在WebLogic上使用您的应用程序之前,我始终建议在托管您的应用程序的Weblogic服务器上激活 SSL 。
使用HTTPS 协议访问您的应用程序将确保您的用户数据不被拦截。
为此,您应该首先获得一个有效的证书:
1) (可选——不要用于生产)使用 java keytool 生成您的自签名证书
注意:使用自签名证书仅用于测试目的。使用时,浏览器会强烈警告用户您的证书不受信任。
先决条件:在您的计算机上安装了 Java
| # Open a command terminal in the bin folded of your java installation (e.g: C:\Program File(x86)\Java\jreXXXX\bin) | |
| # In the commands below : | |
| # - selfsigned is the name of the certificate | |
| # - storPass is the password of the keystore and truststore | |
| # - keyPass is the password of the certificate | |
| # You can change those values for yours | |
| #Generate the keystore.jks | |
| keytool -genkeypair -alias selfsigned -keyalg RSA -keysize 2048 -validity 365 -keypass keyPass -storepass storPass -keystore keystore.jks | |
| #Enter your informations when prompt | |
| #Be aware those information will be visible in your browser | |
| #Export the selfsigned.cer from the keystore.jks | |
| keytool -exportcert -alias selfsigned -file root.cer -keystore keystore.jks -storepass storPass | |
| #Generate the truststore.jks | |
| keytool -importcert -alias selfsigned -file root.cer -keystore truststore.jks -storepass storPass | |
| #The jks files are available in the folder |
2) 使用 FTP/SSH 将证书添加到域服务器
| #Connect to the Weblogic Host through FTP and upload your keystore.jks and truststore.jks to your user home | |
| #Connect to the Weblogic Host through SSH with your user | |
| #Copy the trustStore and keyStore to a tmp folder available from your {YourWeblogicUser} | |
| [{YourSSHUser}@{YourWeblogicHost} ~]$ cp truststore.jks /tmp/ | |
| [{YourSSHUser}@{YourWeblogicHost} ~]$ cp keystore.jks /tmp/ | |
| #Sudo to {YourWeblogicUser} | |
| [{YourSSHUser}@{YourWeblogicHost} ~]$ sudo su - {YourWeblogicUser} | |
| #Copy files to {YourWeblogicDomainPath}/{YourWeblogicDomainName}/certificates | |
| [{YourWeblogicUser}@{YourWeblogicHost} ~]$ mkdir {YourWeblogicDomainPath}/{YourWeblogicDomainName}/certificates | |
| [{YourWeblogicUser}@{YourWeblogicHost} ~]$ cp /tmp/truststore.jks {YourWeblogicDomainPath}/{YourWeblogicDomainName}/certificates | |
| [{YourWeblogicUser}@{YourWeblogicHost} ~]$ cp /tmp/keystore.jks {YourWeblogicDomainPath}/{YourWeblogicDomainName}/certificates |
3)在Weblogic中配置SSL
注意:在选择 SSL 端口之前,请确保它没有在其他地方使用
就是这样,您可以连接到 SSL 中的托管应用程序 (https://{YourHostName}:{YourSSLPort}/{YourAppName})
注意:如果您遇到错误BEA-090716: Alert: Failed to retrieve identity key/certificate from keystore ksFile under alias alias on serverName确保 {YourCertificatePassword in this example 'keyPass'} 和 {YourKeystorePassword in this example (1)示例 'storPass'} 不同