BEA WebLogic Server 7 사용자 설명서

BEA WebLogic Server 7.0 Upgrade Guide

 in the Administration Guide. There is no direct upgrade 

of the old 

password.ini

 file because it contained a clear text password and no 

username.

This section contains information on how to upgrade the SSL protocol including 
instructions for creating a trusted CA Keystore, creating a private key Keystore, and 
using a CertAuthenticator in Compatibility security.

By default in WebLogic Server 7.0, clients check the server’s trusted certificate 
authority. This check is done whenever a client and server connect using SSL, 
including when WebLogic Server is acting an a client. For example, when a client is 
using the SSL protocol to connect to an Apache HTTP Server, the client checks the 
trusted certificate authorities presented by the server. The client rejects the server's 
trusted certificate authority if the certificate authority is not trusted by the client. 
Previous versions of WebLogic Server did not perform this trust validation. 

Make the following changes to allow an existing 6.x WebLogic client to use SSL 
protocol to communicate with a server:

1. Specify the following command-line argument for the client:

-Dweblogic.security.SSL.trustedCAKeyStore=absoluteFilename

where 

 is the name of the keystore that contains the trusted 

certificate authority

Note: The file format is a keystore NOT a certificate file. The trusted certificate 

authority must be loaded into the keystore.

2. Load the server's trusted certificate authority into the client keystore. To list 

trusted certificate authorites in the keystore or to load new trusted certificate 
authorities into the keystore, use the JDK 

keytool

 utility.

To add a trusted certificate authority to a keystore, enter the following at a 
command prompt: