How to Add SSL to Weblogic

Preparation

1. Start cmd prompt as administrator

2. cd\oracle_middleware_12c\user_projects\domains\PrimaveraP6EPPM\bin

3. Run setdomainenv.cmd

4. Create keystores directory in C:\oracle_middleware_12c\user_projects\domains\PrimaveraP6EPPM

5. cd to keystores directory (your dir should be: c:\oracle_middleware_12c\user_projects\domains\PrimaveraP6EPPM\keystores)

Create Keystore

6. Run the following to generate the keystore:

keytool -genkey -alias server_cert -keyalg RSA -keysize 2048 -dname "CN=ENTERYOURDOMAINHERE,OU=Hosting,O=YOURNAMEHERE,L=YOURLOCATIONHERE,ST=YOURSTATEHERE,C=US" -keypass welcome -keystore keystore.jks -storepass welcome

Create csr

7. Run the following to create the csr

keytool -certreq -v -alias server_cert -file server.csr -keypass welcome -storepass welcome -keystore keystore.jks

Submit server.csr to SSLs.com

8. log into ssls.com and buy new PositiveSSL for any # of years

9. Submit the text of server.csr - select weblogic - all versions

10. Verify e-mail and wait for .zip file

11. Once .zip file arrives, unzip to the keystores directory on the server

Prepare the certs

12. rename all root certs as rootCA.crt, rootCA2.crt, rootCA3.crt etc

13. rename server cert as server.crt

Import the root certs

14. import the root certs 1 at a time

keytool -import -v -noprompt -trustcacerts -alias rootcacert -file rootCA.crt -keystore keystore.jks -storepass welcome

keytool -import -v -noprompt -trustcacerts -alias rootcacert2 -file rootCA2.crt -keystore keystore.jks -storepass welcome

keytool -import -v -noprompt -trustcacerts -alias rootcacert3 -file rootCA3.crt -keystore keystore.jks -storepass welcome

Import the server cert

15. keytool -import -v -alias server_cert -file server.crt -keystore keystore.jks -keypass welcome -storepass welcome

Configure weblogic

16. Login to the weblogic console (http://localhost:7001/console)

17. Lock and edit

18. >environment >servers >[select the target server]

19. >keystores

20. Change to "custom identity and custom trust"

21. Custom identity keystore: enter your dir c:\oracle_middleware_12c\user_projects\domains\PrimaveraP6EPPM\keystores

22. Custom identity keystore type: jks

23. Passphrases are welcome

24. For "trust" fields, enter the same info as above

25. Click save

26. Click ssl

27. Identity and trust locations: keystores

28. Private key alias: server_cert

29. Passphrases are welcome

30. Click save

31. Click general

32. Check ssl listen port enabled

33. Enter port not being used

34. Optional uncheck "listen port enabled" to force ssl only communications

35. Click save

36. Click "activate changes"

Restart application

36. Click server

37. Click control

38. Check target server

39. Click >shutdown >force shutdown now

40. Verify server is not running

41. Restart server

Verify SSL is now working

42. login to app using https://...

 
shadow

I just wanted to thank you again for taking the time to help out with our CM14/BI install. You did a incredible job with working out the kinks and getting it off of the ground.  I really appreciate your time and effort that you put into it!

Nathan Kittle, Alliance Engineering