{"id":5016,"date":"2015-08-04T09:22:33","date_gmt":"2015-08-04T01:22:33","guid":{"rendered":"http:\/\/rmohan.com\/?p=5016"},"modified":"2015-08-04T09:22:33","modified_gmt":"2015-08-04T01:22:33","slug":"wildcard-ssl-certificates-with-weblogic","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=5016","title":{"rendered":"Wildcard SSL Certificates with WebLogic"},"content":{"rendered":"<p><strong>Wildcard SSL Certificates with WebLogic<\/strong><br \/>\nkeytool -list -v -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase<\/p>\n<p>keytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase<br \/>\nkeytool -import -trustcacerts -alias rootcacert -keystore DemoTrust.jks -file D:\\keystores\\GeoTrust_Global_CA.pem -storepass DemoTrustKeyStorePassPhrase<br \/>\nkeytool -import -trustcacerts -alias intercacert -keystore DemoTrust.jks -file D:\\keystores\\Geotrustintermediate.crt -storepass DemoTrustKeyStorePassPhrase<br \/>\nkeytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase<\/p>\n<p>-keypass<\/p>\n<p>keytool -import -file D:\\keystores\\rmohan.com-2018.pem -alias star -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keypass DemoIdentityKeyStorePassPhrase<br \/>\nkeytool -import -file D:\\keystores\\rmohan.com-2018.crt -alias star -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keypass DemoIdentityKeyStorePassPhrase<br \/>\nkeytool -delete -file D:\\keystores\\rmohan.com-2018.pem -alias star -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase<br \/>\nkeytool -delete -noprompt -alias star -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase<\/p>\n<p>keytool -list -v -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase<\/p>\n<p>keytool -importkeystore -srckeystore host.p12 -destkeystore DemoIdentity.jks -srcstoretype pkcs12<\/p>\n<p>keytool -importkeystore -srckeystore rmohan.com-2018.p12 -destkeystore DemoIdentity.jks -srcstoretype PKCS12 -deststoretype JKS -srcstorepass PA$$word12 -deststorepass PA$$word12 -srcalias 1<br \/>\nChange the Hostname Verification entry from \u201cHostname\u201d to \u201cCustom Hostname Verifier\u201d<br \/>\nIn the Custom Hostname Verifier form enter: \u201cweblogic.security.utils.SSLWLSWildcardHostnameVerifier\u201d<\/p>\n<p>1) Convert it into pkcs12 format<br \/>\nopenssl pkcs12 -export -out Tomcat.p12 -inkey server.key -in server.crt -certfile g2chain.cer -name &#8220;Server-Cert&#8221;<\/p>\n<p>2) Now convert it into JKS format<br \/>\nkeytool -importkeystore -srckeystore Tomcat.p12 -destkeystore KEYSTORE.jks -srcstoretype PKCS12 -deststoretype JKS -srcstorepass ********* -deststorepass ********* -srcalias Server-Cert -destalias tomcat -srckeypass ********* -destkeypass ********* -noprompt<br \/>\nChecking the logs, the same error.<\/p>\n<p>Checking &#8220;Use JSSE SSL&#8221; does fix the problem easily.<\/p>\n<p><strong>Configure the servers to use wildcard verifier:<\/strong><\/p>\n<ul>\n<li>Login to WLS console<\/li>\n<li>Click on \u201cEnvironment\u201d \u00e0 Servers will be displayed on your left<\/li>\n<li>Select the server (You\u2019ll have to do this for all servers.)<\/li>\n<li>Go to the SSL tab<\/li>\n<li>Scroll down and expand the \u201cAdvanced\u201d section<\/li>\n<li>Change the Hostname Verification entry from \u201cHostname\u201d to \u201cCustom Hostname Verifier\u201d<\/li>\n<li>In the Custom Hostname Verifier form enter: \u201cweblogic.security.utils.SSLWLSWildcardHostnameVerifier\u201d<\/li>\n<\/ul>\n<p><a href=\"http:\/\/rmohan.com\/wp-content\/uploads\/2015\/08\/wildcard.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5017\" src=\"http:\/\/rmohan.com\/wp-content\/uploads\/2015\/08\/wildcard.png\" alt=\"wildcard\" width=\"620\" height=\"170\" srcset=\"https:\/\/mohan.sg\/wp-content\/uploads\/2015\/08\/wildcard.png 620w, https:\/\/mohan.sg\/wp-content\/uploads\/2015\/08\/wildcard-300x82.png 300w, https:\/\/mohan.sg\/wp-content\/uploads\/2015\/08\/wildcard-150x41.png 150w, https:\/\/mohan.sg\/wp-content\/uploads\/2015\/08\/wildcard-400x110.png 400w\" sizes=\"(max-width: 620px) 100vw, 620px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Restart the servers.<\/strong><\/p>\n<p>Node Manager, by default, uses the Demo Identity keystore. You can observe this in $WL_HOME\/common\/nodemanager\/nodemanager.log.<\/p>\n<p>To configure Node Manager to use the custom keystores, add the following lines to the end of the nodemanager.properties file located in the WL_HOME\/common\/nodemanager directory:<\/p>\n<p><em><i>Note: Do this on all nodes.<\/i><\/em><\/p>\n<p>cp $WL_HOME\/common\/nodemanager\/nodemanager.properties $WL_HOME\/common\/nodemanager\/nodemanager.properties.`date +%Y%m%d`<\/p>\n<p>vi $WL_HOME\/common\/nodemanager\/nodemanager.properties<\/p>\n<p>\u2014 Add this at the bottom of the file. Use the correct values for the items highlighted in bold. The path changes in each environment. The password should remain same as we copy over the keystores to other environments.<\/p>\n<p>##SSL Config changes<\/p>\n<p>KeyStores=CustomIdentityAndCustomTrust<\/p>\n<p>CustomIdentityKeyStoreFileName=<strong>[LOCATION TO KEYSTORE]<\/strong>\/my_key_identity.jks<\/p>\n<p>CustomIdentityKeyStorePassPhrase=<strong>[PASSWORD]<\/strong><\/p>\n<p>CustomIdentityAlias=server_identity<\/p>\n<p>CustomIdentityPrivateKeyPassPhrase=<strong>[PASSWORD]<\/strong><\/p>\n<p>The passphrase entries in the nodemanager.properties file are encrypted when you start Node Manager.<\/p>\n<p><strong>Restart Node Manager.<\/strong><\/p>\n<p>\u2014 Kill the nodemanager<\/p>\n<p>ps -ef | grep nodemanager<\/p>\n<p>cd $WL_HOME\/server\/bin<\/p>\n<p>rm -f nohup.out<\/p>\n<p>nohup .\/startNodeManager.sh &amp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wildcard SSL Certificates with WebLogic keytool -list -v -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase<\/p>\n<p>keytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase keytool -import -trustcacerts -alias rootcacert -keystore DemoTrust.jks -file D:\\keystores\\GeoTrust_Global_CA.pem -storepass DemoTrustKeyStorePassPhrase keytool -import -trustcacerts -alias intercacert -keystore DemoTrust.jks -file D:\\keystores\\Geotrustintermediate.crt -storepass DemoTrustKeyStorePassPhrase keytool -list -v -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase<\/p>\n<p>-keypass<\/p>\n<p>keytool -import -file D:\\keystores\\rmohan.com-2018.pem -alias star [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[56],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5016"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5016"}],"version-history":[{"count":2,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5016\/revisions"}],"predecessor-version":[{"id":5019,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5016\/revisions\/5019"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}