PROCESSIT 7.4 R1
For Oracle Fusion Middleware 11g

SSL

©2025 Copyright ReadSoft AG (publ). All rights reserved. The contents of this document are subject to change without notice. ReadSoft is a registered trademark of ReadSoft AB. Other product and company names herein may be the trademarks or registered trademarks of their respective owners.
Questions or comments about this document may be emailed to documentation@readsoft.com.

ReadSoft AB (Head office) | Södra Kyrkogatan 4 | SE-252 23 Helsingborg | Sweden | Phone: +46 42 490 21 00 | Fax: +46 42 490 21 20
ReadSoft AG | Falkstrasse 5 | 60487 Frankfurt | Germany | Phone: +49 69 1539402-0 | Fax: +49 69 1539402-13
info@readsoft.com | www.readsoft.com

SSLGenerating and procuring certificateConfiguring the keystore on the WebLogic ServerTest SSL setup

SSL

Generating and procuring certificate

  1. Open a command prompt
  2. set the environment by running the setDomainEnv script
  3. Generate the private – public key pair. You can use keytool java utility, or other utilities like openssl etc.
    keytool -genkey -alias client -keyalg  RSA -keysize 2048  -keystore identity.jks -storepass password -keypass password
  4. Generate a Certificate Signing Request (CSR) and send it to Certifying Authority.
    keytool -certreq -keyalg RSA -keysize 2048 -alias client -file certreq.csr -keystore identity.jks -storepass password
  5. The CA returns the certificate reply and the RootCA, and sometimes an intermediateCA certificate.
  6. Import the certificates into the keystore
    • Either by importing the certificates in an order of RootCA, intermediateCA and then Certificate reply.
    • Or create a certificate chain clubbing them in an order into a .pem file. keytool -import  -file CertChain.pem -alias client -keystore  identity.jks -storepass password
  7. Create a trust keystore, this can be done my importing your RootCA certificate into another keystore that constitutes the trust: keytool -import  -file rootCA.cer -alias RootCA -keystore trust.jks -storepass password
  8. To verify the contents of the keystore, use this command: Keytool –list –v –keystore <keystore-name> -storepass  <keystore-password>

Configuring the keystore on the WebLogic Server

If you enable the SSL for a WebLogic Server, is is One Way SSL by default. If you want to change to Two Way SSL, you would have to select the two way SSL behavior from the Advanced option list.

  1. Log into the Admin Console
  2. Select the server on which you want to configure the SSL certificate.
  3. Click Server
  4. Click on the Keystore tab. By default it points to the Demo Certificates.
  5. Select Custom Identity and  Custom Trust in the dropdown list.
  6. Enter the identity and trust keystore details
  1. Click on the SSL tab and enter the alias of the private key - in this case the client - and the keypass password.
  2. Configure the SSL port. Default is 7002.
  3. Go to server → General tab → Specify
  4. Enable SSL port
  5. You can see the below messages in the server logs which indicate that the certificates are loaded.
    <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias client from the JKS keystore file C:\Wonders\WebLogic\Security\SSL-Certs\Verisign\identityVerisign.jks.>
    <Notice> <Security> <BEA-090169> <Loading trustedcertificates from the JKS keystore file [yourpath]\WebLogic\Security\SSL-Certs\Verisign\trustVerisign.jks.>
 

Test SSL setup

You can test the setup by accessing the administrator console if SSL is configured for Admin Server or any application deployed on the server by accessing it on https protocol: https://localhost:7002/console

You must verify whether the right certificate is configured or not.

  1. Click on the certificate details.
  2. Find the details about the identity and the RootCA along with the certificate chain.

For a production environment make sure that CN (Common Name) of the certificate matches the server host name. You can also use self signed certificates or trial certificates for testing purpose. However is it not recommended to use them in production environments.