Configuring SSL on Weblogic Server – Custom Identity and Custom Trust

I have been getting a lot of request for creating a very simple document for configuring SSL on Weblogic Server.

Its a pretty straight forward configuration, but most people are not aware of it. WLS is by default configured with DemoIdentity and DemoTrust, we just need to enable SSL port under General Tab of the Server and WLS will start listening over SSL on that port. However using Demo Certificates are not recommended in Production Environment so we can either get our certificates signed by a third party certifying authority or use our own root ca which we can use to sign our own certificates. To keep things simple I have developed a simple build script to generate SELF SIGNED CERTIFICATES. You just need to set the environment by running setWLSEnv.cmd present under WL_HOME\server\bin. Run the build script and the keystores will be generated in that directory. I have used keytool to generate the keystores, you can get more details here

Follow the steps below to configure WLS with your Custom Certificates. Later you can modify the values in the build.xml to suit your requirement. Which makes it very easy to generate the Keys Just by Modifying the Attribute values….

Step1).Create a Directory somewhere like :


Step2).Write the following “build.xml” file inside “C:\MyCertificates


<project name=”Generate Keystores” default=”all” basedir=”.”>
<property name=”alias” value=”alias” />
<property name=”dname” value=”CN=localhost, OU=Customer Support, O=BEA Systems Inc, L=Denver, ST=Colorado, C=US”/>
<property name=”keypass” value=”keypass” />
<property name=”identity.jks” value=”identity.jks” />
<property name=”storepass” value=”storepass” />
<property name=”cert.cer” value=”cert.cer” />
<property name=”trust.jks” value=”trust.jks” />
<property name=”jdk.home” value=”C:/bea/jdk150_06? />
<target name=”all” depends=”create-keystores”/>

<target name=”create-keystores”>
<echo>Generating Identity of the Server</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-genkey -alias ${alias} -keyalg RSA -keysize 1024 -dname “${dname}” -keypass ${keypass} -keystore ${identity.jks} -storepass ${storepass}’ />
<echo>Self Signing the Certificate</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-selfcert -alias ${alias} -dname “${dname}” -keypass ${keypass} -keystore ${identity.jks} -storepass ${storepass}’ />
<echo>Exporting the Server certificate</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-export -alias ${alias} -file ${cert.cer} -keystore ${identity.jks} -storepass ${storepass}’ />
<echo>Creating Trust Store</echo>
<exec executable=”${jdk.home}/bin/keytool.exe”>
<arg line=’-import -alias ${alias} -file ${cert.cer} -keystore ${trust.jks} -storepass ${storepass} -noprompt’ />


Step3).Now Open a command/Shell Prompt and then run the “. ./” to setup the Environment.

Step4).Now Just run the ANT script by typing “ant” in the command prompt…. It will create all the required Certificates.

Step5). Now Login to the Amdin Console to Configure these Certificates…

Home >Summary of Servers >AdminServer > General
SSL Listen Port: Enabled (Check)
SSL Listen Port: 7002

Home >Summary of Servers >AdminServer > Keystores
Keystores: Custom Identity Custom Trust
Custom Identity Keystore: <path>/identity.jks
Custom Identity Keystore Type: JKS
Custom Identity Keystore Passphrase: storepass
Confirm Custom Identity Keystore Passphrase: storepass
Custom Trust Keystore:<path>/trust.jks
Custom Trust Keystore Type: JKS
Custom Trust Keystore Passphrase: storepass
Confirm Custom Trust Keystore Passphrase: storepass
Click SAVE

Home >Summary of Servers >AdminServer > SSL
Identity and Trust Locations: Keystores
Private Key Alias: alias
Private Key Passphrase: keypass
Confirm Private Key Passphrase: keypass
Click SAVE

Step6).Now try to access the Admin Console…on HTTPS port


Latest Comments

  1. Shawn January 31, 2011
  2. jappi gill March 1, 2011
    • Administrator March 1, 2011
  3. jappi gill March 3, 2011
    • Administrator March 3, 2011
  4. sumit March 13, 2011
  5. nikos_s April 21, 2011
    • Administrator April 22, 2011
  6. nikos_s April 26, 2011
    • Administrator April 30, 2011
  7. Lucia April 29, 2011
    • Administrator April 30, 2011
  8. Chetan Jain December 22, 2011
    • Administrator February 3, 2012
  9. WeblogicAdmin May 31, 2012
    • Administrator June 5, 2012
  10. Ashish June 15, 2012
    • Administrator June 19, 2012
  11. rick December 15, 2012
    • anandraj December 18, 2012
  12. Robert March 13, 2013
    • Administrator March 28, 2013
  13. janardhan November 21, 2013
  14. Rajendra November 28, 2013
    • Administrator December 9, 2013
  15. Javier Martín November 18, 2014
    • Administrator November 24, 2014
  16. Administrator September 1, 2012

Leave a Reply