MRKAVANA (mrkavana@gmail.com) - www.facebook.com/kavanathai

Jul 22, 2011

Create CA's Private key for Weblogic

How to create a new DemoIdentity.jks : 

When you somehow need to create a new DemoIdentity.jks file for WebLogic, i.e. when the machine name has changed, follow the next steps. 
The next functionality is tested on WebLogic version 10.3.2. 
Create new certificate and keystore 
Go to the server lib directory of WebLogic: 

$> cd   $MIDDLEWARE_HOME/wlserver_10.3/server/lib/ 

Set the right environment: 

$> .   ../bin/setWLSEnv.sh 

Create a new certificate for your machine (test01.local.lan): 

$> java   utils.CertGen -cn test01.local.lan -keyfilepass DemoIdentityPassPhrase   -certfile testcert -keyfile testkey 

Generating a   certificate with common name test01.local.lan and key strength 1024 
issued by CA with   certificate from CertGenCA.der file and key from CertGenCAKey.der file 
Import this certifcate in a new key store: 

$> java   utils.ImportPrivateKey newkeystore.jks DemoIdentityKeyStorePassPhrase   demoidentity DemoIdentityPassPhrase testcert.pem testkey.pem 

Imported private key   testkey.pem and certificate testcert.pem 
into a new keystore   newkeystore.jks of type jks under alias demoidentity 
Now check if your public key/certifcate is imported in the new key store. 


$> keytool -v   -list -keystore newkeystore.jks -storepass DemoIdentityKeyStorePassPhrase 

Keystore type: JKS 
Keystore provider:   SUN 

Your keystore   contains 1 entry 
Alias name:   demoidentity 
Creation date: Apr   12, 2010 
Entry type:   PrivateKeyEntry 
Certificate chain   length: 1 
Certificate[1]: 
Owner:   CN=test01.local.lan, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown,   ST=MyState, C=US 
Issuer:   CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState,   C=US 
Serial number:   4acc7d27882f10e38823617098da6d91 
Valid from: Sun Apr   11 15:56:23 CEST 2010 until: Sat Apr 12 15:56:23 CEST 2025 
Certificate   fingerprints: 
MD5:    12:97:52:76:3A:AB:1D:36:D7:DD:71:BB:8E:17:96:74 
SHA1:   49:0A:09:CC:6C:9E:F0:6E:90:8F:64:C7:D3:BF:2D:39:E6:EB:BC:DD 
Signature algorithm   name: MD5withRSA 
Version: 1 

Replace the old DemoIdentity.jks: 

This newkeystore.jks is your new DemoIdentity.jks 

$> ls *.jks 

DemoIdentity.jks    DemoTrust.jks  newkeystore.jks 

$> mv   DemoIdentity.jks DemoIdentity.jks_ 
$> cp   newkeystore.jks DemoIdentity.jks 

Done!
Được đăng bởi kavanathai vào lúc 3:22 PM
Nhãn: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)