参考博客:
按照上述文章添加SSL后,仍然无法访问。
以下是我的操作步骤:(linux环境)
服务器证书安装配置指南(Weblogic)
1、openssl genrsa -out ca-key.pem 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
.....++++++
........................................++++++
e is 65537 (0x10001)
2、openssl req -new -out ca-req.csr -key ca-key.pem -config /etc/pki/tls/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:HD
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CAROOT
Organizational Unit Name (eg, section) []:CA
Common Name (eg, YOUR name) []:Trigl
Email Address []://直接回车,不配置
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []://直接回车,不配置
An optional company name []://直接回车,不配置
3、openssl x509 -req -in ca-req.csr -out ca-cert.pem -signkey ca-key.pem -days 3650
Loading 'screen' into random state - done
Signature ok
subject=/C=CN/ST=BJ/L=HD/O=CAROOT/OU=CA/CN=Trigl
Getting Private key
4、keytool -genkey -alias sso -validity 365 -keyalg RSA -keysize 1024 -keypass 123456 -storepass 123456 -keystore sso.jks
您的名字与姓氏是什么?
[Unknown]: Trigl
您的组织单位名称是什么?
[Unknown]: CAROOT
您的组织名称是什么?
[Unknown]: CA
您所在的城市或区域名称是什么?
[Unknown]: HD
您所在的州或省份名称是什么?
[Unknown]: BJ
该单位的两字母国家代码是什么
[Unknown]: CN
CN=Trigl, OU=CAROOT, O=CA, L=HD, ST=BJ, C=CN 正确吗?
[否]: y
5、keytool -certreq -alias sso -sigalg MD5withRSA -file sso.csr -keypass 123456 -keystore sso.jks -storepass 123456
6、openssl x509 -req -in sso.csr -out sso.pem -CA ca-cert.pem -CAkey ca-key.pem -days 3650 -set_serial 1
Loading 'screen' into random state - done
Signature ok
subject=/C=CN/ST=BJ/L=HD/O=CA/OU=CAROOT/CN=Trigl
Getting CA Private Key
7、keytool -import -v -trustcacerts -keypass 123456 -storepass 123456 -alias root -file ca-cert.pem -keystore sso.jks
所有者:CN=Trigl, OU=CA, O=CAROOT, L=HD, ST=BJ, C=CN
签发人:CN=Trigl, OU=CA, O=CAROOT, L=HD, ST=BJ, C=CN
序列号:9b6ef80677f56488
有效期: Tue Nov 03 16:27:12 CST 2015 至Fri Oct 31 16:27:12 CST 2025
证书指纹:
MD5:33:83:B9:67:2C:B9:C7:5A:1A:0B:2D:CB:87:03:06:0B
SHA1:3C:47:DE:9F:5A:A3:93:93:AD:7A:F0:93:99:25:B0:5F:D2:EC:3A:A9
签名算法名称:MD5withRSA
版本: 1
信任这个认证? [否]: y
认证已添加至keystore中
[正在存储 sso.jks]
8、keytool -import -v -trustcacerts -storepass 123456 -alias sso -file sso.pem -keystore sso.jks
认证已添加至keystore中
[正在存储 sso.jks]
9、keytool -import -alias sso-ca -trustcacerts -file ca-cert.pem -keystore ssotrust.jks
输入keystore密码:
再次输入新密码:
所有者:CN=Trigl, OU=CA, O=CAROOT, L=HD, ST=BJ, C=CN
签发人:CN=Trigl, OU=CA, O=CAROOT, L=HD, ST=BJ, C=CN
序列号:9b6ef80677f56488
有效期: Tue Nov 03 16:27:12 CST 2015 至Fri Oct 31 16:27:12 CST 2025
证书指纹:
MD5:33:83:B9:67:2C:B9:C7:5A:1A:0B:2D:CB:87:03:06:0B
SHA1:3C:47:DE:9F:5A:A3:93:93:AD:7A:F0:93:99:25:B0:5F:D2:EC:3A:A9
签名算法名称:MD5withRSA
版本: 1
信任这个认证? [否]: y
认证已添加至keystore中
vi /root/Oracle/Middleware/user_projects/domains/uipmp_domain/startWebLogic.sh
-Dweblogic.security.SSL.ignoreHostnameVerification=true
可能原因源代码不能兼容weblogic中的jar,设置-DUseSunHttpHandler=true (startWeblogic.sh正设置)
如果还不行,尝试设置如下参数:
-Dweblogic.security.SSL.allowSmallRSAExponent=true
-Dweblogic.security.SSL.enforceConstraints=off
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.StdoutDebugEnabled=true -Dssl.debug
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dssl.SocketFactory.provider=weblogic.security.SSL.SSLSocketFactory
-Dweblogic.webservice.client.ssl.strictcertchecking=false
但现在只有IE浏览器可以访问,火狐与谷歌都无法访问 。