Friday, 26 October 2018

Configuring SSL in JCS/SOAcs Server with PFX certificate file

PFX file is the file generated by windows ISS which contains certificate and private key of the certificate. The steps to apply this certificate on java cloud service or soa cloud service are described below.
  1. Export the certificate with its private key from IIS as .pfx file.
  2. Move the .pfx file to the bin folder of keytool in oracle soacs VM
    • Connect to VM through winscp and move the file using opc user.
    • Connect to the VM through putty and change the permissions (chmod) and change owner (chown).
    • Move the file to /u01 (or some other location of your choice)
  3. Now we need to convert the .pfx file to jks. Use the below command to achieve this,
$JAVA_HOME/bin/keytool -v -importkeystore -srckeystore <<pfx_file>> -srcstoretype PKCS12 -destkeystore <<destincation_jks>> -deststoretype JKS

This will ask for destination password (you have to set new password)
Source password: Enter the password of pfx private key
  • View the content of the newly created JKS to obtain the original alias of private key

$JAVA_HOME/bin/ keytool -list -v -keystore <<jks_keystore_created_above>>
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: <<alias will be printed here>>
  • Change the original alias to a simpler alias
$JAVA_HOME/bin/keytool -keystore <<new_keystore.jsk>> -storepass <<password>> -changealias -alias <<original_alias>> -keypass <<orinial pfx password>> -destalias <<new _alias>>
  • Now the new JKS file is ready which needs to be used as weblogic identity store.
  • Login to weblogic admin console, Lock & edit.
  • Navigate to environment à servers.
  • Select admin server, click on keystores tab
  • Change the keystore to “Custom Identity and Java Trust Store”
Custom Identity Store = <<path of new JKS>>
Custom Identity Keystore Type = JKS
Custom Identity Keystore Passphrase = <<keystore password>>
Confirm Custom Identity Keystore Passphrase = << keystore password >>
  • Go to SSL tab
Private Key Alias= <<Alias that you created in step 5>>
Private Key Passphrase = <<password of private key>>
Confirm Private Key Passphrase = <<password of private key>>
  • Save & Release Configuration.
  • Restart the SSL (from Environment à Servers, control tab)
  • Repeat the above five steps for each managed server.
  • Restart the SSL of each server. Now you can access your server/apps over https.
Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)