Best Tutorial a rare exception a gem from India..Salute your preciseness, to the point and your knowledge and knowledge sharing abilities. I was literally tired of hours of long videos with virtually no knowledge from our other Indian bros
Tech tutorials don't get any better than this one. This is one of the best Oracle Tech videos on the internet. Thanks Prassad for all the work you put into delivering clear, easy to understand SSL concepts and procedures as it relates to the WebLogic Server.
Its really helpful to Fewember please Update your info.. We waiting for This Conpect *** How to Create a Wallet via ORAPKI in Fusion Middleware 12c (12.1.x)...?
Thanks for this excellent video, to understand the basics. I have case. SSL certificates are getting expired, we have received the new certificate and key file. How to update .jks file using the new key and certificate file. Can you please share the steps. Thanks in Advance...
I believe the description about integrity of SSL/ Digital Ceritificate is a bit wrong when you said client hashes the message and sends it to the server. I believe that server uses its public key as the plain text and creates the message digest/ Hash-value using the hash function (generally SHA*). Now server appends the hash function used to create this message digest in the message digest, and finally appends it with the plain public key and encrypt the whole data with its private key and send it in the Digital certificate. When this encrypted data comes to the client, it fetches the public key decrypts the encrpyted message digest with the help of server's public key and fetches the hashing algoritm (ie. SHA). Now client hashes the public key with this algorithm and gets a hash value or a message digest. Now if the message digest came from server and message digest generated at client side matches then only client authenticate the Digital Certificate's authenticity/integrity. Please correct me if my understanding is not correct here. Thanks!
Hi Prasad, thanks for putting this tutorial together! Will this enable fusion middleware console also to be accessed with SSL in admin console URL? Will enabling this with admin server work on both forms and reports services as well? for URLs with OHS ports
Hi Prasad - Thanks for this great video. Q: Would you please shed some light on following scenario? If internal company CA (signer) root and issuing/intermediate certificates are used with identity and trust keystores, in order to see the certificate chain properly. What do we need to do? At the beginning of the video you mentioned any third party signer certificates should go to trust (key)store, do we need to import them as $>keytool -importcert or $>keytool -import -trustcacerts into truststore? In addition to that, do we need to import CA's root and issuing certificates into the (identity) keystore before importing signed certificate from (internal) CA. Put it simply I can't figure out why my certificate chain is not visible in my (identify) keystore? A: I've used iKeyMan GUI tool to manage keys and also put the internal signer certificates into cacert of JAVA_HOME---> JRE -->lib---> security--> cacerts and I was able to see the certificate chain $>keytool -list -v Thanks in advance,
Hi Prasad the way of ur presentation is very good and its useful And i have a question from my oin development side we r getting ssl. Handshake exception even the ssl certificate was imported in a right way Can u please suggest what i need to do resolve that error
Hi Prasad, thank you so much for this video. Need some advice from you, is there any guide for Oracle weblogic application server 10.3 to support domain with SSL ? Appreciate that your supprt.
Thanks for this great presentation Prasad. I am new to Weblogic & SSL. Generate Keypair, suggests that there are two keys created yet there is only one entry. I followed the CSR process but received one certificate back from our CA. I imported this certificate successfully into Weblogic keystore/keypair alias. It is still a bit confusing where the identity and trust certificates would be at the end of these steps. Whether importing the certificate from CSR process into a separate keystore would serve as a trusted certificate. Isn't there a step to change the port number on which HHTPS traffic listener will be? Thank you, Jayanth
I hope someone could answer my question. Most of the applications are inside the companies domain. No one outside the dmz could access them. Why do need a trusted CA like VeriSign to sign the certificate? Any work around? Thanks.
Hi Prasad, Can you tell how to import Private Key in Weblogic. Getting below error : Cannot retrieve identity certificate and private key on server AdminServer, because the keystore entry alias is not specified
Hi Prasad, Very Good Video . . Hope you remember me . . We had shared work space before 5 years .. Really great initiative to share knowledge . . Videos was awesome Thanks Anwar
I have a problem: My app is running in weblogic 12c. I have property file inside a path and application works fine normally. When I do start and stop the application in Deployments page after making some configuration changes in property file, changes usually get reflected properly when I use in my data center oracle cluster. But, we migrated to AWS weblogic server which is provisioned thru their aws marketplace. Here, after making config change in property file and make a application restart from Deployments page, changes are not working. Could you please guide if you are getting any possible solution for this issue?
Hi Prasad, Could you please let me know where could I find location of EM -> weblogic domain -> security -> system -> trust to access the trust store using terminal.
Hi Prasad, even after installing the certificates when i am loading web-logic console page with ssl port i am getting not secure icon ,kindly suggest pls
Hi prasad i am facing a problem with Webdav i am using webcenter content 12.2.1 and using the webdav component to open a document and edit it my problem is that when i am trying to open the link of the document using webdav inside word or acrobat reader there is a popup appears asking me for putting the credentials !! always asking me about user credentials if you have experiance with such kind behaviour or webdav please lemme know thanks
Hi sir, i have imported the certificates and weblogic keystore and ssl portion also complete. The link is opening using ss but the certificate is showing invalid. And the from and to authorities are showing the same.
Hi Prasad, The video and the tutorial is really good. There is lot of things that can be done using the admin console, but same operation of associating the certificate to the managed server possible through CLI or any API call? Are you aware of any such mechanism? -Jeevan
Thanks Prasad, for the Information...i am using oracle soa suite 12c , i am trying to create identity.jks and trust.jks , created mycompany.jks and now in 'trust' section in console do i need to create one more .jks and load it or i can upload mycompany.jks..?
hi, I am using certificate issued to me by company to secure the weblogic server. Is this right. Basically what i wish to achieve is .. when someone tries to access the url , it should prompt for for certificate , upon inserting pki card it should ask for pin and hence authenticate the user
is there a way, i can create the kss based keystore using wlst or keytool, i would want to automate creating and changing the keystore in my domain using wlst.
@Prasad ---- You did not create a truststore at 26:00 - You selected a custom truststore. Since you did not create a custom truststore won't WebLogic complain. Should you have just picked the Java default in this case.
