Create a Self Signed Sertificate on WLS 10.3.5 Supporting SHA 256 Algorthim.

Posted by adejuanc on Oracle Blogs See other posts from Oracle Blogs or by adejuanc
Published on Thu, 18 Oct 2012 13:21:58 +0000 Indexed on 2012/10/18 17:12 UTC
Read the original article Hit count: 468

Filed under:
1) Set domain to call the keytool

$. setDomainEnv.sh


2) Generate the key

$ keytool -genkey -alias selfsignedcert -keyalg RSA -sigalg SHA256withRSA -keypass privatepassword -keystore identity.jks -storepass password -validity 365

What is your first and last name?
[Unknown]: adejuan-desktop.cl.oracle.com
What is the name of your organizational unit?
[Unknown]: a
What is the name of your organization?
[Unknown]: e
What is the name of your City or Locality?
[Unknown]: i
What is the name of your State or Province?
[Unknown]: o
What is the two-letter country code for this unit?
[Unknown]: U
Is CN=
adejuan-desktop.cl.oracle.com, OU=a, O=e, L=i, ST=o, C=U correct?
[no]: yes



3) Export the root certificate

$ keytool -export -alias selfsignedcert -sigalg SHA256withRSA -file root.cer -keystore identity.jks
Enter keystore password:
Certificate stored in file <root.cer>



4) Import the root certificate to the trust store


$ keytool -import -alias selfsignedcert -sigalg SHA256withRSA -trustcacerts -file root.cer -keystore trust.jks
Enter keystore password:
Re-enter new password:
Owner: CN=
adejuan-desktop.cl.oracle.com, OU=a, O=e, L=i, ST=o, C=U
Issuer: CN=
adejuan-desktop.cl.oracle.com, OU=a, O=e, L=i, ST=o, C=U
Serial number: 4f17459a
Valid from: Wed Jan 16 15:33:22CLST 2012 until: Thu Jan 15 15:33:22 CLST 2013
Certificate fingerprints:
MD5: 7F:08:FA:DE:CD:D5:C3:D3:83:ED:B8:4F:F2:DA:4E:A1
SHA1: 87:E4:7C:B8:D7:1A:90:53:FE:1B:70:B6:32:22:5B:83:29:81:53:4B
Signature algorithm name: SHA256withRSA
Version: 3
Trust this certificate? [no]: yes
Certificate was added to keystore



5) To check the contents of the keystore

keytool -v -list -keystore identity.jks
Enter keystore password:

***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: selfsignedcert
Creation date: Jan 18, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=
adejuan-desktop.cl.oracle.com, OU=a, O=e, L=i, ST=o, C=U
Issuer: CN=
adejuan-desktop.cl.oracle.com, OU=a, O=e, L=i, ST=o, C=U
Serial number: 4f17459a
Valid from: Wed Jan 16 15:42:16CLST 2012 until: Thu Jan 15 15:42:16 CLST 2013
Certificate fingerprints:
MD5: 7F:08:FA:DE:CD:D5:C3:D3:83:ED:B8:4F:F2:DA:4E:A1
SHA1: 87:E4:7C:B8:D7:1A:90:53:FE:1B:70:B6:32:22:5B:83:29:81:53:4B
Signature algorithm name: SHA256withRSA
Version: 3


*******************************************
*******************************************



6) In some cases, this parameter is needed in the server start up parameters.


-Dweblogic.ssl.JSSEEnabled=true


Otherwise, enable it from the Server configuration -> SSL -> Use JSSE checkbox.

© Oracle Blogs or respective owner

Related posts about /Oracle