Configure SSL for Apache Webserver

Following is the process to enable SSL on Apache webserver with Self Signed Certificates

1)    Add the below entry in HTTPD config file (/usr/local/apache2/conf/httpd.conf) on desired machine:

# BEGIN CUSTOMIZATIONS
NameVirtualHost *:80
NameVirtualHost *:443

Include conf/vhosts/*.conf

2) Generate key:
openssl genrsa -out ca.key 2048

3)    Generate CSR:
OpenSSL> req -new -key ca.key -out ca.csr

Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:*****
An optional company name []:

4)     Generate Self Signed Key
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt

5)    Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

6)    Create ssl.conf with the key entries:

/usr/local/apache2/conf/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key


7)    Create a new virtual host file with SSL entries as below (/usr/local/apache2/conf/vhosts vhost_crk_ssl.conf)
 
< VirtualHost *:443 >
  ServerName crk.test.com

  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certsca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key

****************************
****************************

< VirtualHost >

8)    Restart Apache

Weblogic Faq's - 2

Q. What is one way SSL?

Ans:  The server is required to present a certificate to the client but the client is not required to present a certificate to the server. To successfully negotiate an SSL connection, the client must authenticate the server, but the server will accept a connection from any client. One-way SSL is common on the Internet where customers want to create secure connections before they share personal data. Often, clients will also use SSL to log on in order for the server can authenticate them.

Q. What is two way SSL?

Ans:  With two-way SSL, the server presents a certificate to the client and the client presents a certificate to the server. Weblogic Server can be configured to require clients to submit valid and trusted certificates before completing the SSL connection.

Setting Up SSL: Main Steps

To set up SSL:

1. Obtain an identity (private key and digital certificates) and trust (certificates of trusted certificate authorities) for Weblogic Server. Use the digital certificates, private keys, and trusted CA certificates provided by the Weblogic Server kit, the CertGen utility, Sun Microsystem's keytool utility, or a reputable vendor such as Entrust or Verisign to perform this step.

2. Store the identity and trust. Private keys and trusted CA certificates which specify identity and trust are stored in a keystore.

3. Configure the identity and trust keystores for Weblogic Server in the Weblogic Server Administration Console.

4. Set SSL configuration options for the private key alias and password in the Weblogic Server Administration Console. Optionally, set configuration options that require the presentation of client certificates (for two-way SSL).

Q. What are the differences among versions of Weblogic 8, 9, 10?

Ans: Few major Differences are listed below:

-          Directory Structure has totally changed compared to 8.1 in 10.3 Refer: http://download.oracle.com/docs/cd/E12840_01/wls/docs103/upgrade/dirstruct.html

-          In WLS 8 configuration information is stored at one place, later versions you’ll find separate XML files

-          In WLS 8 connection pools and data sources are there, WLS 9 & 10 we find connection pools inside data sources

-          In terms of deployment, no need to select the type of application in WLS10 i.e. EJB/Web

-          In WLS 8 execute queues are there, however in WLS 9, 10 work managers are introduced

-          In WLS 9, 10 we have LOCK & EDIT which is not available in earlier versions

-     JMS modules and Sub Deployments are introduced in WLS 9, 10
 

Q. What are the different environments of Weblogic you’ve in your project?

Ans: Please define the exact environment details such as: dev, integration, staging, production

Q. What is the configuration file location of JDBC and config.xml in WLS10.3?

Ans: config.xml file is located in domain_name/config and
JDBC config file: domain_name/config/jdbc

Q. What are default number of threads in 8 and 9 versions of Weblogic.

Ans:  Thread Count 

Development - 15 threads 

Production - 25 threads

Q. How to obtain SSL .pem file.

Ans: SSL .pem (privacy-enhanced mail) files are often required for certificate installations.

First get the der file using keytool command, following the sequence:

keytool -genkey -v -alias test -keyalg RSA -keypass mykeypass -keystore identity.jks -storepass storepass

keytool -selfcert -v -alias test -keypass mykeypass -keystore identity.jks -storetype JKS

keytool -export -v -alias test -file exportedcert.der -keystore identity.jks -storepass storepass

Then convert the der file to pem file.

Q. How to 'Plug-in' for Weblogic on Apache.

Ans: Apache HTTP Server plug-in to Weblogic server allows requests to be proxied. Few high level simple steps are involved as below:

1)      Install Apache HTTP Server Plug-In

2)      Configure the plug-in by editing httpd.conf file which will be located at APACHE_HOME\conf\httpd.conf

3)      Add Weblogic server modules in conf file.

4)      Add an IfModule block with the Weblogic details such as cluster, port details etc…