Here are my notes for configuring SSL using a self-signed certificate on WebLogic 9.2 on Solaris 10:
Make sure the following environment variables are created
- JAVA_HOME (/usr/local/bea/jdk150_04/)
- PATH ($JAVA_HOME/bin:$PATH)
Confirm settings by the following commands:
which java should return this:
Create a self-signed certificate valid for 1 year (365 days) using Sun’s keytool with a command that resembles this:
$JAVA_HOME/jre/bin/keytool -genkey -keystore /usr/local/bea/weblogic92/server/lib/eTechIdentity.jks -storepass etechpass -keypass etechpass -keyalg RSA -validity 365 -alias etechalias -dname
“cn=bladerunner2.can.adobe.com, ou=Technical Marketing, o=Adobe Systems Canada Inc., st=ON, c=CA”
bladerunner2.can.adobe.com is the fully-qualified domain name of the server
You might have to change ownership of this file (eTechIdentity.jks) to the user WebLogic runs as.
In the Admin Console, click the “Lock and Edit” button so that you establish an exclusive Admin lock on the domain to make configuration changes.
In the WebLogic Admin Console left navigation pane, navigate to :Environment:Servers::General
- check the checkbox for ‘SSL Listen Port Enabled’
- for SSL Listen Port:, enter a number that is one up on the server’s T3 port. Make sure the port is not being used on the box. The command netstat -an will tell you that.
Navigate to :Environment:Servers::Keystores
- For the ‘Keystores’ dropdownlist, choose ‘Custom Identity and Java Standard Trust’
The page will take some time to reload.
- For ‘Custom Identity Keystore’, copy-paste (avoid typing) the full qualified path to the keystore you created at the beginning (/usr/local/bea/weblogic92/server/lib/eTechIdentity.jks)
- For ‘Custom Identity Keystore Type’, the value is “jks”
- For ‘Custom Identity Keystore Passphrase:’, use the password you used for the keystore (“etechpass”)
The following might be optional, I am not sure:
- For ‘Java Standard Trust Keystore Passphrase’, the password is “changeit” (this comes form Sun Microsystems).
Navigate to :Environment:Servers::SSL
- For ‘Private Key Alias:’, the value is the alias you chose when you created the key (“etechalias”)
- For ‘Private Key Passphrase:’, the value is the key password you chose when you created the key (“etechpass”)
Click ‘Save’ and then ‘Activate Changes’.
Re-start the managed server.
Start IE and point it to https://server:SSLport/adminui
Choose to Proceed to the Website (IE 7)
Click on the “Certificate Error” button at the top, to the right of the address bar (IE 7) and import the certificate.
Re-start IE, point it to https://server:SSLport/adminui and this time there should be no error messages or warnings.
Start Acrobat Professional 8 and point it to the Policy Server (use the SSL port).