Sun Java System Access Manager 7 2005Q4 Administration Guide

Configuring AMSDK with a Secure BEA WebLogic Server

The BEA WebLogic Server must first be installed and configured as a web container before you configure it with the AMSDK in SSL. For installation instructions, see the BEA WebLogic server documentation. To configure WebLogic as a web container for Access Manager, see Chapter 1, Access Manager 7 2005Q4 Configuration Scripts.

ProcedureTo Configure a Secure WebLogic Instance

  1. Create a domain using the quick start menu

  2. Go to the WebLogic installation directory and generate the certificate request.

  3. Apply for the server certificate using the CSR text file to a CA.

  4. Save the approved certificate in to a text file. For example, approvedcert.txt.

  5. Load the Root CA in cacerts by using the following commands:

    cd jdk141_03/jre/lib/security/

    jdk141_03/jre/bin/keytool -keystore cacerts -keyalg RSA -import -trustcacerts -alias "<alias name>" -storepass changeit -file /opt/bea81/cacert.txt

  6. Load the Server certificate by using the following command:

    jdk141_03/jre/bin/keytool -import -keystore <keystorename> -keyalg RSA -import -trustcacerts -file approvedcert.txt -alias "mykey"

  7. Login to WebLogic console with your username and password.

  8. Browse to the following location:

    yourdomain> Servers> myserver> Configure Keystores

  9. Select Custom Identity and then Java Standard Trust

  10. Enter the keystore location. For example, /opt/bea81/keystore .

  11. Enter Keystore Password and Keystore Pass Phrase. For example:

    Keystore Password: JKS/Java Standard Trust (for WL 8.1 it is only JKS)

    Key Store Pass Phrase: changeit

  12. Review the SSL Private Key Settings Private Key alias and password.

    Note –

    You must use the full strength SSL licence or SSL startup will fail

  13. In Access Manager, the following parameters in are automatically configured during installation. If they are not, you can edit them appropriately:

    com.sun.identity.jss.donotInstallAtHighestPriority=true [ this is not
     required for AM 6.3 and above]

    If your JDK path is the following:

    then use the keytool utility to import the root CA in the certificate database. For example:

    /usr/jdk/entsys-j2se/jre/bin/keytool -keystore cacerts  
    -keyalg RSA -import -trustcacerts -alias "machinename" -storepass changeit -file

    The keytool utility is located in the following directory:

  14. Remove -D"" from the Access Manager amadmin command line utility.

  15. Configure Access Manager in SSL Mode. For more information, see Configuring Access Manager in SSL Mode.