Generate HTTPS certificate and import into WLS

pass phrase for all above stores: changeit
alias for all above stores: my_cert

Q: How to generate a key pair:
keytool -genkeypair -keystore server_side_https_keystore.releng-china.org -alias my_cert -keyalg RSA

Q: How to generate cert/trust-store for a new test server by its hostname?
– first, generate cert for the new test server
$> keytool -selfcert -v -alias -keypass -keystore -storepass -storetype -validity 36000 -ext san=dns:releng-china.org
For example,
$> keytool -selfcert -v -alias my_cert -keypass changeit -keystore server_side_https_keystore.releng-china.org -storepass changeit -storetype jks -validity 36000 -ext san=dns:releng-china.org

– second, export the cert just created into file say, server_side_https_keystore.cer.releng-china.org
$> keytool -exportcert -file server_side_https_keystore.cer.releng-china.org -keystore server_side_https_keystore.releng-china.org -storepass changeit -alias my_cert

– finally, import the cert into trust store trust.jks.releng-china.org (will be automatically created)
$> keytool -import -v -trustcacerts -alias my_cert -file server_side_https_keystore.cr.releng-china.org -keystore trust.jks.releng-china.org -storepass changeit

Import the cert to JRE (for example, C:/program files/Java/jre1.8.0_40/lib/security):
\keystore>keytool -importcert -keystore “C:/program files/Java/jre1.8.0_40/lib/security/cacerts” -file server_side_https_keystore.cer.releng-china.org -alias my_cert

WebLogic configuration
Log in to WLS admin console
Go to Environment -> Servers ->
Go to Configuration -> Keystore tab
Change “Keystores” to “Custom Identity and Java Standard Trust”
Set “Custom Identity Keystore” to the path to mystore.jks
Set “Custom Identity Keystore Type” to “JKS”
Set “Custom Identity Keystore Passphrase: to mystore.jks password
Save
Go to Configuration -> SSL tab
“Private Key Location” should be set to “from Custom Identity Keystore”
Set “Private Key Alias” to “key_localhost”
Set “Private Key Passphrase” to key_localhost password
Go to Configuration -> General tab
Check “SSL Listen Port Enabled” checkbox
Un-check “Listen Port Enabled” checkbox
Save
Go to Configuration -> SSL tab
Click on “Advanced” link to the bottom
Change “Hostname Verification” to “None”
Save
Important If you have both administrative and managed servers, disable hostname verification in both
Restart WLS
Both administrative and managed instances should be restarted
Sometimes, graceful shutdown doesn’t work, so you need to use “Force Shutdown Now”

Note: you have to use  -keyalg RSA while generating the key otherwise you might hit into,

Firefox :

An error occurred during a connection to 127.0.0.1:7003.

Cannot communicate securely with peer: no common encryption

algorithm(s). (Error code: ssl_error_no_cypher_overlap)

Chrome :

A secure connection cannot be established because this site

uses an unsupported protocol.

Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html