keystore weblogic.jks certreq.pem CA server.cer

\\\\\\\\\\\\ 2005 6 17 Windows 2000 Server WebLogic server 8.1 SP2 JDK1.4.2; IE 5.0 WebLogic8.1 www.cnca.net Guangdong Electronic Certification Authority

1...4 2...5 3...5 3.1...5 3.2 keystore weblogic.jks...5 3.3 certreq.pem...6 3.4 CA...6 3.4.1 www.cnca.net...6 4 server.cer...8 5...8 6...9 6.1 4 5 3.2... 10 6.2 weblogic.jks... 10 6.3 server.cer weblogic.jks... 10 6.4 weblogic.jks... 11 6.5 weblogic cacerts... 11 6.6 cacerts... 12 6.7 weblogic.jks weblogictrust.jks... 13 6.8... 13 7 weblogic SSL... 14 7.1 myserver weblogic... 14 7.2 SSL Listen Port Enabled... 14 7.3 Keystores & SSL... 15 7.4 "change" custom Truest... 15 7.5 keystores&ssl... 16 2005-6-17 1

8 SSL... 20 9... 20 9.1... 20 9.2... 22 9.3... 23 9.4... 24 9.5... 25 9.6 9.5 weblogic... 29 9.7 weblogictrust.jks... 29 9.8 weblogictrust.jks... 29 9.9 weblogic... 29 9.10... 32 9.11... 33 10... 34 1 keystore DName...6 2...8 3...8 4 p7b...9 5 1...9 6 2...9 7 myserer weblogic... 14 8 SSL Listen Port Enabled... 15 9 keystores&ssl... 15 10 CHANGE keystores... 15 11 keystores&ssl... 18 2005-6-17 2

12private key alias... 18 13SSL... 20 14... 22 15 1... 22 16 2... 23 17 3... 23 18... 24 19... 24 20... 25 21 NETCA Test Individual CA 1... 26 22 NETCA Test Individual CA 2... 27 23NETCA Test Individual CA 3... 28 24 Base64... 29 25weblogic 1... 30 26weblogic 2 advanced Option Show... 30 27 weblogic 3... 31 28 weblogic 4 Change... 32 29 weblogic 5... 32 30... 33 31... 34 32... 34 2005-6-17 3

1 Digital Certificate Digital ID Internet Internet SSL WEB SSL WebLogic8.1 WEB 2005-6-17 4

2 Windows2000 WebLogic8.1 server 8.1 sp2 IE5.5,JDK1.4.2 JDK1.4.* http://www.cnca.net ( http://testca.netca.net ) WebLogic8.1 3 WebLogic8.1 JDK 3.1 -> cmd DOS 3.2 keystore weblogic.jks keystore keytool -genkey -alias weblogic -keyalg RSA -keysize 512 -dname "CN=192.168.0.32,OU=,O=,L= 138 7-8,S=Guangdong,C=CN" -keypass 123456 -keystore./weblogic.jks -storepass 123456 1 -keysize 1024 weblogic8.1 license 512. 2 DN E keytool java.io.ioexception: Invalid keyword "E" 3) c:> keytool, C:\bea\jrockit81sp2_141_05\jre\bin> keytool.exe 4 DName DN CN IP 2005-6-17 5

OU O L S C CN 1 keystore DName 3.3 certreq.pem certreq.pem keytool -certreq -alias weblogic -sigalg "MD5withRSA" -file./certreq.pem -keypass 123456 -keystore./weblogic.jks -storepass 123456 3.4 CA 3.4.1 www.cnca.net www.cnca.net 3.3 certreq.pem 3.3 certreq.pem CTRL + A 2005-6-17 6

2005-6-17 7

2 4 server.cer RA 1 server.cer 3 5 p7b weblogic 1) ServerRoot.p7b 2) ServerRoot.p7b NETCA Test Root TESTROOT.cer Base64 X.509.cer NETCA Test Server CA TESTCA.cer 2005-6-17 8

4 p7b 5 1 6 2 6 C:\bea\jrockit81sp2_141_05\jre\bin> 2005-6-17 9

6.1 4 5 3.2 3.2 keystore weblogic.jks C:\bea\jrockit81sp2_141_05\jre\bin; 4 server.cer 5 TESTROOT.cer TESTCA.cer C:\bea\jrockit81sp2_141_05\jre\bin TESTROOT.cer TESTCA.cer weblogic.jks weblogic 6.2 weblogic.jks 5 TESTROOT.cer TESTCA.cer weblogic.jks ; p7b weblogic.jks. TESTROOT.cer weblogic.jks keytool -import -alias testroot -trustcacerts -file./testroot.cer -keystore./weblogic.jks -storepass 123456 Owner: CN=NETCA Test Root, O=NETCA Test Certificate Authority, C=CN CN=NETCA Test Root, O=NETCA Test Certificate Authority, C=CN 1 Tue May 08 08:00:00 CST 2001 Thu May 08 08:00:00 CST 2031 MD5 CC:22:5F:FE:62:EF:92:D3:5C:2F:0F:85:48:94:71:49 SHA1 05:94:68:E9:E1:7E:EE:00:71:99:A9:D6:CC:09:90:D7:71:24:A7:FE [ ] y keystore TESTCA.cer weblogic.jks keytool -import -trustcacerts -alias TESTCA -file./testca.cer -keypass 123456 -keystore./weblogic.jks -storepass 123456 keystore 6.3 server.cer weblogic.jks keytool -import -trustcacerts -alias WebLogic -file./server.cer -keypass 123456 2005-6-17 10

-keystore./weblogic.jks -storepass 123456 keystore 6.4 weblogic.jks keytool -list -v -keystore./weblogic.jks -storepass 123456 Keystore jks Keystore SUN keystore 3 testroot 2005-5-17 trustedcertentry Owner: EMAILADDRESS=wurong@cnca.net, CN=192.168.0.32, L= 138 7-8, ST=Guangdong, C=CN CN=NETCA Test Server CA, OU=Test Server CA, O=NETCA Test Certificate Au thority, C=CN 1d6b Tue May 17 11:35:50 CST 2005 Mon Aug 15 11:35:50 CST 2005 MD5 6B:D6:66:D7:6D:F4:90:52:63:C1:BE:E0:B3:97:3B:6F SHA1 0A:52:BC:90:A0:B2:52:0F:41:72:1F:DD:9F:49:6C:EE:53:ED:3F:E8 6.5 weblogic cacerts weblogic cacerts cacerts keytool -genkey -keystore "cacerts" -storepass 123456 -keyalg RSA 2005-6-17 11

[Unknown] [Unknown] [Unknown] [Unknown] [Unknown] [Unknown] CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown [ ] [Unknown] [Unknown] [Unknown] [Unknown] [Unknown] CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown [ ] y <mykey> keystore 6.6 cacerts 5 TESTROOT.cer TESTCA.cer cacerts ; p7b cacerts. TESTCA.cer cacerts keytool -import -alias rootca -trustcacerts -file./testca.cer -keystore./cacerts -storepass 123456 2005-6-17 12

Owner: CN=NETCA Test Server CA, OU=Test Server CA, O=NETCA Test Certificate Au ority, C=CN CN=NETCA Test Root, O=NETCA Test Certificate Authority, C=CN 3 Fri May 18 08:00:00 CST 2001 Mon May 18 08:00:00 CST 2026 MD5 D1:B5:ED:4B:86:CC:36:70:A3:F6:62:5E:50:70:75:AE SHA1 F0:6E:CE:66:03:0A:A3:17:9F:9C:57:74:07:B7:DB:B2:EA:1E:57:FA [ ] y keystore TESTROOT.cer cacerts keytool -import -alias rootroot -trustcacerts -file./testroot.cer -keystore./cacerts -storepass 123456 Owner: CN=NETCA Test Root, O=NETCA Test Certificate Authority, C=CN CN=NETCA Test Root, O=NETCA Test Certificate Authority, C=CN 1 Tue May 08 08:00:00 CST 2001 Thu May 08 08:00:00 CST 2031 MD5 CC:22:5F:FE:62:EF:92:D3:5C:2F:0F:85:48:94:71:49 SHA1 05:94:68:E9:E1:7E:EE:00:71:99:A9:D6:CC:09:90:D7:71:24:A7:FE [ ] y keystore cacerts keytool -list -v -keystore./weblogic.jks -storepass 123456 6.7 weblogic.jks weblogictrust.jks weblogic.jks weblogictrust.jks 6.8 weblogic.jks weblogictrust.jks cacerts C:\bea\weblogic81\jks weblogic81 weblogic jks weblogic SSL 2005-6-17 13

7 weblogic SSL 7.1 myserver weblogic http://192.168.0.32:7001/console (URL URL ) myserver 7 myserer weblogic 7.2 SSL Listen Port Enabled 2005-6-17 14

8 SSL Listen Port Enabled 7.3 Keystores & SSL Keystores & SSL 9 keystores&ssl 7.4 "change" custom Truest 10 CHANGE keystores 2005-6-17 15

7.5 keystores&ssl Custom Identity Keystore: 6.8 2005-6-17 16

2005-6-17 17

11 keystores&ssl Custom Identity Custom Identity Key Store File Name C:\bea\weblogic81\jks\weblogic.jks Custom Identity Key Store Type jks Custom Identity Key Store Pass Phrase 123456 Confirm Custom Identity Key Store Pass Phrase:123456 Custom Trust Custom Trust Keystore C:\bea\weblogic81\jks\weblogictrust.jks Custom Identity Key Store Type jks Custom Identity Key Store Passphrase 123456 Confirm Custom Trust Key Store Pass Phrase:123456 "continue" Private Key Alias: weblogic 12private key alias 2005-6-17 18

Passphrase: 123456 Confirm Passphrase:123456 2005-6-17 19

8 SSL SSL https Web IE weblogic 13SSL IE URL https:// IP 9 9.1 9.1 9.5 www.cnca.net weblogic8.1

2005-6-17 21

14 9.2 RA 1 15 1 2005-6-17 22

16 2 17 3 9.3 www.cnca.net 2005-6-17 23

18 9.4 19 2005-6-17 24

20 9.5 9.3 19, 9.2 NETCA Test Root NETCA Test Individual CA Base64 X.509.cer NETCA Test Individual CA TestIndividual.cer NETCA Test Individual CA 2005-6-17 25

21 NETCA Test Individual CA 1 2005-6-17 26

22 NETCA Test Individual CA 2 2005-6-17 27

23NETCA Test Individual CA 3 NETCA Test Individual CA 2005-6-17 28

24 Base64 NETCA Test Individual CA TestIndividual.cer 1 Base64 X.509.cer 2 9.6 9.5 weblogic NETCA Test Individual Ca NETCA Test Individual Root weblogic NETCA Test Individual Root TestIndividual.cer weblogic TestIndividual.cer C:\bea\jrockit81sp2_141_05\jre\bin> 3.2 keystore weblogic.jks 9.7 weblogictrust.jks weblogic 9,.5 weblogictrust.jks, TestIndividual.cer weblogictrust.jks keytool -import -alias rootindividual -trustcacerts -file./testindividual.cer -keystore./weblogictrust.jks -storepass 123456 keystore 9.8 weblogictrust.jks weblogictrust..jks C:\bea\weblogic81\jks( 6.8 weblogic ) weblogictrust.jks weblogic 9.9 weblogic weblogic Keystores & SSL, 2005-6-17 29

http:// :7001/console 25weblogic 1 Keystores & SSL Advanced Options SHOW 26weblogic 2 advanced Option Show SHOW Server Attributes 2005-6-17 30

27 weblogic 3 Two Way Client Cert Behavior Client Certs Requested But Not Enforced Clent Certs Requested And Enforced Clent Certs Requested And Enforced Change 2005-6-17 31

28 weblogic 4 Change 29 weblogic 5 9.10 WebLogic 2005-6-17 32

30 9.11 URL https:// 2005-6-17 33

31 32 URL https:// 10 2005-6-17 34