Oracle SSL支持和keystore的生成

为支持SSL, 甲骨文WebLogic Server 缺省配置了如下keystores:

  • DemoIdentity.jks—Contains a demonstration private key for WebLogic Server. This keystore contains the identity for WebLogic Server.
  • DemoTrust.jks—Contains the trusted certificate authorities from the WL_HOME\server\lib\DemoTrust.jks and the JDK cacerts keystores. This keystore establishes trust for WebLogic Server.
These keystores are located in the WL_HOME\server\lib directory. For testing and development purposes, the keystore configuration is complete. However, do not use the demonstration keystores in a production environment. Because the digital certificates and trusted CA certificates in the demonstration keystores are signed by a WebLogic Server demonstration certificate authority, a WebLogic Server installation using the demonstration keystores will trust any WebLogic Server installation that also uses the demonstration keystores.

本文讲述了怎么生成 DemoIdentity.jks and DemoTrust.jks keystores的方法.

重生成 DemoIdentity.jks

  • Open a command prompt and run the following command to set environment:
<WL_HOME>\server\bin\setWLSEnv.cmd (Windows)

. <WL_HOME>/server/bin/setWLSEnv.sh (Unix) (use the 'dot' to run the script in the same shell)
  • Execute this command to generate identity entities (certificate plus key):
java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey -strength 1024
Note: This would create the files in the present working directory.
Note: Please click here to visit the CertGen product documentation to see what all arguments can be passed to it.
  • Execute this command to import the identiy entities into Java Keystore:
java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile demokey.pem -keyfilepass DemoIdentityPassPhrase -certfile democert.pem -alias demoidentity
NOTE: This would create "DemoIdentity.jks" in the present working directory.
  • Confirm that the certificate (along with key) is imported:
keytool -list -v -keystore DemoIdentity.jks
NOTE: The following files can be cleaned from the present directory as they are no longer needed:
  • democert.der
  • democert.pem
  • demokey.der
  • demokey.pem

重生成 DemoTrust.jks

  • Open a command prompt and run the following command to set environment(if not set already):
<WL_HOME>\server\bin\setWLSEnv.cmd (Windows)

. <WL_HOME>/server/bin/setWLSEnv.sh (Unix) (use the 'dot' to run the script in the same shell)
  • Execute following command to import the Demo CA into DemoTrust.jks:
keytool -importcert -trustcacerts -alias wlscertgencab -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -file <WL_HOME>\server\lib\CertGenCA.der
NOTE: This would create "DemoTrust.jks" in the present working directory if there is no file named "DemoTrust.jks" present there. However, if there is any such keystore file already present in the present directory, then it would simply import the certificate as a trusted entry into this keystore file. A path can also be prefixed to the keystore name in the command argument "-keystore" above such that the keystore is created at the specified location instead of in present working directory.

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值