Below are some commonly used keytool commands that i always forget 🙂
In one of my projects recently, even after importing the correct ssl certificates in the keystore (cacerts and DemoTrust.jks) on the weblogic server, when accessing the webservice over https gave an error.
javax.xml.ws.WebServiceException: javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from example.com - 172.16.250.58. Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.
One of the important parameters when doing performance tuning is tuning of the Application Modules.
Below are some of the important ampool parameters to consider for tuning: Continue reading “ADF Application Module tuning”
If you are connecting to the server you need to know where the key stores live, so here is a table with all the default values in:
Continue reading “Default passwords for Demo Truststore and Demo Identitystore in WebLogic”
When you configure SSL, you must decide how identity and trust will be stored. Although one keystore can be used for both identity and trust, Oracle recommends using separate keystores for both identity and trust because the identity keystore (private key/digital certificate pairs) and the trust keystore (trusted CA certificates) may have different security requirements. For example: Continue reading “Identity and Trust Keystores”
WebLogic Server uses the following algorithm when it loads its trusted CA certificates:
- If the keystore is specified by the
-Dweblogic.security.SSL.trustedCAkeystorecommand-line argument, load the trusted CA certificates from that keystore.
- Else if the keystore is specified in the configuration file (
config.xml), load trusted CA certificates from the specified keystore. If the server is configured with DemoTrust, trusted CA certificates will be loaded from the
\server\lib\DemoTrust.jksand the JDK
- Else if the trusted CA file is specified in the configuration file (
config.xml), load trusted CA certificates from that file (this is only for compatibility with 6.x SSL configurations).
- Else load trusted CA certificates from
$MW_HOME/oracle_common/bin/orapki wallet display -wallet ~/cwallet.sso
[oracle@wcsoa bin]$ ./orapki wallet display -wallet /webdata/Oracle/admin/wcsoadomain/aserver/wcsoadomain/config/fmwconfig/bootstrap/cwallet.sso
Oracle PKI Tool : Version 220.127.116.11.0
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Secret Store entries:
Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
This is for quick reference for acronyms that i keep forgetting 🙂
I am installing WebLogic 10.3.5 on Linux.
In this post i am installing JRockit 6 – R18.104.22.168.0 for Linux x86-64