Inc. Server User Manual
1 Upgrading WebLogic Server 6.x to Version 7.0
1-12 BEA WebLogic Server 7.0 Upgrade Guide
Creating a Boot Identity File in the Administration Guide. There is no direct upgrade
of the old
password.ini file because it contained a clear text password and no
username.
Upgrading the SSL Protocol
This section contains information on how to upgrade the SSL protocol including
instructions for creating a trusted CA Keystore, creating a private key Keystore, and
using a CertAuthenticator in Compatibility security.
Creating a Trusted CA Keystore
By default in WebLogic Server 7.0, clients check the server’s trusted certificate
authority. This check is done whenever a client and server connect using SSL,
including when WebLogic Server is acting an a client. For example, when a client is
using the SSL protocol to connect to an Apache HTTP Server, the client checks the
trusted certificate authorities presented by the server. The client rejects the server's
trusted certificate authority if the certificate authority is not trusted by the client.
Previous versions of WebLogic Server did not perform this trust validation.
Make the following changes to allow an existing 6.x WebLogic client to use SSL
protocol to communicate with a server:
1. Specify the following command-line argument for the client:
-Dweblogic.security.SSL.trustedCAKeyStore=absoluteFilename
where absoluteFilename is the name of the keystore that contains the trusted
certificate authority
Note: The file format is a keystore NOT a certificate file. The trusted certificate
authority must be loaded into the keystore.
2. Load the server's trusted certificate authority into the client keystore. To list
trusted certificate authorites in the keystore or to load new trusted certificate
authorities into the keystore, use the JDK
keytool utility.
To add a trusted certificate authority to a keystore, enter the following at a
command prompt: