Thursday, August 15, 2013

Installing JBoss Application Server 7.1.1 on Ubuntu 13.04 Desktop OS

Hello There,


Hope you all are doing good..!

Wishing you a very happy and prosperous Independence Day, hope you will remember the people who made this day happen in our life.

Lets get back to the basics..

Today we are here to study about JBoss Application Server Installation in a freshly installed Ubuntu Operating System.

I just recently found out that Ubuntu 13.04 is the best version ever improved, it should as its the latest one at this time.. (15 August 2013). So giving a thought of installing JDK/JRE and JBoss Application server on it.

Lets Start...

Get the necessary files.

You will need jboss-as-7.1.1.Final.zip from  https://www.jboss.org/jbossas/downloads --  download it..!! ( I thought its needless to say ;))

And you might need to download the Linux version of Oracle Java 7 as below.

Step 1. Login to terminal verify if Java is there or not and wait for alternative thoughts.  -- Go to Root.


 Step 2. You might need to download the specific package for this version ( Java 7) of Java.

Step 3. Update the Package Cache and Search in the available packages in Ubuntu package cache with the help of below commands.



#apt-get update

This will get the list of packages available for download and install for Ubuntu.









#apt-cache search ^oracle_java

We see here that required Java 7 Package is not available in the packages list, we may need to update the repository with other ways.

Step 4. Update the repository with below command  - add new repository.





#add-apt-repository ppa:webupd8team/java

This will make the URL passed available to the Package Manager to update the package repository next time you run the update.

Step 5. Run the apt-get update.

This will update the list of available packages with new Java Packages available with the new source we have added recently.

Update is complete, then try to search for Java package in the list.

Here is the result..!!








Step 6. Install Java - #apt-get install oracle-java-installer

This will download, extracts and install the Java package into Ubuntu Operating System.

You might need to agree to the License Agreement which pops out in the same window.





Step 7. Verify the installation.




Downloading is in Progress.









Step 8. Check the Java Version as below.




Verifying the version :

#java -version
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) Server VM (build 23.25-b01, mixed mode)




Next Steps....!!
 
Installing JBoss Application Server 7.1.1
-----------------------------------------------------------------

Step 1. Copy the downloaded jboss-as-7.1.1.Final.zip file to some secured safe location in your filesystem.

root@shailesh-Inspiron-N4010:/# df -k
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/sda6      127819492 4303196 117016764   4% /
none                   4       0         4   0% /sys/fs/cgroup
udev             1986872       4   1986868   1% /dev
tmpfs             399024     876    398148   1% /run
none                5120       0      5120   0% /run/lock
none             1995104     160   1994944   1% /run/shm
none              102400      44    102356   1% /run/user

root@shailesh-Inspiron-N4010:/# ls
bin    dev   initrd.img      lost+found  opt   run      srv  usr
boot   etc   initrd.img.old  media       proc  sbin     sys  var
cdrom  home  lib             mnt         root  selinux  tmp  vmlinuz
root@shailesh-Inspiron-N4010:/#


Step 2. I will copy on this to /opt/RedHat/JBoss/AS hope this will be good location for JBoss to hide in.

# mkdir -p /opt/RedHat/JBoss/AS
# cd  /opt/RedHat/JBoss/AS
# cp /home/shailesh/Downloads/jboss-as-7.1.1.Final.zip .

Step 3. Unzip it.

#unzip jboss-as-7.1.1.Final.zip
root@shailesh-Inspiron-N4010:/opt/RedHat/JBoss/AS# ls
jboss-as-7.1.1.Final  jboss-as-7.1.1.Final.zip
root@shailesh-Inspiron-N4010:/opt/RedHat/JBoss/AS#


Rename the file just to refer it refer as our package.

# mv jboss-as-7.1.1.Final jboss-as-7.1.1

Set the JAVA_HOME

root@shailesh-Inspiron-N4010:~# echo $JAVA_HOME
/usr/lib/jvm/java-7-oracle/jre/bin
root@shailesh-Inspiron-N4010:~#


Add this line in standalone.conf in /opt/RedHat/JBoss/AS/jboss-as-7.1.1/bin directory

JAVA_HOME="/usr/lib/jvm/java-7-oracle/jre"


Step 4. Start the JBoss Instance (standalone configuration).



It took value of JBOSS_HOME with the help of simple logic in standalone.sh file.

# Setup JBOSS_HOME
RESOLVED_JBOSS_HOME=`cd "$DIRNAME/.."; pwd`
if [ "x$JBOSS_HOME" = "x" ]; then
  JBOSS_HOME=$RESOLVED_JBOSS_HOME

Step 5. Verify the Configuration start-up.



 
Then try accessing the console for JBoss Application Server.

05:33:35,807 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://127.0.0.1:9990


Step 6. Access the console at address : http://127.0.0.1:9990/



We might need to add a user so that we can successfully access the console, let us try that.

 Step 7. Add User details as below, for Testing purpose I have used Admin User.
 



root@shailesh-Inspiron-N4010:/opt/RedHat/JBoss/AS/jboss-as-7.1.1/bin# ./add-user.sh

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): a

Enter the details of the new user to add.
Realm (ManagementRealm) :
Username : Admin  
Password :
Re-enter Password :
The username 'Admin' is easy to guess
Are you sure you want to add user 'Admin' yes/no? yes
About to add user 'Admin' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'Admin' to file '/opt/RedHat/JBoss/AS/jboss-as-7.1.1/standalone/configuration/mgmt-users.properties'
Added user 'Admin' to file '/opt/RedHat/JBoss/AS/jboss-as-7.1.1/domain/configuration/mgmt-users.properties'
root@shailesh-Inspiron-N4010:/opt/RedHat/JBoss/AS/jboss-as-7.1.1/bin#


Step 8. Restart the standalone server configuration and try accessing the console - Click on Try Again link on console screen.



Here I am done with this tutorial, please let me know if you need any more information, please drop into comments or email me directly.

Hope you have enjoyed the Blog Post.

Regards
Shailesh Dyade

Wednesday, May 22, 2013

Err : Caused by: java.lang.SecurityException: User: weblogic, failed to be authenticated.

Hello Guys,

Sometimes you will have a tough time dealing with simple issues with WebLogic, same goes for this one. Today we will see what are the options of fix we have when we see some simple Authentication Issues, and these issues may eat up a big chunk of your brain figuring out the fix when everyone is watching you waiting for you to show some results, huh.!! that's really a tough time - that goes beyond when you are on call on bridge with customer waiting on his patience.

Lets find out some simple ways to fix this issue.

Normally the issue will look like very frightening one as it just throws out big stack trace resulting into failing the current operation, probably it will be StopServer or StartServer..

[root@localhost bin]# ./stopWebLogic.sh
Stopping Weblogic Server...

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Please enter your username :weblogic
Please enter your password :
Connecting to t3://localhost:7001 with userid weblogic ...
This Exception occurred at Tue May 21 18:55:12 PDT 2013.
javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: User: weblogic, failed to be authenticated.]
        at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:42)
        at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:788)
        at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:682)
        at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:469)
        at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:376)
        at weblogic.jndi.Environment.getContext(Environment.java:315)
        at weblogic.jndi.Environment.getContext(Environment.java:285)
        at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at weblogic.management.scripting.WLSTHelper.populateInitialContext(WLSTHelper.java:520)
        at weblogic.management.scripting.WLSTHelper.initDeprecatedConnection(WLSTHelper.java:573)
        at weblogic.management.scripting.WLSTHelper.initConnections(WLSTHelper.java:313)
        at weblogic.management.scripting.WLSTHelper.connect(WLSTHelper.java:203)
        at weblogic.management.scripting.WLScriptContext.connect(WLScriptContext.java:61)
        at weblogic.management.scripting.utils.WLSTUtil.initializeOnlineWLST(WLSTUtil.java:147)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.python.core.PyReflectedFunction.__call__(Unknown Source)
        at org.python.core.PyMethod.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at org.python.pycode._pyx4.connect$1(<iostream>:16)
        at org.python.pycode._pyx4.call_function(<iostream>)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.pycode._pyx15.f$0(/cust/weblogic/middleware/domains/xyz_domain/shutdown.py:6)
        at org.python.pycode._pyx15.call_function(/Oracle/weblogic/middleware/domains/xyz_domain/shutdown.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyCode.call(Unknown Source)
        at org.python.core.Py.runCode(Unknown Source)
        at org.python.util.PythonInterpreter.execfile(Unknown Source)
        at weblogic.management.scripting.WLST.main(WLST.java:124)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at weblogic.WLST.main(WLST.java:29)
Caused by: java.lang.SecurityException: User: weblogic, failed to be authenticated.
        at weblogic.common.internal.RMIBootServiceImpl.authenticate(RMIBootServiceImpl.java:116)
        at weblogic.common.internal.RMIBootServiceImpl_WLSkel.invoke(Unknown Source)
        at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
        at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
        at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
        at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Problem invoking WLST - Traceback (innermost last):
  File "/Oracle/weblogic/middleware/domains/xyz_domain/shutdown.py", line 6, in ?
  File "<iostream>", line 22, in connect
  File "<iostream>", line 646, in raiseWLSTException
WLSTException: Error occured while performing connect : User: weblogic, failed to be authenticated.
Use dumpStack() to view the full stacktrace

Done
Stopping Derby Server...
[root@localhost bin]#


At this point of time you will get baffled and do not understand what you will be doing as next?

Relax.. There are few instances where you have to look for solution.


  1. Possible corruption of boot.properties
  2. Possible corruption of Embedded LDAP
  3. User Name or Password is Wrong in boot.properties
Instance 1 Possible corruption of boot.properties

Whenever you face the problem like the above you may have to look into the boot.properties files which are present at servers/security folder <domain/servers/servername/security>, if the boot.properties entries are encrypted and are looking fine you can ignore, however you can make sure by creating another one with same values of username and password in the following format and save it under servername/security folder as boot.properties

username=weblogic
password=passwordforweblogic 

And make sure you have boot.properties in required location.

Instance 2 : Possible corruption of Embedded LDAP

Chances of this Instance are more when compared to boot.properties ones, as whenever you shutdown the server improperly or if there are any mis-configuration with authentication data or if there are any changes in the environment where WebLogic Server is present, we have more chances of getting Embedded LDAP Corrupted.

To deal with this issue, we just have few simple steps :
1) Go to <domain>/servers/<serverName>/data/
2) Take Backup or Rename ldap folder
3) Restart Server

Here you will see that a new ldap folder gets created, but you will still have error starting up the server in case if you have changed your username and passwords after your setup.

In case if you see issues still then you have one option to fix it.

  1. Take a backup of ldapfiles Folder from new ldap directory
  2. Copy the ldapfiles from Old backed up ldap folder before you have restarted the server
  3. And Restart the server again.
With this you have more chances of fixing the issue

Instance 3 : User Name or Password is Wrong in boot.properties

This can be considered as Human Error as you need to remember the username and password you have specified, unless you do you will not be able to fix username and password issue.


Alright guys..!!

I believe with this you will be able to see hope of appreciation from your client/ customer.. in case if you think, I am not done.. please request you send me a mail or comment on this post so that I can reply with more options of fixes for similar type weird issues..

If you get any other issues with WebLogic Server / WebSphere Server  and Web Servers.. please drop me a mail here

Regards
Shailesh Dyade

Monday, April 29, 2013

Have you ever tried installing Apache 2.4.4 in Linux.?

Hello Guys,

Just for sometime I was away from my blogging, but recently had to touch the pages for self signed certs in WebLogic Server on one of my friends request, hoping to get the blogging on the track from now.

Today I tried to install Apache Web Server in Linux Environment, it may sound silly thing however you may need to know few of the things while you get your arms ready when you work with Apache Web Server Administration.

I found that you may face few of the difficulties while you install Apache Web Server in Linux Environment, common ones are : Steps to Install, Supporting Libraries and Any Utilities required for install to be successful.

Well.. Steps.!!

Step 1. Download the Apache WebServer

Click the link here or visit site : http://httpd.apache.org/ for downloading the binaries for different operating system

Step 2. Save it in a safe location and Unzip and Untar it.

Move it to your required location and unzip and untar it as you have tar.gz file.

#mv httpd-2.4.4.tar.gz /labs 
#cd /labs
#gunzip httpd-2.4.4.tar.gz
#tar -xvf httpd-2.4.4.tar

you will see huge number of lines showing the extracted files in the the directory called httpd-2.4.4, with this you have extracted the tar'ed files into httpd-2.4.4 directory.

Step 3. Install it

#cd httpd-2.4.4
#./configure --prefix=/labs/apache2.4.4
#make
#make install

Well, this looks simple but is not..!!

The steps for installing are very simple, you just need follow below 3 commands and you are done, however you may need to make the operating system understand that you are installing the Apache WebServer for that you might need APR, APR-UTIL and PCRE binaries to be installed before Apache Web Server, failing which you will see the below error messages.

while you are running the first command above you will get to see the below error messages each for above 3 modules.

I am setting the prefix for install path for the apache webserver.

If you do not have APR (Apache Portable Runtime) installed prior to Apache Install, you will see : 

checking for APR … no 
configure error APR not found. please read the documentation 

This can be fixed by installing APR from the link : http://apr.apache.org/ and download the latest tar file, gunzip, untar and then install the binary as below.

NOTE : We may need to install the APR same way we do for HTTPD Server ( Apache Web Server)

# cd apr-1.4.6
# ./configure  (you can add --prefix to supply the install path, it will install in     /usr/local/ if not specified)
#make
#make install

Now try running Apache configure and see the difference, however this time you need to pass one more argument with ./configure command as below.

./configure --prefix=/usr/local/apache2 --with-apr=/usr/local/apr

This doesn't show error which occurred before, but turns in to a new error as below.

checking for apr-util … no 
configure error apr-util not found. please read the documentation

Well for this you need to follow the same steps you have done for APR, you need to visit the same site and download the apr-util file.


This time while you are installing the apr-util you need to run the below command after extracting the file.

#cd apr-util-1.5.2
#./configure --prefix=/usr/local/apr-util/  --with-apr=/usr/local/apr/
#make
#make install

This will create a one more directory under /usr/local as apr-util

Now try to Run Apache Install, but with a brand new command.

#./configure --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util

This command will by pass both of the above errors, but we are not done yet..!!, You will see below error while trying to execute the above command.

configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/

We need one more library called PCRE (Perl Compatible Regular Expression) which is used by our httpd server, download it from  http://pcre.org/ - move it your Linux/Unix Filesystem and gunzip and untar it.

You can go ahead and install this library without any dependency on APR or apr-util, you can use the below commands to install PCRE.

#./configure --prefix=/usr/local/pcre
#make
#make install

Once you are done, now its the turn of Apache Server finally with below command.

#cd httpd-2.4.4
#./configure --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-pcre=/usr/local/pcre#make
#make install
:
 /usr/local/apr/build-1/libtool --silent --mode=install install mod_env.la /usr/local/apache2/modules/
/usr/local/apr/build-1/libtool --silent --mode=install install mod_expires.la /usr/local/apache2/modules/
/usr/local/apr/build-1/libtool --silent --mode=install install mod_headers.la /usr/local/apache2/modules/
/usr/local/apr/build-1/libtool --silent --mode=install install mod_unique_id.la /usr/local/apache2/modules/
/usr/local/apr/build-1/libtool --silent --mode=install install mod_setenvif.la /usr/local/apache2/modules/
/usr/local/apr/build-1/libtool --silent --mode=install install mod_version.la /usr/local/apache2/modules/
/usr/local/apr/build-1/libtool --silent --mode=install install mod_remoteip.la /usr/local/apache2/modules/


:
 

Installing configuration files
mkdir /usr/local/apache2/conf
mkdir /usr/local/apache2/conf/extra
mkdir /usr/local/apache2/conf/original
mkdir /usr/local/apache2/conf/original/extra
Installing HTML documents
mkdir /usr/local/apache2/htdocs
Installing error documents
mkdir /usr/local/apache2/error
Installing icons
mkdir /usr/local/apache2/icons
mkdir /usr/local/apache2/logs
Installing CGIs
mkdir /usr/local/apache2/cgi-bin
Installing header files
mkdir /usr/local/apache2/include
Installing build system files
mkdir /usr/local/apache2/build
Installing man pages and online manual
mkdir /usr/local/apache2/man
mkdir /usr/local/apache2/man/man1
mkdir /usr/local/apache2/man/man8
mkdir /usr/local/apache2/manual
make[1]: Leaving directory `/labs/httpd-2.4.4'


Done with installation, now if you would like to verify whether your httpd server is working fine or not.

#cd /usr/local/apache2/bin
#apachectl status
#apachectl start

You can verify the httpd processes running by using ps -ef | grep httpd then you will see around 3-4 processes running in the console.

Access the URL : http://localhost/ -- you will see the text saying : It works! on the browser.

Well.. I hope this post will help you a bit with getting track of Apache Web Server install in Linux Operating System.

Thank you..

Regards
Shailesh Dyade.

Wednesday, April 17, 2013

Setting Up Two Way SSL for WebLogic Server - Self Signed Certificates

Hello There, 

In this blog post we will be seeing step by step instructions to setup 2 - Way SSL in WebLogic, we have seen 1 - Way SSL set up already here by the way what are these One Way SSL and Two Way SSL?

One Way SSL
-----------------

Here Server needs to present the certificate to the Client, Certificates from clients are not really verified as a part of Authentication process, but client needs to understand if it has reached the valid server or not by verifying the server certificates.

Example : Simple Banks Web Site, Whenever we are hitting netbanking site, it will present the certificate to the Browser to trust



Two Way SSL
------------------
Here client needs to authenticate to server resources by providing its certificate, it depends on how strong the server requirement is to verify the clients certificate, Here Client verifies server certificate and server verifies client certificates.

Example : WebServer Connecting to WebLogic Server and exchanging certificates for their communication to establish.

Following Fig. Shows how the client and server go through the initial communication when they are setup in 2 Way SSL


As above picture is self explanatory, I do not see space to explain the whole process, we will proceed to the practicals directly.

Step 1. Create the Identity and Trust Key Store for the WebLogic Server.

Identity Key Store is required to define identity of the WebLogic Server, so that clients can use to Trust the server

And Trust Keystore is required to store the Root Certificates of the clients so that it can trust or Identity the incoming requests from the clients.

Create A Server Identity Keystore with your Public Key and Private Key

D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -genkey -alias server_cert -keyalg RSA -keysize 2048 -keystore server_identity.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  ShaileshDyade
What is the name of your organizational unit?
  [Unknown]:  Personal
What is the name of your organization?
  [Unknown]:  Technology
What is the name of your City or Locality?
  [Unknown]:  Bangalore
What is the name of your State or Province?
  [Unknown]:  Karnataka
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN correct?
  [no]:  yes

Enter key password for <server_cert>
        (RETURN if same as keystore password):
Re-enter new password:

D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>


Note : Here I have used Keystore and Key Passwords as different

I am done with creating server identity key store file (.JKS extension stands for Java Key Store). you have multiple formats of Keystore available for use with WebLogic Server.

Generate Certificate Signing Request

D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -certreq -v -alias server_cert -file csr_for_mysite.csr -keystore server_identity.jks
Enter keystore password:
Enter key password for <server_cert>
Certification request stored in file <csr_for_mysite.pem>
Submit this to your CA


Open your CSR file and Go to this link for Getting it Signed from Authorized CA's  (Certificate Authorities)

-----BEGIN NEW CERTIFICATE REQUEST-----
MIICwjCCAaoCAQAwfTELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJ
QmFuZ2Fsb3JlMRMwEQYDVQQKEwpUZWNobm9sb2d5MREwDwYDVQQLEwhQZXJzb25hbDEeMBwGA1UE
AxMVd3d3LnNoYWlsZXNoZHlhZGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
l3BDvo48cqxwHH1KrzAHeABRpkrzxnxi7tLt3SK5ces1hHGMG6Vu7FKttDijssA0t//nDFGIVIub
Q049Do+gvbeWEPHy2N0HD1zglNdBTC+qD1LmbMQeNqW0Fl+DBnAoW0/RyltfRT6xcfg6h/c5o+7h
Id9TH8VpXvCs9GCxMaEKlxz5TKJYY+mkfitvI714jIvhH++xOMCiUXkqsSZa6mZROVE5vDx3SHje
Ea+eYiEhWMg3SgO9fmch/kIzmD094GBIK/uQllDnZcAx6ltXENX3KDcFrNviT7O3Wcxt4M7MI+Fs
sIvWGEi+/Lw5/3FIZ0G9mzrpeTnPFvmu1Ssx5QIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAD+B
+RDwGoOc8isMrcS+/fCTIbFg+4wkrV457GC6/+stK6o71uyYxJl/Aunr05cqp8htO5WQa6BWKxB1
OQNoHXr2O0NkxDBllfPFKBO7w8HG2ewzHcCvJow/hlV+9feJ7LZ4BEGX3c6PCyq7+kOXk0u/8B/D
hivs9/TU0w+AJpgEiwsb3C11WuT0KoS7ceqHOzXLBsriLPG5yQ5N6PNBinJcvNN96cGuK2jEKMhn
NKqJga6p06fWSmjX2GCrxvGM1ijHe6vwdcpvi1XhahdQPUg/RUSbHTCDWbc6GtvhiRuRFCWbpURs
UDr6uU9yqzmKe/nvFs28xAvALDlrFmoni8o=
-----END NEW CERTIFICATE REQUEST-----


Here I am using GeoTrust as my CA for Signing my Certificate Request

Go to the Link and Provide necessary details.

  1. Click on Order Now for the Free Rapid SSL Certificates
  2. Provide necessary details on next page, for server type select WebLogic - All Versions
  3. Next Page Provide your contact information in case if you would like GeoTrust to contact for any further business, but remember to some mandatory fields which are required without which it will not understand you.
  4. On Next Page Select, I Already have my own CSR
  5. And paste the contents of your CSR file to the Text Box shown in that page (DO NOT COPY AND PASTE ABOVE CERT REQUEST)  - CONTINUE...
  6. On Next Page you will be able to see the summary of your certificate - Just Verify it
  7. Common Name: www.shaileshdyade.com
    Organization : Technology
    Organizational Unit : Personal
    Locality : Bangalore
    State : Karnataka
    Country : IN
     
  8.  Continue.
  9.  Well this is embarrassing, it went on to check my domain and wants to get the approval of the my site's administrator - admin@shaileshdyade.com
  10.  Well you need to click couple of Continue's.. then you will arrive at Complete Order Summery
  11. At the end you will get the message like :

    Your Free Trial SSL Certificate Has Been Processed

Once you approve it, you will get the mail to your email id which you have specified during certificate request, then you can follow the process of installing the certificate which is given in this link

But we are here to explain the process of installing certificate and setting Two Way SSL with Self Signed Certificates.

Note : Here I have used little modified Keystore, in which I have used the Common Name as ShaileshDyade where as in old file it was www.shaileshdyade.com, please notice this in below commands.

Create Self Signed Certificate

D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -export -alias server_cert -file MyRoot.cer -keystore server_identity.jks -storepass keystorepass
Certificate stored in file <MyRoot.cer>


Create Trust Store for Trusting Incoming Connections

D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -import -alias server_cert -trustcacerts -file MyRoot.cer -keystore server_trust.jks
Enter keystore password:
Re-enter new password:
Owner: CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN
Issuer: CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN
Serial number: 516e3df0
Valid from: Wed Apr 17 11:45:12 IST 2013 until: Tue Jul 16 11:45:12 IST 2013
Certificate fingerprints:
         MD5:  F3:E4:DE:8C:D8:66:7D:56:FD:B9:22:52:BF:D5:17:3F
         SHA1: 7A:D3:50:DE:A7:9C:FA:B7:B4:C6:20:87:DB:12:51:9E:64:78:C7:C0
         Signature algorithm name: SHA1withRSA
         Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore

D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain> 


Files we have right now are : server_identity.jks, server_trust.jks and MyRoot.cer.

You can try to list them by using following command : 

D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -import -alias server_cert -trustcacerts -file MyRoot.cer -keystore server_trust.jks
Enter keystore password:
Re-enter new password:
Owner: CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN
Issuer: CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN
Serial number: 516e3df0
Valid from: Wed Apr 17 11:45:12 IST 2013 until: Tue Jul 16 11:45:12 IST 2013
Certificate fingerprints:
         MD5:  F3:E4:DE:8C:D8:66:7D:56:FD:B9:22:52:BF:D5:17:3F
         SHA1: 7A:D3:50:DE:A7:9C:FA:B7:B4:C6:20:87:DB:12:51:9E:64:78:C7:C0
         Signature algorithm name: SHA1withRSA
         Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore

D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -list -v -keystore server_identity.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: server_cert
Creation date: Apr 17, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN
Issuer: CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN
Serial number: 516e3df0
Valid from: Wed Apr 17 11:45:12 IST 2013 until: Tue Jul 16 11:45:12 IST 2013
Certificate fingerprints:
         MD5:  F3:E4:DE:8C:D8:66:7D:56:FD:B9:22:52:BF:D5:17:3F
         SHA1: 7A:D3:50:DE:A7:9C:FA:B7:B4:C6:20:87:DB:12:51:9E:64:78:C7:C0
         Signature algorithm name: SHA1withRSA
         Version: 3

*******************************************
*******************************************



D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain>keytool -list -v -keystore server_trust.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: server_cert
Creation date: Apr 17, 2013
Entry type: trustedCertEntry

Owner: CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN
Issuer: CN=ShaileshDyade, OU=Personal, O=Technology, L=Bangalore, ST=Karnataka, C=IN
Serial number: 516e3df0
Valid from: Wed Apr 17 11:45:12 IST 2013 until: Tue Jul 16 11:45:12 IST 2013
Certificate fingerprints:
         MD5:  F3:E4:DE:8C:D8:66:7D:56:FD:B9:22:52:BF:D5:17:3F
         SHA1: 7A:D3:50:DE:A7:9C:FA:B7:B4:C6:20:87:DB:12:51:9E:64:78:C7:C0
         Signature algorithm name: SHA1withRSA
         Version: 3


*******************************************
*******************************************

 


70% of the job is done with this...

Now next step is to configure the files in WebLogic Server..

Login to WebLogic Server console.

Navigate to  Home >Summary of Servers >AdminServer>Keystores

 
In Keystores - Change and Select Custom Identity and Custom Trust as We have Both Identity and Trust Files.

And Fill the required values in field as below.




Custom Identity Keystore: D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain\server_identity.jks
Custom Identity Keystore Type: JKS
Custom Identity Keystore Passphrase: keystorepass
Confirm Custom Identity Keystore Passphrase: keystorepass

Custom Trust Keystore:D:\Oracle\Middleware\user_projects\domains\TwoWaySSLDomain\server_trust.jks
Custom Trust Keystore Type:JKS
Custom Trust Keystore Passphrase:keystorepass (Note: I have given same password while creating both of the jks files)
Confirm Custom Trust Keystore Passphrase:keystorepass

Navigate to  Home >Summary of Servers >AdminServer>SSL


Here you need to provide the details to open and access the private key information of the server.

Private Key Alias : server_cert

Private Key Passphrase: keypass
Confirm Private Key Passphrase : keypass




On this page Click on Advanced Options.


If you would like authenticate the client on the basis of their hostname then you can very well write your own or use default BEA Hostname Verifier in Hostname Verification field, I will change to None as I do not have valid hostname, for LAB purpose.

In Two Way Client Cert Behavior we need too select the behavior of the Two Way SSL -  Select Client Cert Requested But Not Enforced - This is for Negotiation with Client, if you select the other one Client Cert Requested and Enforced, that will now allow connections from the client if client does not show up its certificates.

And the third one "Client Certs Not Requested", its as good as One Way SSL.

Save the changes and Navigate to Home >Summary of Servers >AdminServer>General

Enable the SSL Listen Port, Save it and Restart the Server, While you access console over SSL port (7002) in my example


You should be able to see a Lock Icon before the address in address bar above, if you click on that and click on More Information you will be able to see the below information.


While you navigate you will see complete certificate information here, its Issued To, Validity and Finger Prints etc..

If you do not specify any time period during the certificate creation, this certificate will be valid for 30 Days.




Work at the WebLogic Server is almost done, but this post still not done, I need to configure how 2 Way SSL works when there is a web server involved here, I will configure Apache Web Server and configure certificate at Apache side and will show you how 2 Way works.

Thanks
Shailesh Dyade