Private keys, digital
certificates, and trusted certificate authority certificates establish
and verify identity and trust in the WebLogic Server environment.
WebLogic Server is configured with a default identity keystore
DemoIdentity.jks
and a default trust keystore
DemoTrust.jks
. In addition, WebLogic Server trusts the
certificate authorities in the cacerts
file in the
JDK.
As described in Managing Keys and Certificates with the Keystore Service, the OPSS Keystore Service (KSS) provides an alternate mechanism to manage keys and certificates for message security. The OPSS KSS makes using certificates and keys easier by providing central management and storage of keys and certificates for all servers in a domain. You use the OPSS KSS to create and maintain keystores of type KSS. If the Oracle Java Required Files (JRF) template is installed on the WebLogic Server system, you have the option to use KSS keystores. The KSS keystore is available only with the JRF template and is not available with the default WebLogic Server configuration.
This default demo keystore configuration is appropriate for testing and development purposes. However, these keystores should not be used in a production environment.
Note: If you are using the JKS demo certificates in a multi-server domain, Managed Server instances will fail to boot if you specify the fully-qualified DNS name. For information about this limitation and suggested workarounds, see Limitation on CertGen Usage in Securing Oracle WebLogic Server.
To configure identity and trust for a server:
Note: This release of WebLogic Server supports private keys and trusted CA certificates stored in files for the purpose of backward compatibility only.
See Configure keystores and Configuration Options.
After you finish
After you configure identity and trust keystores for a WebLogic Server instance, you can configure its SSL attributes. These attributes describe the location of the identity key and certificate in the keystore specified on the Configuration: Keystores page. Use the Configuration: SSL page to specify this information. See Configuration Options.