Before going live with your application on WebLogic, I’d always recommend activating SSL on the Weblogic server hosting your application.
Accessing your application with the HTTPS protocol will ensure your user’s data are not intercepted.
To do so, you should first get a valid certificate :
- If you are configuring the Weblogic at a company, you should ask internally to obtain a valid certificate.
- If you are in charge of getting a valid certificate, I always recommend getting one from the let’s encrypt organization. It is free and trusted by the most significant organization out there. (Facebook, Google, Cisco, Github, etc.)
- If you only want to test the configuration, you can generate your self-signed certificate as described in (1) below.
1) (Optional – Do not do for production) Generate your self-signed certificate using java keytool
Note: using a self-signed certificate is useful for testing purpose only. When used, browsers will strongly warn the user your certificate isn’t trusted.
Prerequisite : Having Java installed on your computer
- Navigate to the bin folder of your java installation (usually C:\Program File(x86)\Java\jreXXXX\bin)
- Open a command prompt in this folder (replace the path on the top of your file explorer by ‘cmd’ and hit enter)
- Run the following command to generate your identity store, Self-Signed certificate and trust store
2) Add the certificate to the domain server using FTP/SSH
3) Configure SSL in Weblogic
Note : Before Choosing the SSL port ensure it isn’t used elsewhere
- Connect to the Weblogic console with an administrator role (http://{YourHostName}:{YourAdminPort}/console)
- On the top left corner, enter Lock & Edit mode
- Environnement > Servers > {TheServerHostingTheAppNeedingSSL} > General
- SSL Listen port enabled : ☑
- SSL Listen port : {YourAvailableSslPort usually 7002}
- Environnement > Servers > {TheServerHostingTheAppNeedingSSL} > Keystores
- Keystores : Change : Custom Identity and Custom Trust
- Custom Identity Keystore: {YourWeblogicDomainPath}/{YourWeblogicDomainName}/certificates/keystore.jks
- Custom Identity Keystore Type: JKS
- Custom Identity Keystore Passphrase: {YourKeystorePassword in this example (1) example ‘storPass’}
- Confirm Custom Identity Keystore Passphrase: {YourKeystorePassword in this example (1) example ‘storPass’}
- Custom Trust Keystore: {YourWeblogicDomainPath}/{YourWeblogicDomainName}/certificates/truststore.jks
- Custom Trust Keystore Type: JKS
- Custom Trust Keystore Passphrase: {YourKeystorePassword in this example (1) example ‘storPass’}
- Confirm Custom Trust Keystore Passphrase: {YourKeystorePassword in this example (1) example ‘storPass’}
- Environnement > Servers > {TheServerHostingTheAppNeedingSSL} > SSL
- Private Key Alias : {YourCertificateName in this example ‘selfsigned’}
- Private Key Passphrase: {YourCertificatePassword in this example ‘keyPass’}
- Confirm Private Key Passphrase: {YourCertificatePassword in this example ‘keyPass’}
- Advanced > Hostname verification: None
- Advanced > Use JSSE SSL: ☑
- On the top left corner, Activate Change
- Restart Weblogic Domain
That’s it, you can connect to your hosted application in SSL (https://{YourHostName}:{YourSSLPort}/{YourAppName})
Note : If you encounter the error BEA-090716: Alert: Failed to retrieve identity key/certificate from keystore ksFile under alias alias on server serverName be sure that {YourCertificatePassword in this example ‘keyPass’} and {YourKeystorePassword in this example (1) example ‘storPass’} are different