1. Installation and Configuration Guide
  2. Configure Security Certificates
  3. Reconfigure WebLogic to use a Different Security Certificate

Reconfigure WebLogic to use a Different Security Certificate

Change the settings of WebLogic to replace self-signed certificate with on signed by a CA.

  1. In a browser, enter the URL of the WebLogic Administrator console. The URL uses one of the following formats:
    http://<local_host_name>:<port_number>/console
https://<local_host_name>:<port_number>/console

    where local_host_name and port_number are the name and port number of the WebLogic Administrator console defined during STA installation. The default HTTP port number is 7019, and the default HTTPS port number is 7020. For example: 

    https://sta_server:7020/console
  2. Enter the WebLogic Administration console username and password defined during STA installation, and then click Login.
  3. In the Domain Structure section, select Environment, and then select Servers.
    Servers noted under Environment in the Domain Structure tree
  4. In the Servers table, select the staUi active link (not the check box).
    staUi link selected in the Name column of the Servers table
  5. Select the Keystores tab.
    Keystores tab selected in the Settings for staUi control bar
  6. In the Change Center section, click Lock & Edit.
    Lock & Edit button selected in the Change Center section
  7. In the Keystores section, click Change.
    Change button in the Keystores section of the Change Center
  8. In the Keystores menu, select Custom Identity and Java Standard Trust.
    Custom Identify and Java Standard Trust selected in menu
  9. Click Save.
  10. Complete the Keystores screen as follows:

    • Custom Identity Keystore—Path and file of the private key file.

    • Custom Identity Keystore Type—Keystore type. If configuring for RACF authentication, enter PKCS12.

    • Custom Identity Keystore Passphrase—Password supplied by the MVS system administrator.

    • Java Standard Trust Keystore Passphrase—New password for the Java Standard Trust Keystore file.

    Caution:

    If you forget these passwords, you must reinstall STA.

  11. Click Save.
  12. Select the SSL tab.
    SSL tab selected in the Settings for staUi control bar
  13. Enter the Private Key Alias and Private Key Passphrase supplied by the MVS system programmer.

    To determine the Private Key Alias, use the keytool command at the system command line. For example: 

    $ keytool -list -keystore CLTBI.PKCS12DR.D080411 -storetype PKCS12
Enter keystore password: (password from the MVS sysadmin)
Keystore type: PKCS12
Keystore provider: SunJSSE

Your keystore contains 1 entry

tbiclient, Aug 17, 2011, PrivateKeyEntry,
Certificate fingerprint (MD5): 9A:F7:D1:13:AE:9E:9C:47:55:83:75:3F:11:0C:BB:46
  14. Click Save.
  15. In the Trusted Certificate Authorities section, click Advanced.
    Advanced link selected under Trusted Certificate Authorities
  16. Complete the Advanced section of the SSL screen as follows:

    • Use Server Certs—Select the check box.

    • Two Way Client Cert Behavior—Select Client Certs Requested But Not Enforced.

    • Inbound Certification Validation—Select Builtin SSL Validation Only.

    • Outbound Certificate Validation—Select Builtin SSL Validation Only.

  17. Click Save.
  18. In the Change Center section, click Activate Changes.
    Activate Changes button selected in Change Center section
  19. Log out of WebLogic.
  20. Stop all STA services. See the STA Administration Guide for command usage details.
    $ STA stop all
  21. Start all STA services.
    $ STA start all