Two way ssl with Tomcat as client to weblogic

Question

I have setup two-way SSL for Weblogic 9.2 for one of my project. The setup was not difficult at all when a browser is a client.

I need to setup tomcat as a client n

Answer 1

Finally I was able to configure it the following way.

SSL set up for Weblogic server Generate server private key and certificate

java utils.CertGen -selfsigned -certfile SelfCA.cer -keyfile SelfKey.key -keyfilepass password -cn "localhost"

Create identity key-store

java utils.ImportPrivateKey -keystore IdentityStore.jks -storepass password -keypass password -alias trustself -certfile SelfCA.cer.pem -keyfile SelfKey.key.pem -keyfilepass password

Import certificate into the new trust keystore

keytool -import -trustcacerts -alias trustself -keystore truststore.jks -file SelfCA.cer.der -keyalg RSA

When prompted for "Enter keystore password", enter "keypassword"

Log into WL administrative console (http://www.xyz.com:7001/console) (default username=weblogic and password=weblogic). In my example I started “Weblogic Example Server”

Navigate to Server->Example Server->Keystore.

Click on “Lock and Edit”

Enter the following information

Keystore dropdown menu: select “Custom Identity and Custom Trust”

Custom Identity Keystore: [LOCATION]\IdentityStore.jks

Custom Indentity Keystore Type: JKS

Custom Identity Keystore Passphrase: password

Custom Trust Keystore: [LOCATION]\truststore.jks

Custom Trust Keystore Type: JKS

Custom Trust Keystore Passphrase: keypassword`

Navigate to SSL tab. Enter the following information

Identity and Trust Location: Keystores

Private Key Alias: trustself

Private Key Passphrase: password

Set up Tomcat Client

Generate a certificate for Tomcat

keytool -genkey -alias client -keyalg RSA -validity 3650 -keystore client.jks -storepass abcd1234 -keypass abcd1234

keytool -export -alias client -keystore client.jks -storepass abcd1234 -file client.cer

Import the certificate to truststore created above

keytool -import -trustcacerts -alias trustclient -keystore truststore.jks -file client.cer -keyalg RSA

Open [TOMCAT-INSTALL-LOCATION]\bin\catalina.bat in a text editor. Add the following entries right after line 187

set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=C:/certs2/truststore.jks -Djavax.net.ssl.trustStorePassword=keypassword -Djavax.net.ssl.keyAlias=trustcleint

set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStore=C:/certs2/client.jks -Djavax.net.ssl.keyStorePassword=abcd1234

Start tomcat.

Testing Build an web application and deploy in Tomcat. From the JSP page in web application invoke sayHello() method of web service https://www.xyz.com:7002/jws_basic_simple/SimpleService deployed in WebLogic.