Q. What is one way SSL?
Ans: The server is required to present a certificate to the client but the client is not required to present a certificate to the server. To successfully negotiate an SSL connection, the client must authenticate the server, but the server will accept a connection from any client. One-way SSL is common on the Internet where customers want to create secure connections before they share personal data. Often, clients will also use SSL to log on in order for the server can authenticate them.
Q. What is two way SSL?
Ans: With two-way SSL, the server presents a certificate to the client and the client presents a certificate to the server. Weblogic Server can be configured to require clients to submit valid and trusted certificates before completing the SSL connection.
- Obtain an identity (private key and digital certificates) and trust (certificates of trusted certificate authorities) for Weblogic Server. Use the digital certificates, private keys, and trusted CA certificates provided by the Weblogic Server kit, the CertGen utility, Sun Microsystem's keytool utility, or a reputable vendor such as Entrust or Verisign to perform this step.
- Store the identity and trust. Private keys and trusted CA certificates which specify identity and trust are stored in a keystore.
- Configure the identity and trust keystores for Weblogic Server in the Weblogic Server Administration Console.
- Set SSL configuration options for the private key alias and password in the Weblogic Server Administration Console. Optionally, set configuration options that require the presentation of client certificates (for two-way SSL).
Q. What are the differences among versions of Weblogic 8, 9, 10?
Ans: Few major Differences are listed below:
- Directory Structure has totally changed compared to 8.1 in 10.3 Refer: http://download.oracle.com/docs/cd/E12840_01/wls/docs103/upgrade/dirstruct.html
- In WLS 8 configuration information is stored at one place, later versions you’ll find separate XML files
- In WLS 8 connection pools and data sources are there, WLS 9 & 10 we find connection pools inside data sources
- In terms of deployment, no need to select the type of application in WLS10 i.e. EJB/Web
- In WLS 8 execute queues are there, however in WLS 9, 10 work managers are introduced
- In WLS 9, 10 we have LOCK & EDIT which is not available in earlier versions
- JMS modules and Sub Deployments are introduced in WLS 9, 10
Q. What are the different environments of Weblogic you’ve in your project?
Ans: Please define the exact environment details such as: dev, integration, staging, production
Q. What is the configuration file location of JDBC and config.xml in WLS10.3?
Ans: config.xml file is located in domain_name/config and
JDBC config file: domain_name/config/jdbc
JDBC config file: domain_name/config/jdbc
Q. What are default number of threads in 8 and 9 versions of Weblogic.
Ans: Thread Count
Development - 15 threads
Production - 25 threads
Q. How to obtain SSL .pem file.
Ans: SSL .pem (privacy-enhanced mail) files are often required for certificate installations.
First get the der file using keytool command, following the sequence:
keytool -genkey -v -alias test -keyalg RSA -keypass mykeypass -keystore identity.jks -storepass storepass
keytool -selfcert -v -alias test -keypass mykeypass -keystore identity.jks -storetype JKS
keytool -export -v -alias test -file exportedcert.der -keystore identity.jks -storepass storepass
Then convert the der file to pem file.
Q. How to 'Plug-in' for Weblogic on Apache.
Ans: Apache HTTP Server plug-in to Weblogic server allows requests to be proxied. Few high level simple steps are involved as below:
1) Install Apache HTTP Server Plug-In
2) Configure the plug-in by editing httpd.conf file which will be located at APACHE_HOME\conf\httpd.conf
3) Add Weblogic server modules in conf file.
4) Add an IfModule block with the Weblogic details such as cluster, port details etc…
cheers for going through all this, i have been trying to get ssl certificate on to my server for about a hour with no success. This guide was really helpful. I think i have it working now the HTTPS is working anyway so im happy :)
ReplyDelete