Translate

2018년 8월 17일 금요일

[WebLogic] HTTP(SSL) 테스트 인증서 파일 생성하기 (ver. 7.0 이상)










지원 WebLogic ver: 7.0 ~


실습환경
 - OS: OracleLinux 5
 - WebLogic ver: 10.3.6




# 생성할 파일 및 정보
# - 개인키인증서: /app/weblogic1036/ssl/1004lucifer_key.jks (alias:1004lucifer_key)
# - 보안키인증서: /app/weblogic1036/ssl/1004lucifer_cert.jks (alias:1004lucifer_cert)
# - 패스워드: 1234qwer (개인키|보안키 동일하게 셋팅)

 1004lucifer
# $BEA_HOME(웹로직 설치디렉토리): /app/weblogic1036/
[weblogic@ae2793daea03 weblogic1036]$ pwd
/app/weblogic1036
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
# 인증서가 위치할 디렉토리 생성
[weblogic@ae2793daea03 weblogic1036]$ mkdir ssl
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$ ll
total 184
-rw-rw-r-- 1 weblogic weblogic    986 Aug 15 04:47 decrypt.py
-rw-rw---- 1 weblogic weblogic    200 Aug  6 00:36 domain-registry.xml
drwxr-x--- 3 weblogic weblogic   4096 Aug  6 00:36 domains
drwxrwxr-x 2 weblogic weblogic   4096 Aug 15 07:13 logs
drwxrwxr-x 7 weblogic weblogic  36864 Aug  5 10:21 modules
-rw-rw-r-- 1 weblogic weblogic    625 Aug  5 10:22 ocm.rsp
-rw-rw-r-- 1 weblogic weblogic 108827 Aug  5 10:22 registry.dat
-rw-rw-r-- 1 weblogic weblogic   1728 Aug  5 10:22 registry.xml
drwxrwxr-x 2 weblogic weblogic   4096 Aug 15 06:39 security
drwxrwxr-x 2 weblogic weblogic   4096 Aug 16 12:26 ssl
drwxrwxr-x 8 weblogic weblogic   4096 Aug  5 10:21 utils
drwxrwxr-x 8 weblogic weblogic   4096 Aug  5 10:22 wlserver_10.3
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
# 웹로직 유틸리티를 사용하기 위해 weblogic.jar 위치 검색
[weblogic@ae2793daea03 weblogic1036]$ find . -name weblogic.jar
./wlserver_10.3/server/lib/weblogic.jar
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
# 웹로직 CertGen 유틸리티 사용 (인증서생성)
# 보안인증서 생성 경로: ssl/1004lucifer_cert.(der|pem)
# 개인인증서 생성 경로: ssl/1004lucifer_key.(der|pem)
# 개인인증서 패스워드: 1234qwer
# 사용할 도메인: 1004lucifer.co.kr
# (apache 같은 웹서버에서 인증서 바로 사용 가능)
[weblogic@ae2793daea03 weblogic1036]$ java -cp wlserver_10.3/server/lib/weblogic.jar utils.CertGen -certfile ssl/1004lucifer_cert -keyfile ssl/1004lucifer_key -keyfilepass 1234qwer -cn 1004lucifer.co.kr
Generating a certificate with common name 1004lucifer.co.kr and key strength 1024
issued by CA with certificate from /app/weblogic1036/wlserver_10.3/server/lib/CertGenCA.der file and key from /app/weblogic1036/wlserver_10.3/server/lib/CertGenCAKey.der file
# RootCA는 위와같이 CertGenCA.der/CertGenCAKey.der가 사용이 되었다.
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
# 생성된 보안인증서 / 개인인증서 확인
[weblogic@ae2793daea03 weblogic1036]$ ll ssl
total 24
-rw-rw-r-- 1 weblogic weblogic  571 Aug 16 12:43 1004lucifer_cert.der
-rw-rw-r-- 1 weblogic weblogic  830 Aug 16 12:43 1004lucifer_cert.pem
-rw-rw-r-- 1 weblogic weblogic  676 Aug 16 12:43 1004lucifer_key.der
-rw-rw-r-- 1 weblogic weblogic  993 Aug 16 12:43 1004lucifer_key.pem
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
# 웹로직 ImportPrivateKey 유틸리티 사용 (개인키인증서 생성)
# 개인키인증서 생성 경로: ssl/1004lucifer_key.jks
# 개인키인증서 패스워드: 1234qwer
# 개인키인증서 별칭(alias): 1004lucifer_key
[weblogic@ae2793daea03 weblogic1036]$ java -cp wlserver_10.3/server/lib/weblogic.jar utils.ImportPrivateKey -keystore ssl/1004lucifer_key.jks -storepass 1234qwer -keypass 1234qwer -alias 1004lucifer_key -certfile ssl/1004lucifer_cert.pem -keyfile ssl/1004lucifer_key.pem -keyfilepass 1234qwer
<Aug 16, 2018 1:35:14 PM UTC> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Aug 16, 2018 1:35:14 PM UTC> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Aug 16, 2018 1:35:14 PM UTC> <Info> <Security> <BEA-090908> <Using default WebLogic SSL Hostname Verifier implementation.>
 1004lucifer Imported private key ssl/1004lucifer_key.pem and certificate ssl/1004lucifer_cert.pem
into a new keystore ssl/1004lucifer_key.jks of type jks under alias 1004lucifer_key
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
# 개인키인증서 생성여부 확인
[weblogic@ae2793daea03 weblogic1036]$ ll ssl
total 24
-rw-rw-r-- 1 weblogic weblogic  571 Aug 16 12:43 1004lucifer_cert.der
-rw-rw-r-- 1 weblogic weblogic  830 Aug 16 12:43 1004lucifer_cert.pem
-rw-rw-r-- 1 weblogic weblogic  676 Aug 16 12:43 1004lucifer_key.der
-rw-rw-r-- 1 weblogic weblogic 1350 Aug 16 13:35 1004lucifer_key.jks
-rw-rw-r-- 1 weblogic weblogic  993 Aug 16 12:43 1004lucifer_key.pem
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
# keytool 이용하여 보안키인증서 생성
# 보안키인증서 생성 경로: ssl/1004lucifer_cert.jks
# 보안키인증서 패스워드: 1234qwer
# 보안키인증서 별칭(alias): 1004lucifer_cert
[weblogic@ae2793daea03 weblogic1036]$ keytool -import -v -trustcacerts -alias 1004lucifer_cert -file ssl/1004lucifer_cert.pem -keystore ssl/1004lucifer_cert.jks -storepass 1234qwer
Owner: CN=1004lucifer.co.kr, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: -1867f3d65d68945ce7ded7f45297204f
Valid from: Wed Aug 15 12:43:35 UTC 2018 until: Tue Aug 16 12:43:35 UTC 2033
Certificate fingerprints:
         MD5:  7B:9B:C5:14:A6:A8:70:E7:6B:38:70:1C:5F:74:EF:A0
         SHA1: DD:53:D5:83:E9:1A:8E:00:F5:99:2E:02:8A:36:9F:A1:7A:AE:99:10
         Signature algorithm name: MD5withRSA
         Version: 1
Trust this certificate? [no]:  yes
Certificate was added to keystore
[Storing ssl/1004lucifer_cert.jks]
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
# 보안키인증서 생성여부 확인
[weblogic@ae2793daea03 weblogic1036]$ ll ssl
total 24
-rw-rw-r-- 1 weblogic weblogic  571 Aug 16 12:43 1004lucifer_cert.der
-rw-rw-r-- 1 weblogic weblogic  644 Aug 16 13:33 1004lucifer_cert.jks
-rw-rw-r-- 1 weblogic weblogic  830 Aug 16 12:43 1004lucifer_cert.pem
-rw-rw-r-- 1 weblogic weblogic  676 Aug 16 12:43 1004lucifer_key.der
-rw-rw-r-- 1 weblogic weblogic 1350 Aug 16 13:35 1004lucifer_key.jks
-rw-rw-r-- 1 weblogic weblogic  993 Aug 16 12:43 1004lucifer_key.pem
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
# 보안키인증서 내용 확인
[weblogic@ae2793daea03 weblogic1036]$ keytool --list -v -keystore ssl/1004lucifer_cert.jks
Enter keystore password: 1234qwer

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry
 1004lucifer Alias name: 1004lucifer_cert
Creation date: Aug 17, 2018
Entry type: trustedCertEntry

Owner: CN=1004lucifer.co.kr, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: 13aef1540209c5afa5604e5735011496
Valid from: Thu Aug 16 13:17:59 UTC 2018 until: Wed Aug 17 13:17:59 UTC 2033
Certificate fingerprints:
         MD5:  86:65:53:6B:42:A4:97:20:14:E9:3C:01:E7:1A:06:B2
         SHA1: 81:7A:FE:4B:0B:F4:43:3E:14:45:F8:01:BB:1F:22:2B:A0:7A:17:CA
         Signature algorithm name: MD5withRSA
         Version: 1


*******************************************
*******************************************


[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
[weblogic@ae2793daea03 weblogic1036]$
# 개인키인증서 내용 확인
[weblogic@ae2793daea03 weblogic1036]$ keytool --list -v -keystore ssl/1004lucifer_key.jks
Enter keystore password: 1234qwer

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: 1004lucifer_key
Creation date: Aug 17, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=1004lucifer.co.kr, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: 13aef1540209c5afa5604e5735011496
Valid from: Thu Aug 16 13:17:59 UTC 2018 until: Wed Aug 17 13:17:59 UTC 2033
Certificate fingerprints:
         MD5:  86:65:53:6B:42:A4:97:20:14:E9:3C:01:E7:1A:06:B2
         SHA1: 81:7A:FE:4B:0B:F4:43:3E:14:45:F8:01:BB:1F:22:2B:A0:7A:17:CA
         Signature algorithm name: MD5withRSA
         Version: 1


*******************************************
*******************************************


[weblogic@ae2793daea03 weblogic1036]$







PS.
정상적으로 만들어진 인증서파일을 이용하여 웹로직(v 10.3.6) SSL 설정 후 브라우저에서 확인해보니 아래와 같이 보여졌다.

WebLogic 설정이슈이며 아래의 글을 참고
 - 링크: 특정 브라우저에서 HTTPS 접속 시 화면이 보이지 않는경우 (Cipher Suites 이슈)

- IE

- 크롬


댓글 없음 :

댓글 쓰기