test

Sun Java System Access Manager 7.1 Postinstallation Guide

ProcedureTo Configure a Secure WebLogic Instance

  1. Create a domain using the quick start menu

  2. Go to the WebLogic installation directory and generate the certificate request.

  3. Apply for the server certificate using the CSR text file to a CA.

  4. Save the approved certificate in to a text file. For example, approvedcert.txt.

  5. Load the Root CA in cacerts by using the following commands:

    cd jdk141_03/jre/lib/security/

    jdk141_03/jre/bin/keytool -keystore cacerts -keyalg RSA -import -trustcacerts -alias "<alias name>" -storepass changeit -file /opt/bea81/cacert.txt

  6. Load the Server certificate by using the following command:

    jdk141_03/jre/bin/keytool -import -keystore <keystorename> -keyalg RSA -import -trustcacerts -file approvedcert.txt -alias "mykey"

  7. Login to WebLogic console with your username and password.

  8. Browse to the following location:

    yourdomain> Servers> myserver> Configure Keystores

  9. Select Custom Identity and then Java Standard Trust

  10. Enter the keystore location. For example, /opt/bea81/keystore .

  11. Enter Keystore Password and Keystore Pass Phrase. For example:

    Keystore Password: JKS/Java Standard Trust (for WL 8.1 it is only JKS)

    Key Store Pass Phrase: changeit

  12. Review the SSL Private Key Settings Private Key alias and password.

    Note –

    You must use the full strength SSL licence or SSL startup will fail

  13. In Access Manager, the following parameters in AmConfig.properties are automatically configured during installation. If they are not, you can edit them appropriately:


    com.sun.identity.jss.donotInstallAtHighestPriority=true
[not required for Access Manager 6.3 and later]
com.iplanet.security.SecureRandomFactoryImpl=
  com.iplanet.am.util.SecureRandomFactoryImpl
com.iplanet.security.SSLSocketFactoryImpl=
  netscape.ldap.factory.JSSESocketFactory
com.iplanet.security.encryptor=
  com.iplanet.services.util.JCEEncryption

    If your JDK path is the following:


    com.iplanet.am.jdk.path=/usr/jdk/entsys-j2se

    then use the keytool utility to import the root CA in the certificate database. For example:


    /usr/jdk/entsys-j2se/jre/lib/security
/usr/jdk/entsys-j2se/jre/bin/keytool -keystore cacerts  
-keyalg RSA -import -trustcacerts -alias "machinename" -storepass changeit -file
/opt/bea81/cacert.txt

    The keytool utility is located in the following directory:


    /usr/jdk/entsys-j2se/jre/bin/keytool

  14. Remove -D"java.protocol.handler.pkgs=com.iplanet.services.comm" from the Access Manager amadmin command line utility.

  15. Configure Access Manager in SSL Mode. For more information, see Configuring Access Manager in SSL Mode.