Change the settings of WebLogic to replace self-signed certificate with on signed by a CA.
In a browser, enter the URL of the WebLogic Administrator console. The URL uses one of the following formats:
http://<local_host_name>:<port_number>/console https://<local_host_name>:<port_number>/console
where local_host_name
and port_number
are the name and port number of the WebLogic Administrator console defined during STA installation. The default HTTP port number is 7019, and the default HTTPS port number is 7020. For example:
https://sta_server:7020/console
Enter the WebLogic Administration console username and password defined during STA installation, and then click Login.
In the Domain Structure section, select Environment, and then select Servers.
In the Servers table, select the staUi active link (not the check box).
Select the Keystores tab.
In the Change Center section, click Lock & Edit.
In the Keystores section, click Change.
In the Keystores menu, select Custom Identity and Java Standard Trust
.
Click Save.
Complete the Keystores screen as follows:
Custom Identity Keystore—Path and file of the private key file.
Custom Identity Keystore Type—Keystore type. If configuring for RACF authentication, enter PKCS12
.
Custom Identity Keystore Passphrase—Password supplied by the MVS system administrator.
Java Standard Trust Keystore Passphrase—New password for the Java Standard Trust Keystore file.
Caution:
If you forget these passwords, you must reinstall STA.Click Save.
Select the SSL tab.
Enter the Private Key Alias and Private Key Passphrase supplied by the MVS system programmer.
Note:
To determine the Private Key Alias, use thekeytool
command at the system command line. For example:
$ keytool -list -keystore CLTBI.PKCS12DR.D080411 -storetype PKCS12
Enter keystore password: (password from the MVS sysadmin)
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
tbiclient, Aug 17, 2011, PrivateKeyEntry,
Certificate fingerprint (MD5): 9A:F7:D1:13:AE:9E:9C:47:55:83:75:3F:11:0C:BB:46
Click Save.
In the Trusted Certificate Authorities section, click Advanced.
Complete the Advanced section of the SSL screen as follows:
Use Server Certs—Select the check box.
Two Way Client Cert Behavior—Select Client Certs Requested But Not Enforced
.
Inbound Certification Validation—Select Builtin SSL Validation Only
.
Outbound Certificate Validation—Select Builtin SSL Validation Only
.
Click Save.
In the Change Center section, click Activate Changes.
Log out of WebLogic.
Stop all STA services. See the STA Administration Guide for command usage details.
$ STA stop all
Start all STA services.
$ STA start all