7F 65 ...e
]
]
#4: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
*******************************************
*******************************************
Alias name: verisignca
Creation date: Jun 11, 2011
Entry type: trustedCertEntry
Owner: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 168164a428ca12dfab12f19fb1b93554
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Sun Apr 01 05:29:59 IST 2029
Certificate fingerprints:
MD5: E0:19:F5:FC:C0:9A:13:0E:38:B7:BF:0D:02:40:D3:C2
SHA1: 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA:D3:01:B9:36
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 19 E7 92 6F 92 9D 34 63 99 C0 F0 99 C8 D6 A5 H...o..4c.......
0010: 8C 8C 7F 65 ...e
]
]
#4: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
*******************************************
*******************************************
Alias name: verisignintermediateca
Creation date: Jun 12, 2011
Entry type: trustedCertEntry
Owner: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 7e3bb784bbc654abd2b8d677ecc394a8
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Mon Apr 01 05:29:59 IST 2019
Certificate fingerprints:
MD5: 71:13:D9:3A:CD:21:F2:EE:9F:59:17:8D:A6:F9:AE:14
SHA1: BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A:7F:B0
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 28 17 13 8A BD D6 A2 B5 DC 06 2C B7 B6 8E DA 10 (.........,.....
0010: 66 60 6E E5 f`n.
]
]
#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.verisign.com]
]
#5: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
#6: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.verisign.com/SVRTrialRootG2.crl]
]]
#7: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.21]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 24 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 .$https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 2F 74 risign.com/cps/t
0020: 65 73 74 63 61 2F estca/
]] ]
]
#8: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 19 E7 92 6F 92 9D 34 63 99 C0 F0 99 C8 D6 A5 H...o..4c.......
0010: 8C 8C 7F 65 ...e
]
]
*******************************************
*******************************************
Copy all the files to a directory under domain's security folder called SSL
Step 4 : Setup SSL @ WebLogic
Start WebLogic Application Server
Open Admin Console : http://localhost:7001/console
Go to Servers and Click on Admin Server -- Enable SSL Listen Port Enabled - Specify the Port You Like ( Not Already used for other applications)
Click on Keystore Tab and Configure the JKS file as below.
==Keystore Drop down list : Custom Identity and Custom Trust
==Identity
--Custom Identity Keystore : D:\Oracle\Middleware\WebLogic\10.3.2.0\user_projects\domains\SSLDomain\security\ssl\localhost.jks
--Custom Identity Keystore Type : JKS
--Custom Identity Keystore Pass phrase : <provide secret-store-password>
--Confirm Custom Identity Keystore pass phrase :
<provide secret-store-password>
==Trust
--Custom Trust KeyStore :
D:\Oracle\Middleware\WebLogic\10.3.2.0\user_projects\domains\SSLDomain\security\ssl\localhost.jks
-- Custom Trust Keystore Type : JKS
-- Custom Trust Keystore Pass Phrase :
<provide secret-store-password>
-- Confirm Custom Trust Keystore Pass Phrase :
<provide secret-store-password>
Click on SSL TAB on Same Window
Selct Keystore from dropdown list, if it is not selected already.
Private Key Alias : server_cert.
Private Key Pass phrase : <provide secrete-key-pass phrase>
Confirm Private key Pass Phrase :
<provide secrete-key-pass phrase>
Save and Activate the Changes, These changes require server to be restarted.
Step 5 :Restart the Server, Watch the server logs (standard out) , you will notice that the SSL certificates are being loaded as below.
<Jun 12, 2011 12:10:37 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server st
ate changed to RUNNING>
<Jun 12, 2011 12:10:37 AM IST> <Notice> <WebLogicServer> <BEA-000360> <Server st
arted in RUNNING mode>
Jun 12, 2011 12:10:50 AM com.sun.faces.config.ConfigureListener contextInitializ
ed
INFO: Initializing Sun's JavaServer Faces implementation (1.2_03-b04-FCS) for co
ntext '/console'
Jun 12, 2011 12:10:50 AM com.sun.faces.config.ConfigureListener contextInitializ
ed
INFO: Completed initializing Sun's JavaServer Faces implementation (1.2_03-b04-F
CS) for context '/console'
<Jun 12, 2011 12:12:13 AM IST> <Notice> <Security> <BEA-090171> <Loading the ide
ntity certificate and private key stored under the alias server_cert from the JK
S keystore file D:\Oracle\Middleware\WebLogic\10.3.2.0\user_projects\domains\SSL
Domain\ssl\localhost.jks.>
<Jun 12, 2011 12:12:13 AM IST> <Notice> <WebLogicServer> <BEA-000298> <Certifica
te expires in 30 days: [
[
Version: V3
Subject: CN=localhost, OU=Terms of use at www.verisign.com/cps/testca (c)05, O
U=Technology, O=ShaileshDyade.com, L=Bangalore, ST=Karnataka, C=IN
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 125166064223918740103135538364051069413035268843048816348233294889464
47389259045006580903643962498040168327614154210422321966349873770835910377449019
67389372014634148365944745284556149233024578141583537905525151274406327216596630
72490622103039248399486161011404191623368319938835558811763309087964299373659367
public exponent: 65537
Validity: [From: Sat Jun 11 05:30:00 IST 2011,
To: Tue Jul 12 05:29:59 IST 2011]
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://ww
w.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O
="VeriSign, Inc.", C=US
SerialNumber: [ 639b2beb 4357974d cc8ebfca 36ef0bfb]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 62 30 60 A1 5E A0 5C 30 5A 30 58 30 56 16 09 .b0`.^.\0Z0X0V..
0010: 69 6D 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14 4B 6B B9 28 96 06 0C BB .+......Kk.(....
0030: D0 52 38 9B 29 AC 4B 07 8B 21 05 18 30 26 16 24 .R8.).K..!..0&.$
0040: 68 74 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 31 sign.com/vslogo1
0060: 2E 67 69 66 .gif
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 17 13 8A BD D6 A2 B5 DC 06 2C B7 B6 8E DA 10 (.........,.....
0010: 66 60 6E E5 f`n.
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://SVRTrial-G2-crl.verisign.com/SVRTrialG2.crl]
]]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.21]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 23 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 .#https://
www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 63 70 73 2F 74 risign.com/cps/t
0020: 65 73 74 63 61 estca
]] ]
]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.verisign.com, accessMethod: 1.3.6.1.5.5.
7.48.2
accessLocation: URIName: http://SVRTrial-G2-aia.verisign.com/SVRTrialG2.cer]
]
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 66 9A D1 1B D3 0E C7 B2 0A 7A 60 88 5A DF 46 55 f........z`.Z.FU
0010: BA 11 61 2D 4C 72 F9 95 8C 30 08 4F C3 A9 DE 04 ..a-Lr...0.O....
0020: 55 D0 E8 FC F3 73 CB 01 B6 7F 48 B7 C7 2F 5D 3C U....s....H../]<
0030: 64 D1 E6 48 6D CD 92 D9 72 DB 0A AB C5 AD D7 1D d..Hm...r.......
0040: CD 82 B0 79 77 C1 C1 C8 46 3B 3D 47 9B C3 74 F1 ...yw...F;=G..t.
0050: C7 0F 5F 4F AF 4C 69 32 CB 35 74 AC B9 1C 47 D1 .._O.Li2.5t...G.
0060: E8 DE B4 38 70 AD 85 EC 17 00 63 90 9B 2F 26 91 ...8p.....c../&.
0070: 05 D6 D1 C4 95 91 32 D7 1B EE 19 56 D3 4A 05 D6 ......2....V.J..
0080: A5 7A 06 73 23 71 0E 0E B9 91 E2 DF 75 85 47 E9 .z.s#q......u.G.
0090: 29 1F 18 DB 56 8B FF 67 1B 68 F2 36 18 96 D6 9C )...V..g.h.6....
00A0: 4E 58 8F 9D 6B 05 5A 09 57 DA 91 B0 B1 6A 27 DC NX..k.Z.W....j'.
00B0: D5 C3 AC 90 19 0E 87 AF 42 3D CE CE 8F 8B 04 5B ........B=.....[
00C0: 2B 86 FD EE 22 01 E3 4E EF 60 5F CA 20 94 25 5D +..."..N.`_. .%]
00D0: 34 7A 4A 4C A0 3F 7E 74 16 95 A6 A0 FC CD 21 AF 4zJL.?.t......!.
00E0: 2D 25 0D 10 21 C2 3B D7 D5 97 FD AF 30 40 A1 6D -%..!.;.....0@.m
00F0: 8C 22 A8 21 B3 C0 95 AE 9A 1C F5 70 FD 20 E8 7A .".!.......p. .z
]>
<Jun 12, 2011 12:12:13 AM IST> <Notice> <Security> <BEA-090169> <Loading trusted
certificates from the JKS keystore file D:\Oracle\Middleware\WebLogic\10.3.2.0\
user_projects\domains\SSLDomain\ssl\localhost.jks.>
<Jun 12, 2011 12:12:13 AM IST> <Notice> <Server> <BEA-002613> <Channel "DefaultS
ecure" is now listening on 192.168.1.141:7002 for protocols iiops, t3s, CLUSTER-
BROADCAST-SECURE, ldaps, https.>
<Jun 12, 2011 12:12:13 AM IST> <Notice> <Server> <BEA-002613> <Channel "DefaultS
ecure[1]" is now listening on 192.168.1.140:7002 for protocols iiops, t3s, CLUST
ER-BROADCAST-SECURE, ldaps, https.>
<Jun 12, 2011 12:12:13 AM IST> <Notice> <Server> <BEA-002613> <Channel "DefaultS
ecure[2]" is now listening on 192.168.1.8:7002 for protocols iiops, t3s, CLUSTER
-BROADCAST-SECURE, ldaps, https.>
<Jun 12, 2011 12:12:13 AM IST> <Notice> <Server> <BEA-002613> <Channel "DefaultS
ecure[3]" is now listening on 10.159.32.228:7002 for protocols iiops, t3s, CLUST
ER-BROADCAST-SECURE, ldaps, https.>
<Jun 12, 2011 12:12:14 AM IST> <Notice> <Server> <BEA-002613> <Channel "DefaultS
ecure[4]" is now listening on 127.0.0.1:7002 for protocols iiops, t3s, CLUSTER-B
ROADCAST-SECURE, ldaps, https.>
WebLogic is Secure Now..!!
Try to Access the page : https://localhost:7002/
Now time to Configure WebLogic with Apache Web Server.
Step 6 : Configure Apache Web Server for WebLogic Application Server
Copy the Proxy Plugin Module (mod_wl_22.so) from D:\Oracle\Middleware\WebLogic\10.3.2.0\wlserver_10.3\server\plugin\win\32\ to C:\Program Files\Apache Software Foundation\Apache2.2\modules Directory
Add an extra line in the httpd.conf as below
LoadModule weblogic_module modules/mod_wl_22.so
Get the Trusted CA File from WebLogic Server to Configure it in Apache Plugin Configuration.
To Perform this follow the below steps.
Step 1. Click on Lock Icon at WebLogic HTTPS Console, Click on View Certificate
Step 2. Click on Certificate Path
Step 3 : Click on Root CA Certificate.
Step 4 : Click on View Certificate, you will see a new pop up window
Step 5 : Click on Details -- Click on Copy to File
Step 6 : Click on Next and Select Base64 Encoding -- Click On Next Browse for location and Select a Name for the File to Export say "MyWebLogicTrustedCA.cer"
Step 7 : Export File.
and Add below lines to invoke WebLogic Deployed Applications in httpd.conf file.
<IfModule mod_weblogic.c>
WebLogicHost localhost
WebLogicPort 7002
SecureProxy ON
TrustedCAFile "D:\Apache\MyWebLogicTrustedCA.cer"
RequireSSLHostMatch false
EnforceBasicConstraints OFF
Debug ALL
WLLogFile ""
</IfModule>
<Location /weblogic>
SetHandler weblogic-handler
</Location>
<Location /console>
SetHandler weblogic-handler
</Location>
Restart the Apache Server
Try Accessing : https://localhost/console
End of the Tutorial..!!
Thanks for Reading, Let me know if you are stuck somewhere in the steps.
Regards,
Shailesh Dyade
1 comment:
Hi, I have followed your way to do the setup but I still hit the error: SSL certificate chain validation failed: -6986
Please help!!!!
Thanks
Post a Comment