Generate HTTPS certificate and import into WLS

pass phrase for all above stores: changeit
alias for all above stores: my_cert

Q: How to generate a key pair:
keytool -genkeypair -keystore -alias my_cert -keyalg RSA

Q: How to generate cert/trust-store for a new test server by its hostname?
– first, generate cert for the new test server
$> keytool -selfcert -v -alias -keypass -keystore -storepass -storetype -validity 36000 -ext
For example,
$> keytool -selfcert -v -alias my_cert -keypass changeit -keystore -storepass changeit -storetype jks -validity 36000 -ext

– second, export the cert just created into file say,
$> keytool -exportcert -file -keystore -storepass changeit -alias my_cert

– finally, import the cert into trust store (will be automatically created)
$> keytool -import -v -trustcacerts -alias my_cert -file -keystore -storepass changeit

Import the cert to JRE (for example, C:/program files/Java/jre1.8.0_40/lib/security):
\keystore>keytool -importcert -keystore “C:/program files/Java/jre1.8.0_40/lib/security/cacerts” -file -alias my_cert

WebLogic configuration
Log in to WLS admin console
Go to Environment -> Servers ->
Go to Configuration -> Keystore tab
Change “Keystores” to “Custom Identity and Java Standard Trust”
Set “Custom Identity Keystore” to the path to mystore.jks
Set “Custom Identity Keystore Type” to “JKS”
Set “Custom Identity Keystore Passphrase: to mystore.jks password
Go to Configuration -> SSL tab
“Private Key Location” should be set to “from Custom Identity Keystore”
Set “Private Key Alias” to “key_localhost”
Set “Private Key Passphrase” to key_localhost password
Go to Configuration -> General tab
Check “SSL Listen Port Enabled” checkbox
Un-check “Listen Port Enabled” checkbox
Go to Configuration -> SSL tab
Click on “Advanced” link to the bottom
Change “Hostname Verification” to “None”
Important If you have both administrative and managed servers, disable hostname verification in both
Restart WLS
Both administrative and managed instances should be restarted
Sometimes, graceful shutdown doesn’t work, so you need to use “Force Shutdown Now”

Note: you have to use  -keyalg RSA while generating the key otherwise you might hit into,

Firefox :

An error occurred during a connection to

Cannot communicate securely with peer: no common encryption

algorithm(s). (Error code: ssl_error_no_cypher_overlap)

Chrome :

A secure connection cannot be established because this site

uses an unsupported protocol.