Getting Started with WebLogic Server: How to Configure SSL on Oracle WebLogic Server with Custom Identity and Java Standard Trust (Doc ID 1109753.1)

Last updated on FEBRUARY 08, 2024

Applies to:

Goal

WebLogic Server (WLS) is configured by default with Demo Identity and Demo Trust. To use these, we just need to enable the SSL port under the General Tab of the server, and WLS will start listening over SSL on that port.

However, using these demo certificates is not recommended in a production environment because they do not provide adequate security. Instead of using the demo certificates, we can either get our certificates signed by a third-party certifying authority or use self-signed certificates (use our own root ca which we can use to sign our own certificates).

To generate the certificates, we need to use keytool. Keytool is a standard java keystore utility. This is included with the Java SE JDK as well as the JRockit JDK.

For more information, please see the Keytool documentation.

A keystore is a database of key material. Key material is used for a variety of purposes, including authentication and data integrity. There are various types of keystores available, including "PKCS12" and Java's "JKS." There are two types of keystores: identity keystores and trust keystores. An identity keystore contains the server's private key and is therefore referred to as the identity. This keystore can contain more than one private key. A trust keystore contains the root and intermediate certificates which are trusted by the server.

In this document, we will look at the steps that need to be implemented to configure SSL using custom certificates through a JKS type of keystore.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.