1. SSL Configuration Setup Guide
  2. Configuring SSL on Oracle Weblogic

1 Configuring SSL on Oracle Weblogic

Use this topic to configure SSL on Oracle Weblogic application server.

Setting up SSL on Oracle Weblogic

To setup SSL on Oracle Weblogic application server:
  1. Obtain an identity (private key and digital certificates) and trust (certificates of trusted certificate authorities) for Oracle Weblogic application server.
  2. Store the identity and trust. Private keys and trust CA certificates are stored in keystores.
  3. Configure the identity and trust the keystores for Oracle Weblogic application server in the administration console.
  4. Set SSL attributes for the private key alias and password in Oracle Weblogic administration console.

Certificates and Keypairs

Certificates are used for validating the authenticity of the server. Certificates contains the name of the owner, certificate usage, duration of validity, resource location or distinguished name (DN), which includes the common name (CN - web site address or e-mail address depending of the usage) and the certificate ID of the person who certified (signs) these information. It also contains the public key and a hash to ensure that the certificate has not been tampered with. A certificate is insecure until it is signed. Signed certificates cannot be modified.

A certificate can be self-signed or obtained from a reputable certificate authority such as Verisign, Inc., Entrust.net, Thawte, GeoTrust or InstantSSL.

SSL uses a pair of cryptographic keys - a public key and a private key. These keys are similar in nature and can be used alternatively. What one key encrypts can be decrypted by the other key of the pair. The private key is kept secret, while the public key is distributed using the certificate.

A keytool stores the keys and certificates in a keystore. The default keystore implementation implements it as a file. It protects private keys with a password. The different entities (key pairs and the certificates) are distinguished by a unique ‘alias’. Through its keystore, Oracle Weblogic server can authenticate itself to other parties.

In Java, a keystore is a ‘java.security.KeyStore’ instance that you can create and manipulate using the keytool utility provided with the Java Runtime.

There are two keystores to be managed by Oracle Weblogic server to configure SSL:
  1. Identity Keystore: Contains the key pairs and the Digital certificate. This can also contain certificates of intermediate CAs.
  2. Trust Keystore: Contains the trusted CA certificates.