The BEA WebLogic Server must first be installed and configured as a web container before you configure it with the AMSDK in SSL. For installation instructions, see the BEA WebLogic server documentation. To configure WebLogic as a web container for Access Manager, see Chapter 1, Access Manager 7 2005Q4 Configuration Scripts.
Create a domain using the quick start menu
Go to the WebLogic installation directory and generate the certificate request.
Apply for the server certificate using the CSR text file to a CA.
Save the approved certificate in to a text file. For example, approvedcert.txt.
Load the Root CA in cacerts by using the following commands:
cd jdk141_03/jre/lib/security/
jdk141_03/jre/bin/keytool -keystore cacerts -keyalg RSA -import -trustcacerts -alias "<alias name>" -storepass changeit -file /opt/bea81/cacert.txt
Load the Server certificate by using the following command:
jdk141_03/jre/bin/keytool -import -keystore <keystorename> -keyalg RSA -import -trustcacerts -file approvedcert.txt -alias "mykey"
Login to WebLogic console with your username and password.
Browse to the following location:
yourdomain> Servers> myserver> Configure Keystores
Select Custom Identity and then Java Standard Trust
Enter the keystore location. For example, /opt/bea81/keystore .
Enter Keystore Password and Keystore Pass Phrase. For example:
Keystore Password: JKS/Java Standard Trust (for WL 8.1 it is only JKS)
Key Store Pass Phrase: changeit
Review the SSL Private Key Settings Private Key alias and password.
You must use the full strength SSL licence or SSL startup will fail
In Access Manager, the following parameters in AmConfig.properties are automatically configured during installation. If they are not, you can edit them appropriately:
com.sun.identity.jss.donotInstallAtHighestPriority=true [ this is not required for AM 6.3 and above] com.iplanet.security.SecureRandomFactoryImpl=com.iplanet.am.util.SecureRandomFactoryImpl com.iplanet.security.SSLSocketFactoryImpl=netscape.ldap.factory.JSSESocketFactory com.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption |
If your JDK path is the following:
com.iplanet.am.jdk.path=/usr/jdk/entsys-j2se |
then use the keytool utility to import the root CA in the certificate database. For example:
/usr/jdk/entsys-j2se/jre/lib/security /usr/jdk/entsys-j2se/jre/bin/keytool -keystore cacerts -keyalg RSA -import -trustcacerts -alias "machinename" -storepass changeit -file /opt/bea81/cacert.txt |
The keytool utility is located in the following directory:
/usr/jdk/entsys-j2se/jre/bin/keytool |
Remove -D"java.protocol.handler.pkgs=com.iplanet.services.comm" from the Access Manager amadmin command line utility.
Configure Access Manager in SSL Mode. For more information, see Configuring Access Manager in SSL Mode.