Steps for implementing 2-way SSL in Weblogic 10.3
1. Run keytool -genkeypair to generate new certificate into Identity keystore
keytool -genkeypair -keyalg RSA -keystore identity.jks -alias identity -keypass password
2. Run keytool -genkeypair to generate new certificate into PKCS12 Personal keystore
keytool -genkeypair -keyalg RSA -keystore demo.p12 -storetype pkcs12 -alias demo -keypass password
3. Run keytool -exportcert to generate a Certificate from the Personal keystore
keytool -exportcert -keystore demo.p12 -storetype pkcs12 -alias demo -file demo.cer
4. Run keytool -importcert to import the newly exported Certificate into JKS trust keystore.
keytool -importcert -keyalg RSA -keystore trust.jks -alias demo -file demo.cer
5.Set up WLS to use Identity keystore identity.jks and Trust keystore trust.jks.
6. Select the keystore type as 'Custom Identity and Custom Trust' in admin console,enforce the client certificate
7. Import PKCS12 keystore to browser (IE, Firefox).
8. Test
Specifying algoithm RSA is important because, by defauly the keytool uses DSA algorithm to generate the keytores, which is not supported by weblogic
Tuesday, March 9, 2010
Subscribe to:
Posts (Atom)
