Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Configure identity and trust


Private keys, digital certificates, and trusted certificate authority certificates establish and verify identity and trust in the WebLogic Server environment. WebLogic Server is configured with a default identity keystore DemoIdentity.jks and a default trust keystore DemoTrust.jks. In addition, WebLogic Server trusts the certificate authorities in the cacerts file in the JDK.

As described in Managing Keys and Certificates with the Keystore Service, the OPSS Keystore Service (KSS) provides an alternate mechanism to manage keys and certificates for message security. The OPSS KSS makes using certificates and keys easier by providing central management and storage of keys and certificates for all servers in a domain. You use the OPSS KSS to create and maintain keystores of type KSS. If the Oracle Java Required Files (JRF) template is installed on the WebLogic Server system, you have the option to use KSS keystores. The KSS keystore is available only with the JRF template and is not available with the default WebLogic Server configuration.

This default demo keystore configuration is appropriate for testing and development purposes. However, these keystores should not be used in a production environment.

Note: If you are using the JKS demo certificates in a multi-server domain, Managed Server instances will fail to boot if you specify the fully-qualified DNS name. For information about this limitation and suggested workarounds, see Limitation on CertGen Usage in Securing Oracle WebLogic Server.

To configure identity and trust for a server:

  1. Obtain digital certificates, private keys, and trusted CA certificates from the CertGen utility, Sun Microsystem’s keytool utility, OPSS Keystore Service, or a reputable vendor such as Entrust or Verisign. You can also use the digital certificates, private keys, and trusted CA certificates provided by the WebLogic Server kit. The demonstration digital certificates, private keys, and trusted CA certificates should be used in a development environment only.
  2. If using KSS, verify whether KSS is properly populated, and note the KSS URIs and aliases of the required certificates and keys. You need the KSS URIs and key aliases when specifying keystores, keys, and certificates.
  3. Store the private keys, digital certificates, and trusted CA certificates. Private keys and trusted CA certificates are stored in a keystore. If using KSS, import the required keys and certificates to KSS. See Managing Keys and Certificates with the Keystore Service for information on adding keys and certificates to KSS.

    Note: This release of WebLogic Server supports private keys and trusted CA certificates stored in files for the purpose of backward compatibility only.

  4. Configure the identity and trust keystores for a WebLogic Server instance on the Configuration: Keystores page.

    See Configure keystores and Configuration Options.

After you finish

After you configure identity and trust keystores for a WebLogic Server instance, you can configure its SSL attributes. These attributes describe the location of the identity key and certificate in the keystore specified on the Configuration: Keystores page. Use the Configuration: SSL page to specify this information. See Configuration Options.

Related Tasks

Related Topics


Back to Top