Before you begin
For a complete description of these steps, see Configuring Identity and Trust.
By default, WebLogic Server is configured with two keystores, to be used for development only.
DemoIdentity.jks
:
Contains a demonstration private key for WebLogic Server. This
keystore establishes an identity for WebLogic Server.DemoTrust.jks
:
Contains a list of certificate authorities trusted by WebLogic Server.
This keystore establishes trust for WebLogic Server.These keystores are located in the WL_HOME\server\lib
directory and the JAVA_HOME\jre\lib\security
directory. For testing and development purposes, the keystore
configuration is complete. Use the steps in this section to configure
identity and trust keystores for production use.
To configure the identity and trust keystores:
MIDDLEWARE_HOME\server\lib
directory and the JDK cacerts
keystore, are
configured by default. Use for development only.
cacerts
file in the JAVA_HOME\jre\lib\security
directory.
Note: The passphrase for the Demo Identity keystore is
DemoIdentityKeyStorePassPhrase
.
If you chose Java Standard Trust as your keystore, specify the password defined when creating the keystore. Confirm the password.
If you chose Custom Trust, define the following attributes:
After you finish
All the server SSL attributes are dynamic; when modified via the Console, they cause the corresponding SSL server or channel SSL server to restart and use the new settings for new connections. Old connections will continue to run with the old configuration. To ensure that all the SSL connections exist according to the specified configuration, you must reboot WebLogic Server.
Use the Restart SSL button on the Control: Start/Stop page to restart the SSL server when changes are made to the keystore files and need to be applied for subsequent connections without rebooting WebLogic Server. See Restart SSL.