I am consuming third party web service in my application. It has https url which requires handshake. I am using Weblogic application Server and I want to configure the certificate in my server.
Can anyone please provide me steps to configure that certificate?
Also What is Identity and Trust on Weblogic Console?
Please help!!
Update the cacerts file for the JVM used by WebLogic. Using the WebLogic console, select the server. Then use the Configuration > Keystores tab to find the cacerts file location labeled Java Standard Trust Keystore on this page.
You will want to import the certificate from the web service into this cacerts file. If you are a Windows user, I use a free tool called Keystore Explorer (http://keystore-explorer.sourceforge.net/). This application allows to directly import the certificate using the URL. Do this by opening your cacerts file in KeyStore Explorer then use the Examine SSL option to import the certificate.
I resolved this by using keytool command provided in Jdk bin folder.
I just went to demotrust.jks and imported the third party certificate in it and it worked for me.
I used below command.
${ORACLE_HOME}/product/jrockit-jdk1.6.0_20-R28.1.0-4.0.1/bin/keytool -import -alias [AliasForYourCertificate] -keystore ${ORACLE_HOME}/Middleware/wlserver_10.3/server/lib/DemoTrust.jks -file /home/oracle/[YourCertFile].crt
Related
I have a working local website which I enabled via IIS Manager on Windows 10 Home. Now I want to serve my website via HTTPS instead of HTTP. I have created and added self-signed SSL cert using OpenSSL and MMC (following this blog). However, when I tried to add the HTTPS binding to my website using the IIS Manager, there is NO cert displayed for me to add for the binding. See screen shot. Can someone suggest what I might be missing? How do I bind the key/cert to my local website under Windows 10?
It looks like you forgot to import .pfx file to your IIS server certificate.
Please go to IIS manager->server side->server certificates.
Then click import.. button to upload your certificate.
After uploading the certificate, you should be able to select your certificate in IIS binding.
OK, so it turns out the self-signed cert in the procedure is in the .cer/.pem format, whereas Windows IIS expects a .pfx. The confusion part is the fact the tutorial also demonstrates using Windows MMC and IIS, and that MMC "accepts" the .cer when I did the certificate import.
Bottomline: I need to package my .key and .cer files into a .pfx file using the following command before importing the cert into my Personal store:
openssl pkcs12 -export -out my.pfx -inkey my.key -in my.crt
During cert import using MMC, I did need to change the file extension using the dropdown list. Now this cert would show up when I add the website binding via IIS Manager.
I have a xmpp server (openfire 3.9.3) and trying to secure my non-ssl connection to ssl connection.
that's why i have created a self-signed certificate using java keytool as
keytool -genkey -keystore keystore -alias example.com
and i filled the several pieces of information required for the certificate.
the certificate successfully created. and i configured my server to access the keystore file but when restart my xmpp server it says
Unable to access certificate store. The keystore may be corrupt
what should i do for fixing the same issue ?
thanks in advanced
You can :
Delete certs in AdminWEB interface.
Restart openfire
Delete /opt/openfire/resources/security/keystore file
Generate new cert from web interface.
References : http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ssl-guide.html
Hope this help...:)
I have a java web project and I have used few certificates to contact a URL. Now I have deployed project as a WAR file in a Unix server and my project has a certificate issue.
I have the certificates in my local store and I need to put them in the Unix server and need to add them to the keytool in Tomcat. How do i do that.
Can I get an example how do I do that with keytool?
There are at least 3 ways of handling this problem:
You can import the certificate into the JRE's default truststore (often in $JAVA_HOME/lib/security/cacerts). This will affect all the applications using that JRE (unless they override the default settings). You'll need to have write permissions on that cacerts file to do this too.
You can import the certificate into a local keystore that you will configure to be Tomcat's default truststore. Typically, you could make a copy of the default cacerts file and import your certificate into this copy, or you can create a new keystore and import only the certificates you know you need (keytool -import -keystore ... will create the keystore file if it doesn't exist). This can be done in tomcat by setting an additional system property in catalina.sh (or .bat): in JAVA_OPTS, you can add -Djavax.net.ssl.trustStore=/path/to/local/truststore.jks for example (and other related properties).
You can make that certificate be used only by certain connections in your application (or set the default SSLContext programmatically). For this, you'll need to alter your application so that it loads the keystore, uses it to initialise a TrustManagerFactory, in passed into an SSLContext. Then, how that SSLContext can be used depends on the client library you're using. There is an example in this answer.
Either way, you can import your cert (be it a CA cert or a specific server cert) into the truststore of your choice using:
keytool -import -file cert.pem -alias "some name" -keystore truststore.jks
(If using the programming route, you can also create your keystore in memory and load the certificate file dynamically, as shown in this answer. Using keystores might be easier, it's up to you to assess the pros and cons of the deployment you want to use.)
I got the answer for this. We need to find which java file the tomcat is using and we need to add the keytool to that particular thing.
this is where the tomcat has its cacerts .ie. the java which is used by the tomcat.
etc/pki/java/cacerts
Keytool command:
keytool -import -alias ttg-lys-cm1 -file /var/lib/certificates/ttg-lys-cm1.cer -keystore "/etc/pki/java/cacerts"
Once you do this restart tomcat and it works fine.
Thanks
pradeepa
I am using worklight 6.1 version and MAC 10.8. I have build the project which uses adapter and it require self sign certificate. On windows I know how to do that and it works fine for me but when I am trying the same worklight setup on MAC machine. I am not able to do that. I have tried to import certificate and remove the default path in worklight.properties file as i have done the same thing in windows but it din't worked for me.
http://docs.oracle.com/javase/tutorial/security/toolfilex/rstep1.html
#SSL certificate keystore location.
#ssl.keystore.path=conf/default.keystore
#SSL certificate keystore type (jks or PKCS12)
#ssl.keystore.type=jks
#SSL certificate keystore password.
#ssl.keystore.password=worklight
Please help me if there is any docs regarding that.
The following documentation shows instructions for "Configuring SSL between Worklight adapters and back-end servers by using self-signed certificates":
https://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/topic/com.ibm.worklight.installconfig.doc/admin/t_configuring_SSL_WL_adapters_backend_servers_certificates.html
In regards to importing the certificate into the default keystore you can do something similar to the following as described in the above documentation:
keytool -import -alias backend -file backend.crt -storetype JKS -keystore default.keystore
Please let me know if you have any trouble following these instructions. I have completed these steps on a MAC machine myself and was successful.
You can use keystore explorer (http://keystore-explorer.sourceforge.net/) , this is a great GUI tool to work with keystores and certificates. as for ssl.keystore.path you can specify both relative and absolute path to your keystore file
I have currently deployed a war file in my Jetty 8.x webapps container. I can start the Jetty server and connect to my server using HTTP. I want to be able to connect using HTTPS. What is the easiest way to enable HTTPS on Jetty 8.x? I am willing to use a self-signed certificate if necesssary.
I need the following:
steps to generate and import cert into Jetty (preferably using a self-signed cert)
configuration required in Jetty to support HTTPS / SSL
command line parameters to start Jetty with SSL enabled
Secondly, is anyone aware of how to turn Jetty 8.x so that it can be run as a Windows service?
For more details, I am running into problems enabling SSL on Jetty. I am trying to use a self signed cert for this purpose. I'm using keytool to create a keypair and self signed cert as follows:
keytool -genkey -alias domain -keyalg RSA -keysize 2048 -validity 365 -keystore keystore
I then copy the keystore to my c:\jetty\etc directory. I edit the file 'jetty-ssl.xml' to make sure that the HTTPS port is set to 8443. When I restart the Jetty server, it seems to be listening on port 8443 and the startup sequence doesn't return any errors. However, when I try to connect using HTTPS, I get errors. Is there a prescribed method for generating a self signed cert and using this cert in the SSL configuration with Jetty?
1) http://wiki.eclipse.org/Jetty/Howto/Configure_SSL
2) http://git.codehaus.org/gitweb.cgi?p=jetty-project.git;a=tree;f=jetty-win32;h=e296255dc355f3abf37bf3f4faddfe383505416c;hb=HEAD
You'll need to adapt that for you particular usage, we stopped building it with release quite a while back because its license changed and the version we were using was getting crufty. Alternately take a look at the updated version of the tanuki stuff and if you can handle the license use that.