WebLogic配置自定义密钥库和SSL的操作手册

(定制标识和定制信任&Keytool&TLS1.0)

1、启用SSL端口

保存,重启受管Server

IE浏览器访问

谷歌浏览器访问

2、查看密钥库和SSL配置

密钥库

SSL

3、手动制作identity.jks和trust.jks

新建jks目录

[[email protected] ~]$ mkdir jksHL

[[email protected] ~]$ cd jksHL/

生成标识identity.jks密钥库

如下标黄色背景部分的说明:

weblogicHL为“SSL—私有密钥别名”;

keypass123为“SSL—私有密钥密码短语”;

storepass123为“密钥—标识(identity)—定制标识密钥库密码短语”;

storepass123为“密钥库—信任(trust)—定制标识密钥库密码短语”;

3650为自定义证书的有效期,单位为天;

[[email protected] jksHL]$ keytool -genkey -alias
weblogicHL -keyalg RSA -keypass keypass123 -keystoreidentity.jks -storepass
storepass123-validity
3650

What is your first and last name?

[Unknown]:  HaiLang

What is the name of your organizationalunit?

[Unknown]:  GZCSS

What is the name of your organization?

[Unknown]:  GZCSS

What is the name of your City or Locality?

[Unknown]:  GZ

What is the name of your State or Province?

[Unknown]:  GD

What is the two-letter country code forthis unit?

[Unknown]:  CN

Is CN=HaiLang, OU=GZCSS, O=GZCSS, L=GZ,ST=GD, C=CN correct?

[no]:  yes

导出公钥证书的cer文件

[[email protected] jksHL]$ keytool -export -alias
weblogicHL -file root.cer -keystore identity.jks

Enter keystore password:  storepass123

Certificate stored in file <root.cer>

生成信任trust.jks密钥库

将上一步生成的root.cer公钥证书导入并生成trust.jks密钥库

[[email protected] jksHL]$ keytool -import -alias
weblogicHL -trustcacerts -file root.cer -keystoretrust.jks

Enter keystore password:  storepass123

Re-enter new password:  storepass123

Owner: CN=HaiLang, OU=GZCSS, O=GZCSS, L=GZ,ST=GD, C=CN

Issuer: CN=HaiLang, OU=GZCSS, O=GZCSS,L=GZ, ST=GD, C=CN

Serial number: 559a5ac9

Valid from: Mon Jul 06 18:39:05 HKT 2015until: Thu Jul 03 18:39:05 HKT 2025

Certificate fingerprints:

MD5: 04:F2:4F:97:5B:8B:32:23:AB:69:D0:6A:42:1D:C7:77

SHA1:A0:B3:6F:90:08:0D:6B:55:6F:A6:13:C6:3B:C0:F4:CE:E1:B5:72:F9

Signature algorithm name: SHA1withRSA

Version: 3

Trust this certificate? [no]:  yes

Certificate was added to keystore

至此identity.jks和trust.jks制作完成!

4、在Console配置新的密钥库和SSL

修改默认的Demo密钥库

“密钥库—更改”

选择“定制标识和定制信任”—“保存”

填写密钥库的配置

定制标识密钥库:/home/weblogic/jksHL/identity.jks

定制信任密钥库:/home/weblogic/jksHL/trust.jks

定制标识/信任密钥类型:jks

点击“保存”,设置完成。

SSL的配置

私有密钥别名:weblogicHL

私有密钥密码短语:keypass123

点击“保存”;重启Server,密钥库和SSL配置完成!

5、浏览器验证

Server启动日志

[[email protected] bin]$./startManagedWebLogic.sh appSrv02 http://Weblogic201:7001

.

.

JAVA Memory arguments: -Xms1024m -Xmx1024m-XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m

.

WLS Start Mode=Development

.

CLASSPATH=/home/weblogic/Oracle/Middleware/patch_wls1035/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/weblogic/Oracle/Middleware/patch_ocp360/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/weblogic/jdk1.6.0_45/lib/tools.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/home/weblogic/Oracle/Middleware/modules/features/weblogic.server.modules_10.3.5.0.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/home/weblogic/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/home/weblogic/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/xqrl.jar:.:/home/weblogic/jdk1.6.0_45$/lib:/home/weblogic/jdk1.6.0_45$/lib/tools.jar

.

PATH=/home/weblogic/Oracle/Middleware/wlserver_10.3/server/bin:/home/weblogic/Oracle/Middleware/modules/org.apache.ant_1.7.1/bin:/home/weblogic/jdk1.6.0_45/jre/bin:/home/weblogic/jdk1.6.0_45/bin:/home/weblogic/jdk1.6.0_45/bin:/home/weblogic/jdk1.6.0_45/jre/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/weblogic/bin

.

***************************************************

*  Tostart WebLogic Server, use a username and  *

* password assigned to an admin-level user.  For *

* server administration, use the WebLogic Server *

* console at http://hostname:port/console        *

***************************************************

starting weblogic with Java version:

java version "1.6.0_45"

Java(TM) SE Runtime Environment (build1.6.0_45-b06)

Java HotSpot(TM) 64-Bit Server VM (build20.45-b01, mixed mode)

Starting WLS with line:

/home/weblogic/jdk1.6.0_45/bin/java-client   -Xms1024m -Xmx1024m-XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m -Dweblogic.Name=appSrv02-Djava.security.policy=/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.policy-Dweblogic.security.SSL.trustedCAKeyStore=/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/cacerts 
-Xverify:none -da -Dplatform.home=/home/weblogic/Oracle/Middleware/wlserver_10.3-Dwls.home=/home/weblogic/Oracle/Middleware/wlserver_10.3/server-Dweblogic.home=/home/weblogic/Oracle/Middleware/wlserver_10.3/server   -Dweblogic.management.discover=false -Dweblogic.management.server=http://Weblogic201:7001 
-Dwlw.iterativeDev=false-Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false-Dweblogic.ext.dirs=/home/weblogic/Oracle/Middleware/patch_wls1035/profiles/default/sysext_manifest_classpath:/home/weblogic/Oracle/Middleware/patch_ocp360/profiles/default/sysext_manifest_classpath 
weblogic.Server

<Jul 6, 2015 7:20:17 PM HKT><Info> <Security> <BEA-090905> <Disabling CryptoJ JCEProvider self-integrity check for better startup performance. To enable thischeck, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>

<Jul 6, 2015 7:20:18 PM HKT><Info> <Security> <BEA-090906> <Changing the defaultRandom Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disablethis change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>

<Jul 6, 2015 7:20:18 PM HKT><Info> <WebLogicServer> <BEA-000377> <Starting WebLogicServer with Java HotSpot(TM) 64-Bit Server VM Version 20.45-b01 from SunMicrosystems Inc.>

<Jul 6, 2015 7:20:19 PM HKT><Info> <Security> <BEA-090065> <Getting boot identity fromuser.>

Enter username to boot WebLogicserver:weblogic

Enter password to boot WebLogic server:

<Jul 6, 2015 7:20:24 PM HKT><Info> <Management> <BEA-141107> <Version: WebLogic Server10.3.5.0.7 PSU Patch for BUG16088411 Mon Apr 01 15:13:52 IST 2013

WebLogic Server 10.3.5.0  Fri Apr 1 20:20:06 PDT 2011 1398638 >

<Jul 6, 2015 7:20:26 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to STARTING>

<Jul 6, 2015 7:20:26 PM HKT><Info> <WorkManager> <BEA-002900> <Initializingself-tuning thread pool>

<Jul 6, 2015 7:20:26 PM HKT><Notice> <LoggingService> <BEA-320400> <The log file/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/appSrv02.logwill be rotated. Reopen the log file if tailing has stopped. This can happen
onsome platforms like Windows.>

<Jul 6, 2015 7:20:26 PM HKT><Notice> <LoggingService> <BEA-320401> <The log file hasbeen rotated to/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/appSrv02.log00018.Log messages will continue to be logged in/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/appSrv02.log.>

<Jul 6, 2015 7:20:26 PM HKT><Notice> <Log Management> <BEA-170019> <The server log file/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/appSrv02.logis opened. All server side log events will be written to this file.>

<Jul 6, 2015 7:20:29 PM HKT><Notice> <Security> <BEA-090082> <Security initializingusing security realm myrealm.>

<Jul 6, 2015 7:20:30 PM HKT><Notice> <LoggingService> <BEA-320400> <The log file/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/access.logwill be rotated. Reopen the log file if tailing has stopped. This can happen onsome
platforms like Windows.>

<Jul 6, 2015 7:20:30 PM HKT><Notice> <LoggingService> <BEA-320401> <The log file hasbeen rotated to/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/access.log00012.Log messages will continue to be logged in/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/access.log.>

<Jul 6, 2015 7:20:31 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to STANDBY>

<Jul 6, 2015 7:20:31 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to STARTING>

<Jul 6, 2015 7:20:33 PM HKT><Notice> <Log Management> <BEA-170027> <The Server hasestablished connection with the Domain level Diagnostic Servicesuccessfully.>

<Jul 6, 2015 7:20:33 PM HKT><Notice> <Cluster> <BEA-000197> <Listening forannouncements from cluster using unicast cluster messaging>

<Jul 6, 2015 7:20:33 PM HKT><Notice> <Cluster> <BEA-000133> <Waiting to synchronizewith other running members of Cluster1.>

<Jul 6, 2015 7:20:46 PM HKT><Notice> <Cluster> <BEA-000142> <Trying to downloadcluster JNDI tree from server appSrv04.>

<Jul 6, 2015 7:20:46 PM HKT><Notice> <Cluster> <BEA-000164> <Synchronized cluster JNDItree from server appSrv04.>

<Jul 6, 2015 7:20:46 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to ADMIN>

<Jul 6, 2015 7:20:46 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to RESUMING>

<Jul 6, 2015 7:20:46 PM HKT><Notice> <Cluster> <BEA-000162> <Starting"async" replication service with remote cluster address"150.18.23.201:8001,150.18.23.201:8002,150.18.23.202:8001,150.18.23.202:8002">

<Jul 6, 2015 7:20:47PM HKT> <Notice> <Security> <BEA-090171> <Loading theidentity certificate and private key stored under the alias weblogicHL from thejks keystore file /home/weblogic/jksHL/identity.jks.>

<Jul 6, 2015 7:20:47PM HKT> <Notice> <Security> <BEA-090169> <Loadingtrusted certificates from the jks keystore file /home/weblogic/jksHL/trust.jks.>

<Jul 6, 2015 7:20:47 PM HKT><Notice> <Server> <BEA-002613> <Channel"DefaultSecure" is now listening on 150.18.23.201:8012 for protocolsiiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>

<Jul 6, 2015 7:20:47 PM HKT><Notice> <Server> <BEA-002613> <Channel"Default" is now listening on 150.18.23.201:8002 for protocols iiop,t3, CLUSTER-BROADCAST, ldap, snmp, http.>

<Jul 6, 2015 7:20:47 PM HKT><Notice> <WebLogicServer> <BEA-000332> <Started WebLogicManaged Server "appSrv02" for domain "myDomain" running inDevelopment Mode>

<Jul 6, 2015 7:20:48 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to RUNNING>

<Jul 6, 2015 7:20:48 PM HKT><Notice> <WebLogicServer> <BEA-000360> <Server started inRUNNING mode>

说明自定义的密钥库加载成功!

IE浏览器访问

继续浏览此网站,访问成功!

查看证书信息

从有效期和证书颁发者信息可知,该证书正是我们之前制作的:

What is your first and last name?

[Unknown]:  HaiLang

What is the name of your organizationalunit?

[Unknown]:  GZCSS

What is the name of your organization?

[Unknown]:  GZCSS

What is the name of your City or Locality?

[Unknown]:  GZ

What is the name of your State or Province?

[Unknown]:  GD

What is the two-letter country code forthis unit?

[Unknown]:  CN

Is CN=HaiLang, OU=GZCSS, O=GZCSS, L=GZ,ST=GD, C=CN correct?

谷歌浏览器访问

同样会提示证书不安全

继续前往

查看证书信息

至此,配置自定义密钥库和SSL的操作已完成!

---------------------------------------------------------------------------------------------------------------------------------

12306的SSL证书加密技术:

版权声明:本文为博主原创文章,未经博主允许不得转载。

时间: 2024-10-07 14:59:26

WebLogic配置自定义密钥库和SSL的操作手册的相关文章

WebLogic配置自己定义密钥库和SSL的操作手冊

(定制标识和定制信任&Keytool&TLS1.0) 1.启用SSLport 保存.重新启动受管Server IE浏览器訪问 谷歌浏览器訪问 2.查看密钥库和SSL配置 密钥库 SSL 3.手动制作identity.jks和trust.jks 新建jks文件夹 [[email protected] ~]$ mkdir jksHL [[email protected] ~]$ cd jksHL/ 生成标识identity.jks密钥库 例如以下标黄色背景部分的说明: weblogicHL为&

solr添加中文IK分词器,以及配置自定义词库

Solr是一个基于Lucene的Java搜索引擎服务器.Solr 提供了层面搜索.命中醒目显示并且支持多种输出格式(包括 XML/XSLT 和 JSON 格式).它易于安装和配置,而且附带了一个基于HTTP 的管理界面.Solr已经在众多大型的网站中使用,较为成熟和稳定.Solr 包装并扩展了Lucene,所以Solr的基本上沿用了Lucene的相关术语.更重要的是,Solr 创建的索引与 Lucene搜索引擎库完全兼容.通过对Solr 进行适当的配置,某些情况下可能需要进行编码,Solr 可以

30.IK分词器配置文件讲解以及自定义词库

主要知识点: 知道IK默认的配置文件信息 自定义词库 一.ik配置文件 ik配置文件地址:es/plugins/ik/config目录 IKAnalyzer.cfg.xml:用来配置自定义词库 main.dic:ik原生内置的中文词库,总共有27万多条,只要是这些单词,都会被分在一起 quantifier.dic:放了一些单位相关的词 suffix.dic:放了一些后缀 surname.dic:中国的姓氏 stopword.dic:英文停用词 ik原生最重要的两个配置文件 main.dic:包含

JavaSE--【转】网络安全之证书、密钥、密钥库等名词解释

转载:http://www.cnblogs.com/alanfang/p/5600449.html 那些证书相关的名词解释(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等) : http://www.360doc.com/content/15/0520/10/21412_471902987.shtmlKeystore介绍:http://blog.csdn.net/yangtao6888/article/details/796124使用CryptoAPI解析X509证

Cygwin编译自定义OpenCV库报错:opencv_contrib: LOCAL_SRC_FILES points to a missing file

今天受命帮师弟调个OpenCV4Android 识别银行卡的程序,版本为OpenCV4Android2.4.9,使用方式为前文介绍的第一种方式,即通过jni调用opencv.如杂家前文所述,配套的NDK应使用较高版本的android-ndk-r9d.它的安装很简单,解压缩后设置环境变量到Path就ok:D:\ProgramFile\android-ndk-r9d; 但遗憾的是,同样的程序同样的配置在一台PC上通过Cygwin编译一切ok.但在新的一台电脑上却出现如下错误: Android NDK

自定义标签库开发与el表达式

1.自定义标签库的开发自定义标签库主要用于移除jsp页面中的java 代码. 步骤一:编写一个实现Tag接口的类(建议继承TagSupport),把java代码一直到这个类中. package cn.soldier.tag; import java.io.IOException; import javax.servlet.jsp.JspException;import javax.servlet.jsp.tagext.TagSupport; public class viewIP extends

Eclipse配置GitHub代码库(以Windows7为例)

1.安装Git 首先安装git.这里只讲Windows环境下安装Git方法. 从Git下载git的Windows安装文件,一路Next到选择安装组件这一步: 选上Git Bash Here这一项,这样就有命令行可以用了.因为后面基本上不会用到Git自己的GUI. 文章出处:http://blog.csdn.net/twlkyao/article/details/26340685 2.在GitHub上新建项目 打开GitHub,在右上角点击"+"号,然后选择新建代码库, 然后给代码库起好

weblogic配置domain和删除domain

weblogic创建域的过程比较简单,但是在创建域之前一定要注意不能存在重名的domain. Domain简单定义为:是一个逻辑管理单元,Domain下面包含着weblogic应用服务器中的所有东西,weblogic应用服务器的启动,停止都是以domain为单位进行管理的 10.3.0.0中域的创建与11R的配置大不相同在此以3.0为例: 一.通过configuration向导创建domain: 1.启动configuration 向导 2.一路next创建域到自定义domain属性界面 3.此

网络安全之证书、密钥、密钥库等名词解释

那些证书相关的名词解释(SSL,X.509,PEM,DER,CRT,CER,KEY,CSR,P12等) : http://www.360doc.com/content/15/0520/10/21412_471902987.shtmlKeystore介绍:http://blog.csdn.net/yangtao6888/article/details/796124 SSL SSL - Secure Sockets Layer,现在应该叫"TLS",但由于习惯问题,我们还是叫"S