Recently, due to work, you need to build a server locally, then use C as a client to interact with the server with the server in the HTTPS protocol. I have been engaged in C development, is not familiar with J2EE, WebLogic and other related content, so the content of server configuration is completely on the Internet. I checked a lot of relevant information on the Internet. I finally tossed for a long time. In order to let the newcomers like me no longer toss, write this article, I hope to help everyone.
1, install WebLogic81
There are many related documents online.
2, configure CA, use the tool KeyTool (JDK self-contained), first establish a directory C: / Getca on the C: / Getca. Run CMD and go to this directory
a, generate Custom Identity KeyStore and CA request
*********************************************************** ********************
Use the command:
KeyTool -Genkey -Alaias Cik -Keyalg Rsa-Keysize 512-KeyStore Cik.jks
Enter information according to the prompt (Figure)
The password includes StorePassword and KeyPassword, I have the same consistent at this time in the c: / getca directory, new file cik.jks *********************************** ************************************************************************ Urban Command: KeyTool -certreq -alias cik -sigalg "md5withrsa" -file careq.peyPass weblogic-readystore cik.jks -storepass WebLogic Display Picture: At this point, in the C: / Getca directory, new file Careq.pembl is added, and the digital certificate is applied. Since I have testing, I applied for a trial certificate) Entering VeriSign.com à free ssl trial certificate à enrollment finally entered the following page, copy the contents of the Careq.pem file to the web page, next to the end
c. Enter the mailbox that I have filled in the B step, open the mail returned by VeriSign, wait until it is not received.
The email content includes:
Enter this connection http://www.verisign.com/server/trial/faq/index.html Download the root CA, save to C: / getca, name ROOTCA.CER. At the bottom of the message: Save the selected content to text, save the CA content to CA content to CASTOM TRUST KeyStore Keytool -Import -Alias Rootca -TrustCacerts -file rootca.cer -keystore ciktrust.jks -storePass WebLogic The password is set to WebLogic, you can change E, import Certificate Info to Custom Identity KeyStore @@@: You must import the root certificate into% java_home / jre / lib / security / cacerts before importing, otherwise it will appear
*********************************************************** ***************** Import to Cacerts: KeyTool-Import -V -Alaias "cms-ca" -file rootca.cer-readystore% java_home% / jre / lib / security / cacerts JAVA_HOME environment variable for WLS, for example, c: / bea / jdk141_05 introduced Custom Identity Keystorekeytool -import -trustcacerts -alias cik -file certificate.pem -keypass weblogic -keystore cik.jks -storepass weblogic
At this point, we c: / getca / own files
Cik.jks
Rootca.cer
Careq.pem
Ciktrust.jks
CERTIFICATE.PEM
The ultimately need to use two JKS files (Custom Trust KeyStore)
Copy the above file to your own Domain's directory, for example: C: / bea / user_projects / domains / mydomain
3, configure SSL in WLS
Enter the WLS Configuration Interface, select General à SSL Listen Port Enabled à input port number in the Server configuration page
Click [Change]
The KeyStore configuration screen appears, as in the figure
Choose KeyStore & Ssl à KeyStore Configuration à identity:
Custom Identity KeyStore: Enter:
Cik.jks (including full path: c: /bea/user_projects/domains/mydomain/cik.jks)
Passphrase Enter the corresponding password: WebLogic (the password that starts settings)
TYPE: JKS
Choose KeyStore & Ssl à KeyStore Configuration à trust:
Enter: Custom Trust KeyStore:
CikTrust.jks (including full path: c: /bea/user_projects/domains/mydomain/ciktrust.jks)
Passphrase Enter the corresponding password: WebLogic (the password that starts settings)
TYPE: JKS
Configure SSL, where the password is KeyPass (see the starterTool)
Click Finish.
Finally, restart WebLogic, enter the page https://127.0.0.1:7002/, you can use a new certificate. If you want to make a message, please let it indicate: super_lipf@yahoo.com.cn
