This appendix explains how to create a custom SSL encryption certificate for the AcslsDomain in your WebLogic server. This procedure is required if you intend to create a self-signed digital certificate for use with browsers that do not accept the demo certificate provided by default with the ACSLS GUI.
Internet Explorer 8 (and above) and FireFox Version 39 (and above) requires this WebLogic set-up procedure for use with HTTPS servers that do not employ certificates verified by a third-party digital signing authority.
Generate a keystore database of cryptographic keys.
As root user, source the basic acsls environmental variables.
. /var/tmp/acsls/.acsls_env
Define keyStore parameters:
keyPath=$installDir/Oracle/Middleware/wlserver_10.3/server/lib identStore=acslsIdent.jks trustStore=acslsTrust.jks keyPass=<password> storPass=<password>
Generate the public/private encryption key pair and digital certificate. Place them in the keyStore.
keytool -genkeypair -alias selfsigned -keyalg RSA -keysize 2048 \ -validity 365 -keypass $keyPass -storepass $storPass \ -keystore $keyPath/$identStore
This produces a certificate valid for 365 days with encryption key that is 2048 bits in length. The keytool prompts you with the following questions. The answers you give are written to a certificate that can be displayed on a remote browser any time the ACSLS GUI user is asked to confirm the authenticity of the HTTPS connection.
What is your first and last name? [Unknown]: ACSLS Library Server What is the name of your organizational unit? [Unknown]: Tape Library Services What is the name of your organization? [Unknown]: Our Organization What is the name of your City or Locality? [Unknown]: Our Town What is the name of your State or Province? [Unknown]: Our Province? What is the two-letter country code for this unit? [Unknown]: XY
When prompted for a password, click Return to use the value for $identPass that you set in step 1b.
The tool summarizes the parameters you submitted and asks you to confirm (yes/no) that the parameters are correct.
Export the ident certificate and import it to the trust certificate.
keytool -exportcert -alias selfsigned -file $keyPath/root.cer \ -keystore $keyPath/$identStore -storepass $storPass keytool -importcert -alias selfsigned -file $keyPath/root.cer \ -keystore $keyPath/$trustStore -storepass $storPass
Answer yes to the prompt to confirm.
Copy the files, $keyPath/acslsIdent.jks and $keyPath/acslsTrust.jks, to the $SSLM_HOME/AcslsDomain/ directory.
Configure WebLogic to use the newly-generated keyStore.
Logon to the WebLogic console as acsls_admin using the acsls_admin password.
http://<acsls_server>:7001/console
From the main page top-left corner of the console page, click Lock & Edit.
Just below the Lock and Edit button, you see 'Domain Structure'. Select Environment under the AcslsDomain.
From the Summary of Environment frame, click Servers.
From the Summary of Servers frame, select the Configuration tab and click AdminServer(admin) from the Servers table.
From the Settings for AdminServer frame, select the Keystores tab.
Under the Keystores tab, click Change and select Custom Identity and Custom Trust. Click Save.
In the Custom Identity Keystore text box, enter the path to the acslsIdent.jks file using the $keyPath/$identStore values that you defined in step 1b above. In the Custom Identity Keystore Type box, enter jks.
In the Custom Identity Keystore Passphrase text box, enter the password that you defined as $storPass in step 1-b above. Confirm the Custom Identity Keystore Passphrase in the next text box.
In the Custom Trust Keystore text box, enter the full path to the acslsTrust.jks file using the $keyPath/$trustStore values that you defined in step 1-b. In the Custom Trust Keystore Type text box, enter jks.
In the Custom Trust Keystore Passphrase text box, enter the password you defined for $storPass in step 1-b. Enter confirmation of that password in the remaining text box.
Click Save. Observe the verification message at the top of the page.
Select SSL tab in the Settings for Administrator frame.
In Identity and Trust Locations ensure that Keystores is selected. If necessary, click Change to correct the setting.
In the Private Key Alias text box, enter selfsigned.
In the Private Key Passphrase text box, enter the same password you defined as $keyPass in step 1-b above. Confirm it using the same password in the remaining text box.
Click Save. Look for the green verification message at the top of the page.
Click the Advanced field under the SSL tab. Set Hostname Verification to none. Select the check box for Use JSEE SSL.
Click Save. Look for the green verification message at the top of the page.
Click Activate Changes in the top-left corner of the page. Observe the verification message at the top of the page.
Restart the weblogic service.