{"id":2853,"date":"2012-10-08T12:36:48","date_gmt":"2012-10-08T16:36:48","guid":{"rendered":"https:\/\/pitss.org\/us\/2012\/10\/08\/java-key-store-configuration-and-ssl-support-of-weblogic-11g\/"},"modified":"2017-07-18T13:40:14","modified_gmt":"2017-07-18T17:40:14","slug":"java-keystore-and-ssl-setup","status":"publish","type":"post","link":"https:\/\/pitss.org\/us\/2012\/10\/08\/java-keystore-and-ssl-setup\/","title":{"rendered":"Java Key Store Configuration and SSL Support of WebLogic 11g"},"content":{"rendered":"
\n

Java Keystore and SSL Setup for Oracle Forms and WebLogic 11g<\/span><\/span><\/p>\n<\/div>\n

A Walkthrough Guide For Jar File Administration Tasks: Java Key Store creation and Jar Configuration to enable SSL functionality of WebLogic 11g.<\/em><\/span><\/span><\/p>\n

\u00a0<\/span><\/p>\n

Table of Contents<\/strong><\/span><\/span><\/p>\n

1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Introduction<\/span>.<\/span><\/p>\n

2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Step-by-Step Documentation<\/span>.<\/span><\/p>\n

2.1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Check your PATH Environment Settings<\/span>.<\/span><\/p>\n

2.2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Create Identity Keystore<\/span>.<\/span><\/p>\n

2.3<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Create CSR<\/span>.<\/span><\/p>\n

2.4<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Send the CSR to Your Certificate Authority<\/span>.<\/span><\/p>\n

2.5<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Optional: Extract Certificates From Bundled Certificate File<\/span>.<\/span><\/p>\n

2.6<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Create Full Certificate Chain<\/span>.<\/span><\/p>\n

2.7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Conditional: Create Trusted Certificate Chain<\/span>.<\/span><\/p>\n

2.8<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Import Certificates into Identity Keystore<\/span>.<\/span><\/p>\n

2.9<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Optional: Trust Keystore Configuration for SSL Implementation<\/span>.<\/span><\/p>\n

3<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Jar Signing<\/span>.<\/span><\/p>\n

3.1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Sign your jar file(s)<\/span>.<\/span><\/p>\n

3.2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Verify your signed jar files<\/span>.<\/span><\/p>\n

4<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Working with Jar Files<\/span>.<\/span><\/p>\n

4.1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>High level Jar Creation\/Updating and Signing Processes<\/span>.<\/span><\/p>\n

4.2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Create a Jar file<\/span>.<\/span><\/p>\n

4.3<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Update a Jar File<\/span>.<\/span><\/p>\n

5<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>How to Setup SSL on Oracle WebLogic Server 11g<\/span>.<\/span><\/p>\n

5.1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Pre-checks<\/span>.<\/span><\/p>\n

5.2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Logon to the Admin Server\u2019s Admin Console<\/span>.<\/span><\/p>\n

5.3<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Open a server\u2019s configuration panel.<\/span><\/p>\n

5.4<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Enable the SSL Listening Port<\/span>.<\/span><\/p>\n

5.5<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Install Identity and Trust Keystore(s)<\/span>.<\/span><\/p>\n

5.6<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Configure SSL<\/span>.<\/span><\/p>\n

5.7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Activate Changes and Reboot Server(s)<\/span>.<\/span><\/p>\n

6<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>How to Setup SSL on Oracle HTTP Server 11g<\/span>.<\/span><\/p>\n

6.1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Pre-checks<\/span>.<\/span><\/p>\n

6.2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Convert JKS to Oracle Wallet<\/span>.<\/span><\/p>\n

6.3<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Configure OHS to use new Wallet<\/span>.<\/span><\/p>\n

7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Conditional: Install Certificate Authority Certificates on Browser<\/span>.<\/span><\/p>\n

1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span><\/span><\/a>Introduction<\/span><\/span><\/h2>\n

The following documentation provides step-by-step instructions on how to create a Java Key store, Certificate Signing Request (CSR), Import SSL certificates into your key store, sign jar files with the respective certificates, and setup SSL on WebLogic and Oracle HTTP Server (OHS). The following steps account for PKCS#7 encoded certificates and certificates sent via text format.<\/p>\n

Note: If your certificate authority sends you another type of certificate, such as PKCS#12 certificates, the key store configuration process will be different.<\/p>\n

Each step will show you an example of the various commands and a detailed explanation of the required\/recommended arguments for each command. The example commands listed below should not be used for your server environment(s), but used as an example and tailor the script so that it applies to your server environment.<\/p>\n

<\/a>2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Step-by-Step Documentation<\/span><\/span><\/h2>\n

<\/a>2.1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Check your PATH Environment Settings<\/span><\/span><\/h2>\n

Before the JDK keystore and jar signing utilities can be used, the JDK\u2019s bin path must be included into your PATH variable and be listed before any other JDKs. The JDK that is used to run your WebLogic servers, should be used for this process.<\/p>\n

<\/a>2.2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Create Identity Keystore<\/span><\/span><\/h2>\n

An identity keystore must be created. Please refer to the example command below along with descriptions of the respective arguments.**<\/p>\n

Please see the following example command:<\/b><\/p>\n

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore example.jks -validity 1095 -dname “CN=*.example.com,OU=System Admin, O=PITSS, L=Troy, ST=Michigan, C=us”<\/p>\n

Arguments:<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-genkey:<\/b> Required. This tells keytool to create a keystore with a private key.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-alias<\/b>: Required. This creates a name for the identity keystore that is created within your java keystore.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-keysize<\/b>: Optional, but recommended. This specifies the encryption key size of the encryption algorithm. Default size is 1024; it is recommended to use an algorithm of at least 2048.
\nNote: The encryption key size must be a multiple of 64.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-keyalg:<\/b>\u00a0 Optional, but recommended. This specifies the encryption algorithm type. The default is DSA; it is recommended to use RSA.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-keystore:<\/b> Required. This tells keytool what filename to create the keystore under.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-validity:<\/b> Optional, but recommended. This specifies the time length period of which the default self-signed certificate will use when your keystore is first created. Default is 90 days. It is recommended to use a validity period which reflects your trusted certificates produced by your Certificate Authority (CA).<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>–dname:<\/b> Optional but recommended. This specifies what you would like for your values to be for CN (Common Name), OU (Organizational Unit), O (Organization), L (Location: City), ST (State), C (Country).<\/p>\n

o<\/span>\u00a0\u00a0 <\/span><\/span>If the \u2013dname<\/b> argument is not provided with the values mentioned above, you will be prompted by the keytool program to enter them.<\/p>\n

o<\/span>\u00a0\u00a0 <\/span><\/span>For CN, depending on your certificate authority and how your end-users will access your application(s), you can use one the following values listed below. Please use the option that suites to your server architecture and certificate authority.<\/p>\n

\u00a7<\/span>\u00a0 <\/span><\/span>Domain name without asterisk (my.example.com)<\/p>\n

\u00a7<\/span>\u00a0 <\/span><\/span>Domain name with an asterisk (*.example.com)<\/p>\n

\u00a7<\/span>\u00a0 <\/span><\/span>IP Address<\/p>\n

After entering the command above in command line interface, you will be prompted to enter a password for your keystore, confirm the keystore password and if you want to specify a password for the alias you are creating. It\u2019s recommended to keep the alias password and keystore password the same.<\/p>\n

Once the keystore creation process is done successfully, the keystore file will be created with the \u201cjks\u201d file extension, within the current working directory of your command line interface. For instance, if you run the example command above in \u201c\/opt\/oracle\u201d, your keystore\u2019s full file path will be \u201c\/opt\/oracle\/example.jks\u201d.<\/p>\n

** For more information on \u201ckeytool\u201d usage please refer to Oracle\u2019s official keytool documentation: <\/span>http:\/\/download.oracle.com\/javase\/1.4.2\/docs\/tooldocs\/windows\/keytool.html<\/span><\/span><\/a><\/p>\n

<\/a>2.3<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Create CSR<\/span><\/span><\/h2>\n

Please see the following command for creating a CSR. Refer to the argument usage below for how to tailor the command to your requirements.<\/p>\n

Run the following command:<\/b><\/p>\n

keytool -certreq -alias server -keystore example.jks -file example.csr<\/p>\n

Arguments:<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-certreq<\/b>: Required. This argument tells keytool to create a CSR.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-alias:<\/b> Required. Must be set to the alias name specified during the keystore creation step above. For the current example, this will be \u201cserver\u201d.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-keystore<\/b>: Required. This argument tells keytool which keystore file path to use.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-file:<\/b> Optional but recommended. CSR will output the CSR into the specified filepath. In the example above, CSR will store the CSR into \u201cexample.csr\u201d<\/p>\n

<\/a>2.4<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Send the CSR to Your Certificate Authority<\/span><\/span><\/h2>\n

Once your CSR is generated, you must send the CSR to your Certificate Authority to generate your SSL certificate. If you do not have a Certificate Authority, or if you have any questions on Certificate Authorities, please contact PITSS.<\/p>\n

<\/a>2.5<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Optional: Extract Certificates From Bundled Certificate File<\/span><\/span><\/h2>\n

Some certificate authorities may send your certificates in a bundled certificate file like PKCS#7 or your certificate authority may send you your certificates in plain text.<\/p>\n

IMPORTANT:<\/b> If you received your certificates in plain text, please skip this step<\/u>. If you received your certificates in a single base encoded file, like PKCS#7 (.p7b), then this step must be followed.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>On a Windows system, save the certificate file onto your local file system.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Open a Windows Explorer window; navigate to the folder containing your base encoded certificate file.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Open the p7b file. This will launch Windows Certificate Manager (certmgr).<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>From the Certificates Navigator on the left hand side, please navigate down into the \u201cCertificates\u201d folder.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>When the \u201cCertificates\u201d folder is selected you should see two or three certificates listed in the Certificate viewer. Depending on your CA, you will have your public key certificate and your Root CA Certificate, and likely an Intermediate CA Certificate. Some certificate authorities will call these certificates \u201cprimary\u201d and \u201csecondary\u201d certificates respectively.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>For each certificate, right click on each certificate, then click each \u201cexport<\/b>\u201d from the \u201cAll Tasks<\/b>\u201d menu.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Please select the \u201cBase-64 encoded X.509\u201d certificate option when prompted for an export file type.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Specify the target file name for the certificate file. The following are example filenames for each certificate type.<\/p>\n

o<\/span>\u00a0\u00a0 <\/span><\/span>Public key: pub_cert.cer<\/p>\n

o<\/span>\u00a0\u00a0 <\/span><\/span>Root CA: root_cert.cer<\/p>\n

o<\/span>\u00a0\u00a0 <\/span><\/span>Intermediate CA: inter_cert.cer<\/p>\n

<\/a>2.6<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Create Full Certificate Chain<\/span><\/span><\/h2>\n

When your certificate authority sends you your certificates, the number of certificates you receive will vary depending on how your certificate authority distributes certificates. However all authorities will give you at least your SSL\/X.509 certificate and a root CA certificate.<\/p>\n

Some authorities may give you \u201cintermediary\u201d CA certificates, which should be included in your certificate chain. Please refer to the following list on what order certificates must be chained in. Once your chain is completed, you can import that chain into your java keystore.<\/p>\n

1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>SSL Certificate<\/p>\n

2.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Intermediary CA Certificate(s) (If applicable)<\/p>\n

3.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Root CA Certificate<\/p>\n

To create a certificate chain, simply concatenate each proper certificate in the respective order above into a blank ASCII text file.<\/p>\n

For an example certificate chain, please see the following example. Note the examples below are not actual certificates and are meant for example purposes only.<\/p>\n

Certificate: cert.cer<\/b><\/p>\n\n\n\n
\n
\n

—–BEGIN CERTIFICATE—–
\nThisIsMyCert+IGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWljaGlnYW4xDTAL
\nThisIsMyCert+BhMCVVMxFTATBgNVBAoTDFRoYXd0ZSwgSW5jLjEoMCYGA1UECFE
\nThisIsMyCert+cxWGdseaDY4RaH+2wCZgTQgmZ1xV0S19cFj1AMyPLD7zT8EfKki
\n—–END CERTIFICATE—–<\/span><\/span><\/p>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Root CA Certificate: root_ca.cer<\/b><\/p>\n\n\n\n
\n
\n

—–BEGIN CERTIFICATE—–
\nThisIsMyRootCertificate+BAoUEGZvcm1zZXhwZXJ0cy5jb20xEDAOBgNVBAsU
\nThisIsMyRootCertificate+AsUJ0ZvciBUZXN0IFB1cnBvc2VzIE9ubHkuICBOb
\nThisIsMyRootCertificate+nPjreI9bnhSfh0pkp1Wf4r8Jte3yDB1auvXtyEuz
\n—–END CERTIFICATE—–<\/span><\/span><\/p>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Full Certificate Chain: chain.cer<\/b><\/p>\n\n\n\n
\n
\n

—–BEGIN CERTIFICATE—–<\/span><\/span><\/p>\n

ThisIsMyCert+IGpMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWljaGlnYW4xDTAL<\/span><\/span><\/p>\n

ThisIsMyCert+BhMCVVMxFTATBgNVBAoTDFRoYXd0ZSwgSW5jLjEoMCYGA1UECFE<\/span><\/span><\/p>\n

ThisIsMyCert+cxWGdseaDY4RaH+2wCZgTQgmZ1xV0S19cFj1AMyPLD7zT8EfKki<\/span><\/span><\/p>\n

—–END CERTIFICATE—–<\/span><\/span><\/p>\n

—–BEGIN CERTIFICATE—–<\/span><\/span><\/p>\n

ThisIsMyRootCertificate+BAoUEGZvcm1zZXhwZXJ0cy5jb20xEDAOBgNVBAsU<\/span><\/span><\/p>\n

ThisIsMyRootCertificate+AsUJ0ZvciBUZXN0IFB1cnBvc2VzIE9ubHkuICBOb<\/span><\/span><\/p>\n

ThisIsMyRootCertificate+nPjreI9bnhSfh0pkp1Wf4r8Jte3yDB1auvXtyEuz<\/span><\/span><\/p>\n

—–END CERTIFICATE—–<\/span><\/span><\/p>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/a>2.7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Conditional: Create Trusted Certificate Chain<\/span><\/span><\/h2>\n

If you plan on setting up your keystore for SSL support on WebLogic and if you received multiple CA Certificates, this step must be followed. Otherwise if you only received a Root CA Certificate and your actual certificate or if you are only wish sign jar files with your keystore, this step can be skipped.<\/p>\n

As described in step 2.6, some certificate authorities will give you multiple CA certificates. For example, some authorities will provide an Intermediate CA Certificate with a Root CA Certificate. Thus you will need to create a trusted certificate chain for when you need to create a trust keystore by starting creating a chain in the following order:<\/p>\n

1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Intermediary CA Certificate<\/p>\n

2.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Root CA Certificate<\/p>\n

Please see the following example below to create a trusted certificate chain.<\/p>\n

Intermediary CA Certificate: inter_ca.cer<\/b><\/p>\n\n\n\n
\n
\n

—–BEGIN CERTIFICATE—–
\nIntermediateCertificate+BAoUEGZvcm1zZXhwZXJ0cy5jb20xEDAOBgNVBAsU
\nIntermediateCertificate+AsUJ0ZvciBUZXN0IFB1cnBvc2VzIE9ubHkuICBOb
\nIntermediateCertificate+nPjreI9bnhSfh0pkp1Wf4r8Jte3yDB1auvXtyEuz
\n—–END CERTIFICATE—–<\/span><\/span><\/p>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Root CA Certificate: root_ca.cer<\/b><\/p>\n\n\n\n
\n
\n

—–BEGIN CERTIFICATE—–
\nThisIsMyRootCertificate+BAoUEGZvcm1zZXhwZXJ0cy5jb20xEDAOBgNVBAsU
\nThisIsMyRootCertificate+AsUJ0ZvciBUZXN0IFB1cnBvc2VzIE9ubHkuICBOb
\nThisIsMyRootCertificate+nPjreI9bnhSfh0pkp1Wf4r8Jte3yDB1auvXtyEuz
\n—–END CERTIFICATE—–<\/span><\/span><\/p>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Trusted Certificate Chain: trust_chain.cer<\/b><\/p>\n\n\n\n
\n
\n

—–BEGIN CERTIFICATE—–
\nIntermediateCertificate+BAoUEGZvcm1zZXhwZXJ0cy5jb20xEDAOBgNVBAsU
\nIntermediateCertificate+AsUJ0ZvciBUZXN0IFB1cnBvc2VzIE9ubHkuICBOb
\nIntermediateCertificate+nPjreI9bnhSfh0pkp1Wf4r8Jte3yDB1auvXtyEuz
\n—–END CERTIFICATE—–<\/span><\/span><\/p>\n

—–BEGIN CERTIFICATE—–
\nThisIsMyRootCertificate+BAoUEGZvcm1zZXhwZXJ0cy5jb20xEDAOBgNVBAsU
\nThisIsMyRootCertificate+AsUJ0ZvciBUZXN0IFB1cnBvc2VzIE9ubHkuICBOb
\nThisIsMyRootCertificate+nPjreI9bnhSfh0pkp1Wf4r8Jte3yDB1auvXtyEuz
\n—–END CERTIFICATE—–<\/span><\/span><\/p>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/a>2.8<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Import Certificates into Identity Keystore<\/span><\/span><\/h2>\n

Once you have your certificate chain created, you can now import the full certificate chain into your identity keystore. To do this, please see the following example command to run in your command line interface.<\/p>\n

Run the following command to configure your Identity Keystore:<\/b><\/p>\n

keytool -import -alias server -file chain.cer -keystore example.jks<\/p>\n

Arguments:<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-import<\/b>: Required. Tells keytool to import a certificate into the keystore<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-alias<\/b>: Required. The value must be the alias name used during the keystore and CSR creation processes.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-file:<\/b> Required. Tells keytool which certificate file to import into the keystore. In the example above, chain.cer is created in step 2.6.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-keystore:<\/b> Required. Tells keytool which keystore to import the certificate into.<\/p>\n

<\/a>2.9<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Optional: Trust Keystore Configuration for SSL Implementation<\/span><\/span><\/h2>\n

If you need to configure your keystores to support SSL for WebLogic Servers, follow this step to configure your keystores. If you do not need to configure your keystores for SSL support , you may skip this step.<\/p>\n

To provide full SSL support, a trust keystore must be created. You can add the trusted keystore onto your existing keystore file or create a new keystore file for your trusted keystores (Oracle Recommended Approach).<\/p>\n

Run the following command to create and configure a new trusted<\/u> keystore:<\/b><\/p>\n

keytool -alias trust -trustcacerts -import -file root_ca.cer -keystore example_trust.jks<\/p>\n

OR – Run the following command to add a trusted keystore into an existing<\/u> keystore:<\/b><\/p>\n

keytool -alias truststore -trustcacerts -import -file root_ca.cer -keystore example.jks<\/p>\n

Keytool Arguments:<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-alias: <\/b>Required. Specify a new<\/u> alias for your trusted keystore.<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-trustcacerts: <\/b>Required. Tells keytool to import a trusted certificate or trusted certificate chain.<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-import: <\/b>Required. Tells keytool that you are importing a trusted certificate or trusted certificate chain.<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-file: <\/b>Required. Tells keytool the filename of the trusted certificate or trusted certificate to import.<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-keystore: <\/b>Required. Specify either a new keystore filename (to separate your trusted keystore from identity keystore) or an existing keystore filename to import your trusted keystore into. <\/b><\/p>\n

<\/a>3<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Jar Signing<\/span><\/span><\/h2>\n

<\/a>3.1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Sign your jar file(s)<\/span><\/span><\/h2>\n

Now that your identity keystore has been created, you can sign your jar file(s) with the trusted certificates.<\/p>\n

Common jar files to sign are jacob.jar (used by Oracle\u2019s webutil functionality), icon jar files (used by your forms applications), and any other custom built jar files containing images or java code.<\/p>\n

Please see the following example to sign a jar file:<\/b><\/p>\n

jarsigner -keystore example.jks jacob.jar server<\/p>\n

Arguments:<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>-keystore:<\/b> Required. Specify the identity keystore which has your full certificate chain imported and put a space after your keystore, followed by the alias name of your identity keystore. Do not use the \u201c-alias\u201d argument for the alias.<\/p>\n

Note: all jar files beginning with \u201cfrm\u201d in the \u201c%ORACLE_HOME%\/forms\/java\u201d directory which have the same modified timestamp are jar files developed and signed by Oracle. These are critical runtime jar files that should not<\/b> be modified or otherwise signed with new certificates \u2013 as Oracle will not support an Oracle Forms Installation whose jar runtime files have been modified. These jar files are set to expire 2 years after the release date of your installed Oracle Forms release. When these jar file\u2019s certificates expire, it is recommended to patch your Forms release to the most current release.<\/p>\n

\u00a0<\/span><\/b><\/p>\n

<\/a>3.2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Verify your signed jar files<\/span><\/span><\/h2>\n

After your jar files have been signed, it is recommended to verify that the jar files have been signed with the proper certificates. You can do so by referring to the examples below.<\/p>\n

Quick Check Command:<\/b><\/p>\n

jarsigner -verify -certs file_name.jar<\/p>\n

The following will give you one line of output indicating if your jar has been signed or not with two possible results below. However this does not tell you if the jar is signed with expired or authorized certificates.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>\u201cjar verified\u201d Jar is signed with a proper certificate<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>\u201cjar is unsigned. (signatures missing or not parsable)\u201d Jar is not signed with a proper certificate<\/p>\n

Verbose Check Command:<\/b><\/p>\n

jarsigner -verify -certs -verbose file_name.jar > results.log<\/p>\n

This command will give you an in-depth analysis of each respective file that has been signed or unsigned and put the results into a results.log file. It will display detailed information on each certificate that is used to sign each individual file within the jar file that is being checked.<\/p>\n

<\/a>4<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Working with Jar Files<\/span><\/span><\/h2>\n

In Oracle Forms, applications may use jar files containing image files for the use of the application. After these jar files are created they must be signed with a X.509 certificate before they are deployed to a testing or production server – this process is highlighted above.\u00a0 This section provides a quick reference for how to work with jar files and sign them for production use.<\/p>\n

<\/a>4.1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>High level Jar Creation\/Updating and Signing Processes<\/span><\/span><\/h2>\n

There are common situations where you will have to create and update jar files and re-sign them respectively. This section will cover high level processes for common situations like creating a new jar file then signing the jar and updating the jar file with new images and signing the respective jar.<\/p>\n

New Jar File and Signing the Jar File:<\/b><\/p>\n

1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Use the create new jar file command, inserting your required files into the jar. Please refer to step 3.2.<\/p>\n

2.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Sign the Jar file. Refer to the jar sign command in step 2.10.<\/p>\n

3.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Deploy the jar file to your forms environment(s)<\/p>\n

Append new files onto an existing and signed Jar File:<\/b><\/p>\n

1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Use the update jar file command, inserting new required files into the jar. Please refer to step 3.3.<\/p>\n

2.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Sign the jar file<\/p>\n

3.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Deploy the jar file to your forms environment(s)<\/p>\n

<\/a>4.2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Create a Jar file<\/span><\/span><\/h2>\n

Refer to the example commands below:<\/b><\/p>\n

jar cf jar_file.jar input-file(s)<\/p>\n

For example, say you have two images (image1.jpg and image2.jpg) that need to be in a app_img.jar file. You would need to run the following command:<\/p>\n

jar cf app_img.jar image1.jpg image2.jpg<\/p>\n

<\/a>4.3<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Update a Jar File<\/span><\/span><\/h2>\n

Refer to the example commands below:<\/b><\/p>\n

jar uf jar_file.jar input-file(s)<\/p>\n

For example say you need add one image (image3.jpg) to an existing jar file. You would need to run the following command:<\/p>\n

jar uf app_img.jar image3.jpg<\/p>\n

<\/a>5<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>How to Setup SSL on Oracle WebLogic Server 11g<\/span><\/span><\/h2>\n

The following steps will guide you through the SSL setup process on the WebLogic Servers. If your application\u2019s point of entry is via WebLogic Servers and not the Web Tier (OHS) and your requirement is to setup SSL, this section will help you fulfill that requirement.<\/p>\n

However if your point of entry for your applications is the Web Tier, then it is recommended to refer to Section 6<\/b>.<\/p>\n

<\/a>5.1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Pre-checks<\/span><\/span><\/h2>\n

Please check that you have the following pre-requisites before proceeding<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>AdminServer is running<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Your Identity and Trusted Keystores have been created and configured with X.509 certificates<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Identify whether your end-user\u2019s internet browsers will accept secure connections from your Certificate Authority. This is most common with internal certificate authorities. If you find that your browsers do not support or accept secure connections from your certificate authority, you will have to import your certificate authority\u2019s Root and Intermediate certificate(s).<\/p>\n

<\/a>5.2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Logon to the Admin Server\u2019s Admin Console<\/span><\/span><\/h2>\n

Logon to the Admin Console that is located on your domain\u2019s AdminServer.<\/p>\n

Once logged in, click on \u201cServers<\/b>\u201d located under the \u201cEnvironment<\/b>\u201d link from the left hand navigation, as shown below.<\/p>\n

<\/a>5.3<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Open a server\u2019s configuration panel.<\/span><\/span><\/h2>\n

Open the server that you are setting up SSL on by clicking on the link with the server\u2019s name, as shown in the example below.<\/p>\n

<\/a>5.4<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Enable the SSL Listening Port<\/span><\/span><\/h2>\n

Click the \u201cLock & Edit<\/b>\u201d button to enable server changes<\/p>\n

Complete the following changes listed below:<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Optional:<\/b> Clear out the \u201cListen Address<\/b>\u201d property. Clearing out the Listen Address property enables your server to listen on multiple destination host names instead of one.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Required:<\/b> Enable the \u201cSSL Listen Port Enabled<\/b>\u201d checkbox.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Required:<\/b> Specify an SSL port for your WebLogic Server in the \u201cSSL Listen Port<\/b>\u201d field.<\/p>\n

After your changes are completed, click the \u00a0button.<\/b><\/p>\n

<\/a>5.5<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Install Identity and Trust Keystore(s)<\/span><\/span><\/h2>\n

Click on the \u201cKeystores<\/b>\u201d tab, located under the \u201cConfiguration<\/b>\u201d tab set.<\/p>\n

Specify Custom Identity and Custom Trust Settings<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Click the \u201cChange<\/b>\u201d button in the \u201cKeystores<\/b>\u201d field.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Select \u201cCustom Identity and Custom Trust<\/b>\u201d and Save<\/b> your changes.<\/p>\n

Fill out the following Identity Keystore fields:<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Custom Identity Keystore:<\/b> Absolute file path of your identity keystore.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Custom Identity Keystore Type:<\/b> Type of keystore. In this case: JKS.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Custom Identity Keystore Passphrase:<\/b> Passphrase specified during the identity keystore creation process.<\/p>\n

Fill out the following Trust Keystore fields:<\/b><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Custom Trust Keystore: <\/b>Absolute file path of your trust keystore.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Custom Trust Keystore Type:<\/b> Type of keystore. In this case: JKS.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Customer Trust Keystore Passphrase:<\/b> Passphrase specified during your trust keystore creation.<\/p>\n

Save<\/b> your changes once the identity and trust keystore fields are completed with the proper changes.<\/p>\n

\u00a0<\/b><\/p>\n

<\/a>5.6<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Configure SSL<\/span><\/span><\/h2>\n

Please select the \u201cSSL<\/b>\u201d tab under the \u201cConfiguration<\/b>\u201d tab of the server you are configuring for SSL.<\/p>\n

Please fill out the following fields. See below for an example. Save<\/b> your changes once they are completed.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Private Key Alias:<\/b> the alias name of your Identity Keystore.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Private Key Passphrase:<\/b> the password of your Identity Keystore alias<\/p>\n

<\/a>5.7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Activate Changes and Reboot Server(s)<\/span><\/span><\/h2>\n

Once your changes have been completed for the SSL server setup, please \u201cActivate<\/b>\u201d changes. Once changes are activated, please reboot<\/b> the server(s) you have setup with SSL.<\/p>\n

For a step-by-step on how to reboot WebLogic Servers, please do the following:<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Select \u201cServers<\/b>\u201d, under \u201cEnvironment<\/b>\u201d.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Select the \u201cControl<\/b>\u201d tab in the server summary page.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Please click \u201cShutdown<\/b>\u201d and then \u201cForce Shutdown Now<\/b>\u201d. Click the \u00a0icon, to have the server status list automatically updated. Please wait until the server shutdown process is complete.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Select the server(s) that have been shutdown, click \u201cStart<\/b>\u201d. Click the \u00a0icon, to have the server status list automatically updated. Please wait until the server(s) say \u201cRUNNING<\/b>\u201d in the \u201cState<\/b>\u201d column.<\/p>\n

<\/a>6<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>How to Setup SSL on Oracle HTTP Server 11g<\/span><\/span><\/h2>\n

<\/a>6.1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Pre-checks<\/span><\/span><\/h2>\n

Please check that you have the following pre-requisites before proceeding<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>AdminServer is running<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Your Identity and Trusted Keystores have been created and configured with X.509 certificates<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Identify whether your end-user\u2019s internet browsers will accept secure connections from your Certificate Authority. This is most common with internal certificate authorities. If you find that your browsers do not support or accept secure connections from your certificate authority, you will have to import your certificate authority\u2019s Root and Intermediate certificate(s).<\/p>\n

<\/a>6.2<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Convert JKS to Oracle Wallet<\/span><\/span><\/h2>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Open<\/b> a Command Line Interface<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Set JAVA_HOME<\/b> environment variable to your JDK\u2019s JAVA_HOME.<\/p>\n

For example, if your jdk is installed in \u201c\/opt\/oracle\/jdk1.6.0_24\u201d or \u201cC:\\java\\jdk1.6.0_24\u201d that will be your JAVA_HOME value respectively.<\/p>\n

To set an environment variable, please use the following examples:<\/p>\n

Windows:<\/b> set JAVA_HOME=\u201dC:\\java\\jdk1.6.0_24\u201d<\/p>\n

UNIX:<\/b> export JAVA_HOME=\/opt\/oracle\/jdk1.6.0_24<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Set MW_HOME<\/b> environment variable to your Middleware Home<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Set ORACLE_INSTANCE<\/b> environment variable to your Oracle Instance Home<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Create Oracle Wallet<\/b> \u2013 please use the command below as an example (Lines below are to be executed as one command):<\/p>\n

%MW_HOME%\/oracle_common\/bin\/orapki wallet create
\n-wallet ORACLE_INSTANCE%\/config\/OHS\/ohs1\/keystores\/%NAME_OF_WALLET%<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Convert JKS Keystore to PKCS12<\/b> \u2013 Please use the command below as an example to convert your JKS to Oracle Wallet (Lines below are to be executed as one command):<\/p>\n

%MW_HOME%\/oracle_common\/bin\/orapki wallet jks_to_pkcs12
\n-wallet %ORACLE_INSTANCE%\/config\/OHS\/ohs1\/keystores\/%NAME_OF_WALLET%
\n-keystore\u00a0 C:pathtoid.jks<\/p>\n

<\/a>6.3<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Configure OHS to use new Wallet<\/span><\/span><\/h2>\n

Now that your new Oracle Wallet has been created and configured, OHS must be configured to read from the new wallet.<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Open <\/b>%ORACLE_INSTANCE%\/config\/OHS\/ohs1\/ssl.conf<\/b><\/p>\n

 <\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Locate the \u201cSSLWallet\u201d <\/b>parameter<\/b><\/p>\n

Change from:
\n${ORACLE_INSTANCE}\/config\/${COMPONENT_TYPE}\/${COMPONENT_NAME}\/keystores\/default<\/span><\/b><\/p>\n

Change to:<\/b><\/p>\n

${ORACLE_INSTANCE}\/config\/${COMPONENT_TYPE}\/${COMPONENT_NAME}\/keystores\/%wallet_name%\u00a0\u00a0 <\/span><\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Save<\/b> ssl.conf changes<\/p>\n

\u00b7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Reboot OHS<\/b><\/p>\n

Navigate to \u201c%ORACLE_INSTANCE%\/bin<\/b>\u201d<\/p>\n

Run \u201copmnctl restartproc process-type=OHS<\/b>\u201d<\/p>\n

<\/a>7<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span>Conditional: Install Certificate Authority Certificates on Browser<\/span><\/span><\/h2>\n

Depending on the CA certificates sent by your CA, you may have to install them onto your browser. This may be because the Certificate Authority is not a recognized Certificate Authority by your browser or the CA Certificates sent by your CA may not be used for production\/public use. To install CA Certificates into your browser, please refer to your Certificate Authority or System Administration Group for installing CA Certificates into an internet browser.<\/p>\n","protected":false},"excerpt":{"rendered":"

Java Keystore and SSL Setup for Oracle Forms and WebLogic 11g A Walkthrough Guide For Jar File Administration Tasks: Java Key Store creation and Jar Configuration to enable SSL functionality of WebLogic 11g. \u00a0 Table of Contents 1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Introduction. 2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Step-by-Step Documentation. 2.1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Check your PATH Environment Settings. 2.2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Create Identity Keystore. 2.3\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Create CSR. […]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[49,22,4,93,19,71,10],"tags":[11,16,48,3,23,13,44,17,46,50,40,24],"class_list":["post-2853","post","type-post","status-publish","format-standard","hentry","category-adf-jdeveloper","category-forms","category-install-config","category-ohs","category-unix-linux","category-weblogic-software","category-windows","tag-11g","tag-11gr2","tag-adf","tag-faq","tag-forms","tag-installation-setup","tag-java","tag-linux","tag-ohs","tag-ssl","tag-weblogic","tag-windows"],"_links":{"self":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/2853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/comments?post=2853"}],"version-history":[{"count":9,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/2853\/revisions"}],"predecessor-version":[{"id":9680,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/2853\/revisions\/9680"}],"wp:attachment":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/media?parent=2853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/categories?post=2853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/tags?post=2853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}