Installing SSL on WebLogic Application Server: SSL: Secure Socket Layer (SSL) is one of the most common forms

of web security. SSL is usually used through Hyper Text Transfer Protocol Secure (HTTPS). Setting up SSL on WebLogic Server involves a number of steps: 1. Obtain an identity and a trust. An identity is a private key and a digital certificate. The trust is a certificate issued to you by a trusted certificate authority (CA). Digital certificates, private keys, and trusted CA certificates can be obtained from the WebLogic Server kit, the Cert Gen utility, Sun Microsystemss key tool utility, or a reputable certificate authority such as Entrust or VeriSign. 2. Store the keys and certificates. You must store the private keys, digital certificates, and trusted CA certificates in a location accessible by WebLogic. Digital certificates are stored in a file in the domain directory of WebLogic Server. Private keys and trusted CA certificates are stored in a keystore. 3. Enable SSL on your server. You must set SSL attributes for the servers identity and trust locations in WebLogic Servers Administration Console or in a server start script. The SSL attributes define the location of the private key, digital certificate, and trusted CA certificates. Key Tool is located in BEAROOTDIR/JDK/bin 1) Syntax to create a Keystore: keytool -genkey -alias (alias name) -keyalg RSA -keypass (key storepassword) storepass (key store password) -keystore (keystorename) When you run the above command it will ask you to provide the below details: Country Name: Use the two-letter code without punctuation for country, for example: US or CA. State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: California Locality or City: The Locality field is the city or town name, for example: Berkeley. Do not abbreviate. For example: Saint Louis, not St. Louis Company: If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation. Organizational Unit: This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the

department or organization unit making the request. To skip the OU field, press Enter on your keyboard. Common Name: The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com". 2)Create CSR [CertificateServiceRequest] To Order SSL Certificate from any third party vendor for example verisign,CA, we need send CSR to them which contains both public key, and private key information. Syntax to generate a CSR: keytool -certreq -keyalg RSA alias (aliasname) -file certreq.csr keystore (keystore name) When you run this command it will ask you enter the password of the particular keystorename which you mentioned in above syntax. Then it will create a CSR in JDK bin directory.

Sample CSR: -----BEGIN NEW CERTIFICATE REQUEST----MIIBnzCCAQgCAQAwXzELMAkGA1UEBhMCdXMxCzAJBgNVBAgTAmlsMRAwD gYDVQQHEwdjaGljYWdv MQ4wDAYDVQQKEwVsb2NhbDEQMA4GA1UECxMHc2lsaWNvbjEPMA0GA1UE AxMGbmlraGlsMIGfMA0G CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCF6khKKDc1HmWHtugnvdfL0iV9DoN rTVtQzHyW0cisKcM7 mru9RIvHjYHrv0U15wPPApu3Mk0aDBEqGfYPpsu2E5M1ivfnLxpweNoAvgcRobW5 vdWtcZyqT+Gb hk0vGz9+ml/eMlUiReFu98cjTOuFkcXi0oyYQaoD2qylwWB+PQIDAQABoAAwDQYJ KoZIhvcNAQEE BQADgYEAVjN+ULTSvk24WfBhvHB7rTLghYIjeJaXkbs3FiER1wtaPUzrdCCI0m3n 3J6U9kKJOyF5 JoURfpVMIrDGOrgWLqx1S46ZbbZQ0EVy84adrxvSJuCY/rVcM7tZvdMrEB0leQrz9 TwshNKAAwrX 53K8FP24iGedL+SUABWjROpTRR4= -----END NEW CERTIFICATE REQUEST---3.Order for Trail SSL Certificate: Navigate to third party vendor Website and follow the steps mentioned there to get trial ssl certificate. After registration, they will ask for the CSR created in the before step.

After Sending the CSR file to, we will be sent trial Certificate and Chain Certificate. a.RootCertificate[Root] b.IntermediateCA c.TrialSSLCertificate. 4. Install Root Certificate in Browser. 5.ImportingtheSSLCertificateinKeyStore. To import a root certificate: Keytool -import alias root -keystore <your_keystore_filename> -trustcacerts -file <your_certificate_filename> To import a intermediate certificate: Keytool -import -alias intermediateCA -keystore (keystore file Intermediate.cer To Import the Trial SSL Certificate: Keytool -import -alias (alias file TrialSslCertificate.cer name) -keystore (keystore name) -trustcacerts name) -trustcacerts -

After importing these three certificates in the key store we have to mention the location of keystore in WebLogic Application server Console and then restart WebLogic Application server.