Section A –Creating Wallet /jkstore ready before
1.Create wallet and CSR for OAM (source oid.env as owm executable is not present in oam)
a. Create empty wallet and make autologin true .
b. Create csr for (physical server and lbr url for oam and oid).
2. Once intermediate,root ,ca and oam certificates are recieved from client
Make certs ready in x509 format using below option
Install all certificates on your local PC (oam + root +intermidiate) .
Go to IE Browser ->tools->IE options->content->certificates->Other people , Intermidiate and trusted root tabs one by one
Export all the 4 installed certificate in base 64 , x.509 format and save to some folder .
Ftp all saved files to server in binary format
b. Import trusted root and intermediate certificate to wallet
c. Import all 4 certificates to wallet and save wallet .
3. Convert wallet into a JKS trust store using below syntax.
Source OAM.env
$MW_HOME/oracle_common/bin/orapki wallet pkcs12_to_jks -wallet ./abcprdwallet -pwd -jksKeyStoreLoc ./abcprdewalletK.jks -jksKeyStorepwd -jksTrustStoreLoc ./oamprdewalletT.jks -jksTrustStorepwd
Oracle PKI Tool : Version 11.1.1.6.0
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
Section B .Making weblogin/oam ssl enabled
4. Configure WebLogic Server for SSL
The steps below take you through configuring SSL for a Managed Server.
The steps assumes the reader understands how to start the Admin Server and Managed Server.
a. Start the Admin Server in the Domain
b. Login to the WLS console e.g: http://weblogic.uk.oracle.com:7001/console
c. Select 'Environment' -> 'Servers' and click on the server you want to configure
d. Select the 'Keystores' tab
e. Select 'Keystore -> 'Change'
f.Select 'Custom Identity and Custome Trust'from the drop down list and click 'Save'
g. Enter the relevant information in the Keystores page:
'Custom Identity Keystore' : e.g /abcprdewalletK.jks
· 'Custom Identity Keystore' : JKS (Note: This has to be UPPERCASE)
· 'Custom Identity Keystore Passphrase' : e.g: welcome
· 'Confirm Custom Identity Keystore Passphrase' : e.g: welcome
'Custom Trust Keystore' : e.g /prdewalletT.jks
· 'Custom Trust Keystore Type' : JKS (Note: This has to be UPPERCASE)
· 'Custom Trust Keystore Passphrase' : e.g: welcome
· 'Confirm Custom Trust Keystore Passphrase' : e.g: welcome
· Click 'Save'
h. Select the 'SSL' tab and enter the relevant information:
· 'Private Key Alias' : e.g server_cert
· 'Private Key Password' : e.g welcome
· 'Confirm Private Key Password': e.g welcome
· Click 'Save'
i. Select 'Environment' -> 'Servers' and click on the Managed Server configured
j. In the 'General' tab:
· Check 'SSL Listen Port Enabled'
· 'SSL Listen Port' : e.g 7012 (make sure this is not used by another process)
· Click 'Save'
5. Start the Server. If the server is running successfuly you will see the following in the standard out or the Managed Server log file:
6.Make following changes in WLS 10.3.6 for oam 11gr2
Ensure that the following are enabled in the WebLogic Server Administration Console:
WebLogic Plug-In
Client Cert Proxy
To verify this:
Navigate to 'Environments' > 'Servers' > 'AdminServer(Admin)'
Access the 'General' tab
Expand the 'Advanced' section and check the checkboxes for:
WebLogic Plug-In Enabled
Client Cert Proxy Enabled
7. : Test you can access Weblogic via SSL
No comments:
Post a Comment