Tuesday, January 31, 2012

Creating a Trust Keystore Using the keytool Utility for weblogic server


Creating a Trust Keystore Using the keytool Utility for weblogic server

Steps to create the Trust Keystore in weblogic server.

Copy the standard java keystore to create the new trust keystore since it already contains most of the root CA certificates needed. Oracle does not recommend modifying the standard Java trust keystore directly. Copy the standard Java keystore CA certificates located under the $WLSHOME/server/lib directory to the same directory as the certificates.
For example:
cp $WLSHOME/server/lib/cacerts $WLSDOMAIN/certs/appTrustKeyStore.jks
The default password for the standard Java keystore is changeit. Oracle recommends always changing the default password. Use the keytool utility to do this. The syntax is:
keytool -storepasswd -new -keystore -storepass
For example:
cd $WLSDOMAIN/certs
keytool -storepasswd -new welcome1 -keystore appTrustKeyStore.jks -storepass changeit
The CA certificate CertGenCA.der is used to sign all certificates generated by the utils CertGen tool and is located at $WLSHOME/server/lib directory. This CA certificate must be imported into the appTrustKeyStore.jks using the keytool utility. The syntax is:
keytool -import -v -noprompt -trustcacerts -alias -file -keystore -storepass
For example:
keytool -import -v -noprompt -trustcacerts -alias clientCACert –file $WLSHOME/server/lib/CertGenCA.der -keystore appTrustKeyStore.jks –storepass welcome1

No comments:

Post a Comment