zoukankan      html  css  js  c++  java
  • WebLogic配置自己定义密钥库和SSL的操作手冊

    WebLogic配置自己定义密钥库和SSL的操作手冊

    (定制标识和定制信任&Keytool&TLS1.0)

    1、启用SSLport


    保存。重新启动受管Server


    IE浏览器訪问

    谷歌浏览器訪问

    2、查看密钥库和SSL配置

    密钥库

    SSL

     

    3、手动制作identity.jks和trust.jks

    新建jks文件夹

    [weblogic@Weblogic201 ~]$ mkdir jksHL

    [weblogic@Weblogic201 ~]$ cd jksHL/

    生成标识identity.jks密钥库

    例如以下标黄色背景部分的说明:

    weblogicHL为“SSL—私有密钥别名”。

    keypass123为“SSL—私有密钥password短语”;

    storepass123为“密钥—标识(identity)—定制标识密钥库password短语”。

    storepass123为“密钥库—信任(trust)—定制标识密钥库password短语”。

    3650为自己定义证书的有效期,单位为天;

    [weblogic@Weblogic201 jksHL]$ keytool -genkey -alias weblogicHL -keyalg RSA -keypass keypass123 -keystoreidentity.jks -storepass storepass123-validity 3650

    What is your first and last name?

     [Unknown]:  HaiLang     

    What is the name of your organizationalunit?

     [Unknown]:  GZCSS

    What is the name of your organization?

     [Unknown]:  GZCSS

    What is the name of your City or Locality?

     [Unknown]:  GZ

    What is the name of your State or Province?

     [Unknown]:  GD

    What is the two-letter country code forthis unit?

     [Unknown]:  CN 

    Is CN=HaiLang, OU=GZCSS, O=GZCSS, L=GZ,ST=GD, C=CN correct?

     [no]:  yes

    导出公钥证书的cer文件

    [weblogic@Weblogic201 jksHL]$ keytool -export -alias weblogicHL -file root.cer -keystore identity.jks

    Enter keystore password:  storepass123

    Certificate stored in file <root.cer>

    生成信任trust.jks密钥库

    将上一步生成的root.cer公钥证书导入并生成trust.jks密钥库

    [weblogic@Weblogic201 jksHL]$ keytool -import -alias weblogicHL -trustcacerts -file root.cer -keystoretrust.jks

    Enter keystore password:  storepass123

    Re-enter new password:  storepass123

    Owner: CN=HaiLang, OU=GZCSS, O=GZCSS, L=GZ,ST=GD, C=CN

    Issuer: CN=HaiLang, OU=GZCSS, O=GZCSS,L=GZ, ST=GD, C=CN

    Serial number: 559a5ac9

    Valid from: Mon Jul 06 18:39:05 HKT 2015until: Thu Jul 03 18:39:05 HKT 2025

    Certificate fingerprints:

              MD5: 04:F2:4F:97:5B:8B:32:23:AB:69:D0:6A:42:1D:C7:77

              SHA1:A0:B3:6F:90:08:0D:6B:55:6F:A6:13:C6:3B:C0:F4:CE:E1:B5:72:F9

              Signature algorithm name: SHA1withRSA

              Version: 3

    Trust this certificate? [no]:  yes

    Certificate was added to keystore


    至此identity.jks和trust.jks制作完毕!

    4、在Console配置新的密钥库和SSL

    改动默认的Demo密钥库

    “密钥库—更改”

    选择“定制标识和定制信任”—“保存”

    填写密钥库的配置

    定制标识密钥库:/home/weblogic/jksHL/identity.jks

    定制信任密钥库:/home/weblogic/jksHL/trust.jks

    定制标识/信任密钥类型:jks


    点击“保存”。设置完毕。

    SSL的配置

    私有密钥别名:weblogicHL

    私有密钥password短语:keypass123


    点击“保存”;重新启动Server。密钥库和SSL配置完毕。

    5、浏览器验证

    Server启动日志

    [weblogic@Weblogic201 bin]$./startManagedWebLogic.sh appSrv02 http://Weblogic201:7001

    .

    .

    JAVA Memory arguments: -Xms1024m -Xmx1024m-XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m

    .

    WLS Start Mode=Development

    .

    CLASSPATH=/home/weblogic/Oracle/Middleware/patch_wls1035/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/weblogic/Oracle/Middleware/patch_ocp360/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/weblogic/jdk1.6.0_45/lib/tools.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/home/weblogic/Oracle/Middleware/modules/features/weblogic.server.modules_10.3.5.0.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/home/weblogic/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/home/weblogic/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/xqrl.jar:.:/home/weblogic/jdk1.6.0_45$/lib:/home/weblogic/jdk1.6.0_45$/lib/tools.jar

    .

    PATH=/home/weblogic/Oracle/Middleware/wlserver_10.3/server/bin:/home/weblogic/Oracle/Middleware/modules/org.apache.ant_1.7.1/bin:/home/weblogic/jdk1.6.0_45/jre/bin:/home/weblogic/jdk1.6.0_45/bin:/home/weblogic/jdk1.6.0_45/bin:/home/weblogic/jdk1.6.0_45/jre/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/weblogic/bin

    .

    ***************************************************

    *  Tostart WebLogic Server, use a username and  *

    * password assigned to an admin-level user.  For *

    * server administration, use the WebLogic Server *

    * console at http://hostname:port/console        *

    ***************************************************

    starting weblogic with Java version:

    java version "1.6.0_45"

    Java(TM) SE Runtime Environment (build1.6.0_45-b06)

    Java HotSpot(TM) 64-Bit Server VM (build20.45-b01, mixed mode)

    Starting WLS with line:

    /home/weblogic/jdk1.6.0_45/bin/java-client   -Xms1024m -Xmx1024m-XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m -Dweblogic.Name=appSrv02-Djava.security.policy=/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.policy-Dweblogic.security.SSL.trustedCAKeyStore=/home/weblogic/Oracle/Middleware/wlserver_10.3/server/lib/cacerts  -Xverify:none -da -Dplatform.home=/home/weblogic/Oracle/Middleware/wlserver_10.3-Dwls.home=/home/weblogic/Oracle/Middleware/wlserver_10.3/server-Dweblogic.home=/home/weblogic/Oracle/Middleware/wlserver_10.3/server   -Dweblogic.management.discover=false -Dweblogic.management.server=http://Weblogic201:7001  -Dwlw.iterativeDev=false-Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false-Dweblogic.ext.dirs=/home/weblogic/Oracle/Middleware/patch_wls1035/profiles/default/sysext_manifest_classpath:/home/weblogic/Oracle/Middleware/patch_ocp360/profiles/default/sysext_manifest_classpath  weblogic.Server

    <Jul 6, 2015 7:20:17 PM HKT><Info> <Security> <BEA-090905> <Disabling CryptoJ JCEProvider self-integrity check for better startup performance. To enable thischeck, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>

    <Jul 6, 2015 7:20:18 PM HKT><Info> <Security> <BEA-090906> <Changing the defaultRandom Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disablethis change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>

    <Jul 6, 2015 7:20:18 PM HKT><Info> <WebLogicServer> <BEA-000377> <Starting WebLogicServer with Java HotSpot(TM) 64-Bit Server VM Version 20.45-b01 from SunMicrosystems Inc.>

    <Jul 6, 2015 7:20:19 PM HKT><Info> <Security> <BEA-090065> <Getting boot identity fromuser.>

    Enter username to boot WebLogicserver:weblogic

    Enter password to boot WebLogic server:

    <Jul 6, 2015 7:20:24 PM HKT><Info> <Management> <BEA-141107> <Version: WebLogic Server10.3.5.0.7 PSU Patch for BUG16088411 Mon Apr 01 15:13:52 IST 2013

    WebLogic Server 10.3.5.0  Fri Apr 1 20:20:06 PDT 2011 1398638 >

    <Jul 6, 2015 7:20:26 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to STARTING>

    <Jul 6, 2015 7:20:26 PM HKT><Info> <WorkManager> <BEA-002900> <Initializingself-tuning thread pool>

    <Jul 6, 2015 7:20:26 PM HKT><Notice> <LoggingService> <BEA-320400> <The log file/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/appSrv02.logwill be rotated. Reopen the log file if tailing has stopped. This can happen onsome platforms like Windows.>

    <Jul 6, 2015 7:20:26 PM HKT><Notice> <LoggingService> <BEA-320401> <The log file hasbeen rotated to/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/appSrv02.log00018.Log messages will continue to be logged in/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/appSrv02.log.>

    <Jul 6, 2015 7:20:26 PM HKT><Notice> <Log Management> <BEA-170019> <The server log file/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/appSrv02.logis opened. All server side log events will be written to this file.>

    <Jul 6, 2015 7:20:29 PM HKT><Notice> <Security> <BEA-090082> <Security initializingusing security realm myrealm.>

    <Jul 6, 2015 7:20:30 PM HKT><Notice> <LoggingService> <BEA-320400> <The log file/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/access.logwill be rotated. Reopen the log file if tailing has stopped. This can happen onsome platforms like Windows.>

    <Jul 6, 2015 7:20:30 PM HKT><Notice> <LoggingService> <BEA-320401> <The log file hasbeen rotated to/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/access.log00012.Log messages will continue to be logged in/home/weblogic/Oracle/Middleware/user_projects/domains/myDomain/servers/appSrv02/logs/access.log.>

    <Jul 6, 2015 7:20:31 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to STANDBY>

    <Jul 6, 2015 7:20:31 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to STARTING>

    <Jul 6, 2015 7:20:33 PM HKT><Notice> <Log Management> <BEA-170027> <The Server hasestablished connection with the Domain level Diagnostic Servicesuccessfully.>

    <Jul 6, 2015 7:20:33 PM HKT><Notice> <Cluster> <BEA-000197> <Listening forannouncements from cluster using unicast cluster messaging>

    <Jul 6, 2015 7:20:33 PM HKT><Notice> <Cluster> <BEA-000133> <Waiting to synchronizewith other running members of Cluster1.>

    <Jul 6, 2015 7:20:46 PM HKT><Notice> <Cluster> <BEA-000142> <Trying to downloadcluster JNDI tree from server appSrv04.>

    <Jul 6, 2015 7:20:46 PM HKT><Notice> <Cluster> <BEA-000164> <Synchronized cluster JNDItree from server appSrv04.>

    <Jul 6, 2015 7:20:46 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to ADMIN>

    <Jul 6, 2015 7:20:46 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to RESUMING>

    <Jul 6, 2015 7:20:46 PM HKT><Notice> <Cluster> <BEA-000162> <Starting"async" replication service with remote cluster address"150.18.23.201:8001,150.18.23.201:8002,150.18.23.202:8001,150.18.23.202:8002">

    <Jul 6, 2015 7:20:47PM HKT> <Notice> <Security> <BEA-090171> <Loading theidentity certificate and private key stored under the alias weblogicHL from thejks keystore file /home/weblogic/jksHL/identity.jks.>

    <Jul 6, 2015 7:20:47PM HKT> <Notice> <Security> <BEA-090169> <Loadingtrusted certificates from the jks keystore file /home/weblogic/jksHL/trust.jks.>

    <Jul 6, 2015 7:20:47 PM HKT><Notice> <Server> <BEA-002613> <Channel"DefaultSecure" is now listening on 150.18.23.201:8012 for protocolsiiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>

    <Jul 6, 2015 7:20:47 PM HKT><Notice> <Server> <BEA-002613> <Channel"Default" is now listening on 150.18.23.201:8002 for protocols iiop,t3, CLUSTER-BROADCAST, ldap, snmp, http.>

    <Jul 6, 2015 7:20:47 PM HKT><Notice> <WebLogicServer> <BEA-000332> <Started WebLogicManaged Server "appSrv02" for domain "myDomain" running inDevelopment Mode>

    <Jul 6, 2015 7:20:48 PM HKT><Notice> <WebLogicServer> <BEA-000365> <Server statechanged to RUNNING>

    <Jul 6, 2015 7:20:48 PM HKT><Notice> <WebLogicServer> <BEA-000360> <Server started inRUNNING mode>

    说明自己定义的密钥库载入成功!

    IE浏览器訪问


    继续浏览此站点,訪问成功!


    查看证书信息


    从有效期和证书颁发者信息可知。该证书正是我们之前制作的:

    What is your first and last name?

     [Unknown]:  HaiLang     

    What is the name of your organizationalunit?

     [Unknown]:  GZCSS

    What is the name of your organization?

     [Unknown]:  GZCSS

    What is the name of your City or Locality?

     [Unknown]:  GZ

    What is the name of your State or Province?

     [Unknown]:  GD

    What is the two-letter country code forthis unit?

     [Unknown]:  CN 

    Is CN=HaiLang, OU=GZCSS, O=GZCSS, L=GZ,ST=GD, C=CN correct?

    谷歌浏览器訪问

    相同会提示证书不安全


    继续前往


    查看证书信息


    至此。配置自己定义密钥库和SSL的操作已完毕!

    ---------------------------------------------------------------------------------------------------------------------------------

    12306的SSL证书加密技术:

  • 相关阅读:
    python struct详解
    python 二维矩阵及转byte知识点
    c# HttpListener拒绝访问
    c# 捕获一般获取不到的异常
    查看dll依赖项
    Javascript 进阶 作用域 作用域链
    【Android进阶】Gson解析json字符串的简单应用
    做web项目时对代码修改后浏览器端不生效的应对方法(持续更新)
    异常Exception in thread "AWT-EventQueue-XX" java.lang.StackOverflowError
    玩转web之json(五)---将表单通过serialize()方法获取的值转成json
  • 原文地址:https://www.cnblogs.com/wzjhoutai/p/6772493.html
Copyright © 2011-2022 走看看