Monday, July 4, 2016

Oracle® Weblogic 10.3.6 Or Higher: Steps to create a Self-Signed Certificate using the SHA-256 Algorithm

Support for SHA-256 with JSSE is supported in WLS 10.3.3 and higher, in conjunction with using the JSSE SSL implementation. It is not supported when using the Certicom SSL implementation, which is deprecated in WLS 10.3.4 and higher.

The following sections describes the steps to create the self signed SHA-256 certificate.

  • Set the WLS domain, by executing the command setDomainEnv.sh or setDomainEnv.sh (Windows)
  • Enter the following pieces of when prompted

$ keytool -genkey -alias selfsignedcert -keyalg RSA -sigalg SHA256withRSA -keypass password1 -keystore identity.jks -storepass password -validity 365

What is your first and last name?
[Unknown]: soad.mindtelligent.com
What is the name of your organizational unit?
[Unknown]: mindtelligent-soa
What is the name of your organization?
[Unknown]: MindTelligent
What is the name of your City or Locality?
[Unknown]: El Dorado Hills
What is the name of your State or Province?
[Unknown]: c
What is the two-letter country code for this unit?
[Unknown]: US
Is CN= soad.mindtelligent.com, OU= mindtelligent-soa, O= MindTelligent, L= El Dorado Hills, ST= El Dorado Hills, C=US correct?
[no]: yes

  • Export the certificate

$ keytool -export -alias Mindteligent-SelfSigned -sigalg SHA256withRSA -file root.cer -keystore identity.jks
Enter keystore password:
Certificate stored in file <root.cer>          


  • Import the root certificate to the trust store:

$keytool -import -alias Mindteligent-SelfSigned  -sigalg SHA256withRSA -trustcacerts -file root.cer -keystore trust.jks
Enter keystore password:
Re-enter new password:

  • Please include the following parameter for startup options.


-Dweblogic.ssl.JSSEEnabled=true

1 comment:

ForgeRock IAM : OpenDS (Open Directory Server). Importing LDIF files

The most efficient method of importing LDIF data is to take the OpenDJ server offline. Alternatively, you can schedule a task to import the ...