The objective of this blog is to return to the cloud all the information who have help us to solve several problems across our job, software developer. Now we try help people with our experiences, problems, and also possibles solutions.
This is my first post.
Sometimes customer require to change the SSL certificates that comes by default in weblogic server, after spent good few hours searching how to solve this, here you have the clean procedure:
With this line you will create the first component, the file jks holding all the domain information:
1.- keytool -genkey -alias youralias.example.com -keyalg RSA -keysize 2048 -dname "CN = youralias.example.com,OU = Corporativo,O = Organization X,L = Mexico,S = Distrito Federal,C = MX" -keypass pwd123 -keystore identity.jks -storepass pwd123
With the next line you list all the alias added to the cert file:
2.- keytool -list -v -keystore identity.jks -storepass pwd123
Generate the request for the CA Authority ( VerySign, Thawte, etc ) you can get the free trial version SSL on those pages.
3.- keytool -certreq -v -alias youralias.example.com -file server_request.csr -keypass pwd123 -storepass pwd123 -keystore identity.jks
The CA will send an email with the following information:
This is my first post.
Sometimes customer require to change the SSL certificates that comes by default in weblogic server, after spent good few hours searching how to solve this, here you have the clean procedure:
With this line you will create the first component, the file jks holding all the domain information:
1.- keytool -genkey -alias youralias.example.com -keyalg RSA -keysize 2048 -dname "CN = youralias.example.com,OU = Corporativo,O = Organization X,L = Mexico,S = Distrito Federal,C = MX" -keypass pwd123 -keystore identity.jks -storepass pwd123
With the next line you list all the alias added to the cert file:
2.- keytool -list -v -keystore identity.jks -storepass pwd123
Generate the request for the CA Authority ( VerySign, Thawte, etc ) you can get the free trial version SSL on those pages.
3.- keytool -certreq -v -alias youralias.example.com -file server_request.csr -keypass pwd123 -storepass pwd123 -keystore identity.jks
The CA will send an email with the following information:
And also the rootCA and the intermediate certificates, this files will common be delivered by the CA at the same email.
Import the root certificate that CA provide you with the following sentence
4.- keytool
-import -v -noprompt -trustcacerts -alias rootcacert -file root.cer -keystore
identity.jks -storepass
Import the intermediate certificate that CA provide you with the following sentence
5.- keytool
-import -v -noprompt -trustcacerts -alias Privintermedio -file intermediate.cer
-keystore identity.jks -storepass
Finishing the domain certificate with the ssl provided by CA
6.- keytool
-import -v -alias youralias.example.com -file dominio.cer -keystore identity.jks -keypass pwd123 -storepass
Generating the Trust certificate with the ssl provided by CA
7.- keytool
-importcert -v -trustcacerts -alias youralias.example.com -file dominio.cer -keypass pwd123 -keystore root.jks -storepass
so far we have the two JKS files identity.jks, and root.jks.
in the next post I'm going to use this certificates and configure the WLS.
