Vous êtes sur la page 1sur 8

Configuring SSL and Keystores

Many applications need the security of communicating over the secure sockets layer
(SSL).
This provides secure communications between the server and the client, or between two
servers. Your company has decided to configure SSL for ensuring secure
communications
between a server and the client.
In this lab, you configure SSL and the keystores for the MedRecSv1 managed server in
MedRecDomain.
In this practice, you perform the following tasks:
Using keytool to generate an identity keystore that contains a private key and a
selfsigned
public certificate
Configuring keystores in the Administration Console
Configuring SSL for a managed server

Configuring Keystores
1. Using the Java keytool utility, create a key and copy the key to your domain folder.
a. In your gnome terminal session, ensure that JAVA_HOME and the related
environment
variables have been set. (If they have not been set, run the setWLSEnv.sh script.)

b. Navigate to the Lab20 subfolder under the /home/oracle/wls-sysadm/labs


folder. Then run the keytool command as follows (all in one line). You can use the
genkey.sh script in this folder for convenience.

c. Copy the key file you generated to your domain folder.

d. Generate a Certificate Signing Request (CSR) using the key you have created. (You
can use certreq.sh instead of entering the keytool command.)

e. Copy the CSR you generated to your domain folder.

These copy steps are because you are more likely to back up your /domains (in the
next lab) than you would be to back up the /labs directory. Nothing on the local server
uses this CSR .pem file. In a real shop, this .pem would be forwarded to your CA.
f. In the Administration Console, navigate to MedRecDomain > Environment > Servers >
MedRecSvr1 > Configuration > Keystores. In Change Center, click Lock & Edit.
g. On the Keystores page, specify the following properties and click Save.

2. Configure MedRec Svr1 with SSL. Verify accessing the timeoff application by
using
HTTPS.
a. In the Administration Console, navigate to MedRecDomain > Environment > Servers >
MedRecSvr1 > Configuration > SSL.
b. On the SSL page, specify the following properties and click Save.
Identity and Trust Locations: Keystores
Private Key Alias: MRkey
Private Key Passphrase: MRkeypass
c. Navigate to MRDomain > Environment > Servers > MedRecSvr1 > Configuration >
General.
d. Select the check box next to SSL Listen Port Enabled and set the SSL Listen Port as
7022. Then click Save.
e. Click Activate Changes. Then stop the MedRecSvr1 server.
f. Start the MedRecSvr1 server using the desktop icon or the script.
g. In another browser window or tab, access the URL: https://wls-sysadm:7022/timeoff.
(dont forget: httpS). You may receive an error or warning.

h. Click the link to add an exception and click Add Exception (different Web browsers do
this dialog slightly differently):

i.

Then click Get Certificate to add the server certificate to your browser.

j. Click Confirm Security Exception. In this box, you can also make this exception
permanent by selecting the Permanently store this exception check box.

k. Now, you can access the application on MedRecSvr1.

Configure Kestore

Configure SSL for an Oracle Weblogic Server

Vous aimerez peut-être aussi