cas-server可能与具体的welogic版本兼容,会导致启动错误,经测试,以下是匹配的版本号
cas-server-3.3.5.1 --> weblogic 10.3.2
cas-server-3.5 --> weblogic 10.3.5
1.产生根证书
#创建根证书私钥
E:\OpenSSL-Win32\bin>openssl genrsa -out D:\oracle\Middleware\ca\caRootKey.pem 512
#创建根证书请求
openssl req -new -out D:\oracle\Middleware\ca\caRootReq.csr -key D:\oracle\Middleware\ca\caRootKey.pem
password:changeit
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Peking
Locality Name (eg, city) []:Peking
Organization Name (eg, company) [Internet Widgits Pty Ltd]:pactera
Organizational Unit Name (eg, section) []:crm
Common Name (e.g. server FQDN or YOUR name) []:oberon
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:changeit
An optional company name []:vanceinfo
#自签署根证书
openssl x509 -req -in D:\oracle\Middleware\ca\caRootReq.csr -out D:\oracle\Middleware\ca\caRootCert.pem -signkey D:\oracle\Middleware\ca\caRootKey.pem -days 3650
#根证书导出为浏览器支持的.p12根式
openssl pkcs12 -export -clcerts -in D:\oracle\Middleware\ca\caRootCert.pem -inkey D:\oracle\Middleware\ca\caRootKey.pem -out D:\oracle\Middleware\ca\caRootCert.p12
export password:123456
#根证书导入到JDK的trustStore中
--JRE/bin目录下
./keytool -import -v -trustcacerts -storepass changeit -alias caRootCert -file /home/weblogic/Oracle/Middleware/ca/caRootCert.pem -keystore /home/weblogic/Oracle/Middleware/jdk160_14_R27.6.5-32/jre/lib/security/cacerts
2.为服务器产生证书
#生成服务器密匙库cas_server.jks和服务器证书私匙:
一定要注意这里输入的各种值要和上面的对应 否则后面匹配不上
cd D:\oracle\Middleware
./keytool -genkey -alias cas_server_cert -validity 3650 -keyalg RSA -keysize 512 -keystore /home/weblogic/Oracle/Middleware/server/cas_server_cert.jks
keystore密码:123456
cas_server主密码:123456
#查看:
./keytool -list -keystore /home/weblogic/Oracle/Middleware/server/cas_server_cert.jks -storepass 123456
#生成服务器证书请求server.csr:
./keytool -certreq -alias cas_server_cert -file /home/weblogic/Oracle/Middleware/server/cas_server_req.csr -keypass 123456 -keystore /home/weblogic/Oracle/Middleware/server/cas_server_cert.jks -storepass 123456
#生成签名后的服务器证书
openssl x509 -req -in D:\oracle\Middleware\server\cas_server_req.csr -out D:\oracle\Middleware\server\cas_server_cert.pem -CA D:\oracle\Middleware\ca\caRootCert.pem -CAkey D:\oracle\Middleware\ca\caRootKey.pem -days 3650
#将根证书导入密匙库:
./keytool -import -v -trustcacerts -storepass 123456 -alias caRootCert -file /home/weblogic/Oracle/Middleware/ca/caRootCert.pem -keystore /home/weblogic/Oracle/Middleware/server/cas_server_cert.jks
#将服务器证书导入密匙库:
./keytool -import -v -alias cas_server_cert -file /home/weblogic/Oracle/Middleware/server/cas_server_cert.pem -storepass 123456 -keystore /home/weblogic/Oracle/Middleware/server/cas_server_cert.jks
./keytool -printcert -file /home/weblogic/Oracle/Middleware/server/cas_server_cert.pem
3.部署cas server到weblogic,然后重启weblogic domain,访问CAS服务器正常。
4.CAS Server所在服务器的hosts加上对oberon的解析,如是www域名则不需要
5.CAS client应用中,web.xml必须加上对/WEB-INF/classes/spring-appContext-proxy.xml的配置:
contextConfigLocation
/WEB-INF/classes/spring-appContext.xml,
/WEB-INF/classes/spring-appContext-proxy.xml
6.CAS client应用中的spring-appContext-proxy.xml,spring-appContext.xml,ticket.xml中,
所有https打头的,必须修改为以服务器证书中的CN名(如oberon),并修改所有文件中的http访问端口,
https访问端口。
7.通过前面证书产生时生成的主机名:oberon来访问
https://oberon:7999/cas
用admin/admin登录,成功