Default WebLogic KeyStore Password/PassPhrase

WebLogic comes with default keystores for client and server security enabled.  However, I have found it problematic to find and remember the passwords/passphrases for the default keystores.

Property

Value

Trust store location

%ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoTrust.jks

Trust store password

DemoTrustKeyStorePassPhrase

Key store location

%ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoIdentity.jks

Key store password

DemoIdentityKeyStorePassPhrase

Private key password

DemoIdentityPassPhrase

Property

Value

Trust store location

%ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoTrust.jks

Trust store password

DemoTrustKeyStorePassPhrase

Key store location

%ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoIdentity.jks

Key store password

DemoIdentityKeyStorePassPhrase

Private key password

DemoIdentityPassPhrase

Keytool commands

Useful keytool commands for checking a certificate from sslshopper.com.

Java Keytool Commands for Checking

If you need to check the information within a certificate, or Java keystore, use these commands.

  • Check a stand-alone certificatekeytool -printcert -v -file mydomain.crt
  • Check which certificates are in a Java keystorekeytool -list -v -keystore keystore.jks
  • Check a particular keystore entry using an aliaskeytool -list -v -keystore keystore.jks -alias mydomain

Installing CA certificates

Instructions on how to add CA certificates into a SSLCACertificateFile from Trustis.com.

Installing CA certificates

On startup, Stronghold loads CA certificates from the file specified by the SSLCACertificateFile entry in its ‘httpd.conf’ file.
To install the PEM format bundled CA certificate file, reference it in the httpd.conf file. as follows

  • Ensure that you have saved the PEM format bundled CA certificate as a text file.
  • Open your ‘httpd.conf’ file and find the SSLCACertificateFile entry.  By default the entry will be SSLCACertificateFile=’/ssl/CA/client-rootcerts.pem’.  You will find ‘httpd.conf’ in the directory /conf.
  • Open the file identified by SSLCACertificateFile (for example, /ssl/CA/client-rootcerts.pem) in a text editor.
  • Open the file that contains the PEM format bundled CA certificates (e.g. cachainpem.txt) in a text editor.
  • Copy the contents of this PEM format bundled CA certificate file
    (including all the ‘—–BEGIN CERTIFICATE—–‘ and ‘—–END CERTIFICATE—–‘ lines)
    to the clipboard.
  • Now Paste what you have just copied into the file identified by SSLCACertificateFile.
    In most cases you will want to insert the bundle CA certificate at the end of the file and add a comment to identify the certificate.
  • Save the modified file and close the text editor.
  • Restart your web server.

Convert SSL certificate formats.

List of commands from a citrix website to convert SSL certificates from one format to another.

Procedure

Use the openssl command to convert between formats as follows:

  1. To convert a certificate from PEM to DER:
  2. x509 –in input.crt –inform PEM –out output.crt –outform DER
  3. To convert a certificate from DER to PEM:
  4. x509 –in input.crt –inform DER –out output.crt –outform PEM
  5. To convert a key from PEM to DER:
  6. rsa –in input.key –inform PEM –out output.key –outform DER
  7. To convert a key from DER to PEM:
  8. rsa –in input.key –inform DER –out output.key –outform PEM