SSL stands for secure sockets layer. It is a security protocol to enable Web sites to pass sensitive information securely in an encrypted format. It is based on the RSA Data Security’s public-key cryptography.

SSL provides transport level security by usage SSL certificates which are provided by standard Certificate Authorities like such as VeriSign.

The weblogic server supports SSL for dedicated ports. The default ssl ports are 7002 for the admin server and 9804 for the BI server. To establish the ssl connection through the web browser, the url must have the HTTPS protocol and the ssl port number. For example: https://yourserver.com:7002

Below are the steps for weblogic ssl configuration for the Admin Server

Step 1. Generate the certificate.

  • Open a command promp in the obiee server box.
  • Enter the following command at the D:\\jdk\bin path:

keytool -genkey -alias -keyalg  RSA -keysize 2048  -.jks

  • Entering the above string generates a series of questions to be answered. The questions should look something similar to what is listed below
  • Enter a pass word that can be remembered. The command with then issue a series of questions:

What is your first and last name ?

What is the name of your organizational unit?

What is the name of your organization?

What is the name of your City or Locality?

What is the name of your State or Providence?

What is the two letter country code for this unit?

Is this correct? Type yes and hit enter

Step 2: Generate a CSR to send to certifying authority.

  • Enter the following command at the D:\\jdk\bin path:

keytool -certreq -keyalg RSA -keysize 2048 -alias -file certreq.csr -.jks

  • By default, The csr is then created in the D:\\jdk\bin catalog path.
  • Send the file to the certifying authority in order to get a response file.

Step 3: Import Certificate into the keystore.

  • There is like to be 3 response files given to you by the certifying authority. A response file, intermediate and a root. These will be combined into one file for the import process. The root file should be at the bottom of the page, the intermediate in the middle, and the response at the top. See below for an example of how the file is formatted.

Weblogic SSL Configuration - certificate file formatting

  •  Save this file as .pem file and store it in the D:\\jdk\bin catalog path.
  • Enter the following command at the D:\\jdk\bin path:

keytool -import  -file CertChain.pem -alias -.jks -storepass

Step 4: Create a Trust Store.

  • Create the trust store by importing the Root Certificate that was received from the certifier, into another keystore that constitutes the trust.
  • Open a command prompt in the obiee server and enter the following:

keytool -import  -file -alias -.jks -storepass

Step 5: Weblogic – Configure Identity of Server

  • Login to the Admin console (http://yourserver:7001/console). Click on Servers and then Admin Server.
  • Click on the Configuration  tab and the Keystores  tab

 Weblogic SSL Configuration - configure server identity

  • In the top left corner of the screen click the Lock & Edit button
  • Click on the Change button. Change the drop down to Custom Identity and Custom Trust.

 Weblogic SSL Configuration - Custom Identity and Custom Trust

  • Change the Store identity to the one that was created earlier in the case the path is: D:\\jdk\bin\Identity.jks.
  • Set the keystore type as JKS
  • Enter in the keystore password and confirm

 

  • Change the custom trust keystore to the trust.jks file that was created earlier. The path for the file is D:\Oracle Home>\jdk\bin\trust.jks

Weblogic SSL Configuration - trust.jks file

  • Set the store type as JKS
  • Enter in the keystore password and confirm.
  • Click on the SSL tab.
  • Type in the Alias for the keystore that was created earlier. Enter and confirm the password.
  • Click on the General tab.

Check the SSL Listen Port Enabled check box.

Weblogic SSL Configuration - SSL Listen Port Enabled

  •  Restart the Admin Server and all other services.

Note 1: It is best practice to disable the non – SSL port. This will force all traffic to go through the SSL protected port.

Test SSL Setup

  • Log into the https url with the new port of 7002. Ex. https://myserver:7002/console
  • Verify that the certificate is on the site.

Weblogic SSL Configuration - Test SSL Setup

  • SSL configuration completed.