BEA WebLogic Server 7 사용자 설명서
Upgrading Security
BEA WebLogic Server 7.0 Upgrade Guide
1-13
keytool -import -trustcacerts -alias
<some alias name>
-file <
the
file that contains the trusted CA>
-keystore <
the trusted CA keystore>
-storepass
<your trusted CA Keystore password>
The trusted certificate authority shipped with WebLogic Server is located in
WL_HOME/server/lib/cacerts
. Use the following command to add the trusted
certificate authority that is shipped with WebLogic Server to a keystore:
keytool -import -trustcacerts -alias
<some alias name>
-file <
the
file that contains the trusted CA>
-keystore WL_HOME/server/lib/cacerts
-storepass changeit
For more information about
keytool
, see SUN's website at
.
The
trustedCAKeyStore
command-line argument defaults to the JDK's
jre/lib/security/cacerts
keystore for clients. You can add your CAs to the
JDK's trusted CA keystore and not specify the command-line argument, or you can
create your own trusted CA keystore and point to it with the argument.
create your own trusted CA keystore and point to it with the argument.
For two-way SSL or mutual authentication, in addition to performing the previous two
steps on the client side, do either of the following steps on the server side:
steps on the client side, do either of the following steps on the server side:
Add
-Dweblogic.security.SSL.trustedCAKeyStore=absoluteFilename
to the server command line.
where
absoluteFilename
is the name of the trusted CA Keystore
OR
Set the
RootCAKeyStoreLocation
attribute when configuring a Keystore
provider.
If you do not load the trusted CA certificate into the trusted CA Keystore, you may
have problems using the secure port.
have problems using the secure port.
Using CertAuthenticator in Compatibility Security
In WebLogic Server 7.0, the CertAuthenticator is called first, before any
username/password authentication. Because this is a change in behavior from
WebLogic Server 6.x, a CertAuthenticator written for WebLogic Server 6.x may need
to change if clients used both two-way SSL and they supplied a username and
password for security credentials.
username/password authentication. Because this is a change in behavior from
WebLogic Server 6.x, a CertAuthenticator written for WebLogic Server 6.x may need
to change if clients used both two-way SSL and they supplied a username and
password for security credentials.