For this post I assume that we have download it the OpenSSL, you have already installed and configured the OTD 11.1.1.7.
First we have to create a server certificate and based on this one we will import it to OTD keystore repository.
1. First we have to create a certificate request.
./openssl.exe req -config openssl.cnf -new -out soa.csr
Along with certificate request it was created a private key.
2. Extract from private key the server key into file "my-serverkey.pem".
./openssl rsa -in privkey.pem -out my-serverkey.pem
3. Next step we will sign the request "soa.csr".
./openssl x509 -req -md5 -CAcreateserial -in soa.csr -days 365 -CA simpleCA\ca.pem -CAkey simpleCA\ca-key.pem -extfile openssl.cnf -out soa.pem
4. For importing the server certificate into OTD keystore we have to export the signed certificate in PKS12 format.
openssl pkcs12 -export -in soa.pem -inkey my-serverkey.pem -out soa.p12 -name "soa-server"
5. The final step is to import server certificate into OTD key store.
>export OTD_HOME=/u01/oracle/mw/product/11.1.1.7.0/trafficdirector_Home_1
>cd $OTD_HOME/bin
For importing the servcer certificate into OTD key store we have to import first the root ca of the authority with which we create the server certificate.
5.1. Install root ca authority into OTD keystore.
./certutil -A -n root_ca -i /u01/oracle/certificate/ca.pem -t "CT,," -d /u01/oracle/otd/11.1.1.7.0/instances/soa01/net-soa/config
5.2. Install signed "soa.p12" PKS12 certificate to OTD keystore.
./pk12util -i /u01/oracle/certificate/soa.p12 -n soa_key -d /u01/oracle/otd/11.1.1.7.0/instances/soa01/net-soa/config
6. Deploy changes to OTD by login to OTD Admin Console "https://otd-soa-bond1.oracle.com:8989" and just push the button Deloy Changes.
7. On OTD we created the HTTPS listener and attached the imported server certificate.
Create https listener "soa-test.oracle.com:7771" and attache the soa-server certificate.
8. For WebLogic Admin Server to work on HTTPS we have to enable Weblogic Plug-In.
References:
How To Extract Certificates and Private key From Oracle Wallet Manager Generated ewallet And Install Them to Oracle Traffic Director? (Doc ID 1988742.1)
How To Extract A Certificate And It's key From Java Keystore And Then Import Them To OTD Certificate And Key Store? (Doc ID 1931764.1)
First we have to create a server certificate and based on this one we will import it to OTD keystore repository.
1. First we have to create a certificate request.
./openssl.exe req -config openssl.cnf -new -out soa.csr
Along with certificate request it was created a private key.
2. Extract from private key the server key into file "my-serverkey.pem".
./openssl rsa -in privkey.pem -out my-serverkey.pem
3. Next step we will sign the request "soa.csr".
./openssl x509 -req -md5 -CAcreateserial -in soa.csr -days 365 -CA simpleCA\ca.pem -CAkey simpleCA\ca-key.pem -extfile openssl.cnf -out soa.pem
4. For importing the server certificate into OTD keystore we have to export the signed certificate in PKS12 format.
openssl pkcs12 -export -in soa.pem -inkey my-serverkey.pem -out soa.p12 -name "soa-server"
5. The final step is to import server certificate into OTD key store.
>export OTD_HOME=/u01/oracle/mw/product/11.1.1.7.0/trafficdirector_Home_1
>cd $OTD_HOME/bin
For importing the servcer certificate into OTD key store we have to import first the root ca of the authority with which we create the server certificate.
5.1. Install root ca authority into OTD keystore.
./certutil -A -n root_ca -i /u01/oracle/certificate/ca.pem -t "CT,," -d /u01/oracle/otd/11.1.1.7.0/instances/soa01/net-soa/config
5.2. Install signed "soa.p12" PKS12 certificate to OTD keystore.
./pk12util -i /u01/oracle/certificate/soa.p12 -n soa_key -d /u01/oracle/otd/11.1.1.7.0/instances/soa01/net-soa/config
6. Deploy changes to OTD by login to OTD Admin Console "https://otd-soa-bond1.oracle.com:8989" and just push the button Deloy Changes.
7. On OTD we created the HTTPS listener and attached the imported server certificate.
Create https listener "soa-test.oracle.com:7771" and attache the soa-server certificate.
8. For WebLogic Admin Server to work on HTTPS we have to enable Weblogic Plug-In.
References:
How To Extract Certificates and Private key From Oracle Wallet Manager Generated ewallet And Install Them to Oracle Traffic Director? (Doc ID 1988742.1)
How To Extract A Certificate And It's key From Java Keystore And Then Import Them To OTD Certificate And Key Store? (Doc ID 1931764.1)
