Preparation
1. Start cmd prompt as administrator
2. cd\oracle_middleware_12c\user_projects\domains\PrimaveraP6EPPM\bin
3. Run setdomainenv.cmd
4. Create keystores directory in C:\oracle_middleware_12c\user_projects\domains\PrimaveraP6EPPM
5. cd to keystores directory (your dir should be: c:\oracle_middleware_12c\user_projects\domains\PrimaveraP6EPPM\keystores)
Create Keystore
6. Run the following to generate the keystore:
keytool -genkey -alias server_cert -keyalg RSA -keysize 2048 -dname "CN=ENTERYOURDOMAINHERE,OU=Hosting,O=YOURNAMEHERE,L=YOURLOCATIONHERE,ST=YOURSTATEHERE,C=US" -keypass welcome -keystore keystore.jks -storepass welcome
Create csr
7. Run the following to create the csr
keytool -certreq -v -alias server_cert -file server.csr -keypass welcome -storepass welcome -keystore keystore.jks
Submit server.csr to SSLs.com
8. log into ssls.com and buy new PositiveSSL for any # of years
9. Submit the text of server.csr - select weblogic - all versions
10. Verify e-mail and wait for .zip file
11. Once .zip file arrives, unzip to the keystores directory on the server
Prepare the certs
12. rename all root certs as rootCA.crt, rootCA2.crt, rootCA3.crt etc
13. rename server cert as server.crt
Import the root certs
14. import the root certs 1 at a time
keytool -import -v -noprompt -trustcacerts -alias rootcacert -file rootCA.crt -keystore keystore.jks -storepass welcome
keytool -import -v -noprompt -trustcacerts -alias rootcacert2 -file rootCA2.crt -keystore keystore.jks -storepass welcome
keytool -import -v -noprompt -trustcacerts -alias rootcacert3 -file rootCA3.crt -keystore keystore.jks -storepass welcome
Import the server cert
15. keytool -import -v -alias server_cert -file server.crt -keystore keystore.jks -keypass welcome -storepass welcome
Configure weblogic
16. Login to the weblogic console (http://localhost:7001/console)
17. Lock and edit
18. >environment >servers >[select the target server]
19. >keystores
20. Change to "custom identity and custom trust"
21. Custom identity keystore: enter your dir c:\oracle_middleware_12c\user_projects\domains\PrimaveraP6EPPM\keystores
22. Custom identity keystore type: jks
23. Passphrases are welcome
24. For "trust" fields, enter the same info as above
25. Click save
26. Click ssl
27. Identity and trust locations: keystores
28. Private key alias: server_cert
29. Passphrases are welcome
30. Click save
31. Click general
32. Check ssl listen port enabled
33. Enter port not being used
34. Optional uncheck "listen port enabled" to force ssl only communications
35. Click save
36. Click "activate changes"
Restart application
36. Click server
37. Click control
38. Check target server
39. Click >shutdown >force shutdown now
40. Verify server is not running
41. Restart server
Verify SSL is now working
42. login to app using https://...