BEA WebLogic Server 7 사용자 설명서

BEA WebLogic Server 7.0 Upgrade Guide

keytool -import -trustcacerts -alias 

<some alias name> 

-file <

the

file that contains the trusted CA> 

-keystore <

the trusted CA keystore>

-storepass 

<your trusted CA Keystore password>

The trusted certificate authority shipped with WebLogic Server is located in 

WL_HOME/server/lib/cacerts

. Use the following command to add the trusted 

certificate authority that is shipped with WebLogic Server to a keystore:

keytool -import -trustcacerts -alias 

<some alias name> 

-file <

the

file that contains the trusted CA>

 -keystore WL_HOME/server/lib/cacerts

-storepass changeit

For more information about 

keytool

, see SUN's website at 

.

The 

trustedCAKeyStore

 command-line argument defaults to the JDK's 

jre/lib/security/cacerts

 keystore for clients. You can add your CAs to the 

JDK's trusted CA keystore and not specify the command-line argument, or you can 
create your own trusted CA keystore and point to it with the argument.

For two-way SSL or mutual authentication, in addition to performing the previous two 
steps on the client side, do either of the following steps on the server side:

„

Add 

-Dweblogic.security.SSL.trustedCAKeyStore=absoluteFilename

 

to the server command line.

where 

 is the name of the trusted CA Keystore

OR

„

Set the 

RootCAKeyStoreLocation

  attribute when configuring a Keystore 

provider. 

If you do not load the trusted CA certificate into the trusted CA Keystore, you may 
have problems using the secure port. 

In WebLogic Server 7.0, the CertAuthenticator is called first, before any 
username/password authentication. Because this is a change in behavior from 
WebLogic Server 6.x, a CertAuthenticator written for WebLogic Server 6.x may need 
to change if clients used both two-way SSL and they supplied a username and 
password for security credentials.