This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

How to configure WebLogic to use different certificates for browsers and AFX/Agents in RSA Identity Governance & Lifecycle

Article Number

000038710

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle 
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 7.0.x, 7.1.x, 7.2.x
Platform/Application Server: WebLogic
 

Issue

When using RSA Identity Governance & Lifecycle on WebLogic, SSL can be used for browser communication if desired; one for browser communication that is publicly signed, and another for the internal SSL communication for AFX and remote agents. The purpose of this RSA Knowledge Base Article is to provide instructions for configuring the two different certificates.
 

Resolution

Keystore for browser communication

In the WebLogic Administration Console the server's certificate is specified under:
Environment > Servers > Instance Name > SSL tab > Private Key Alias field.
 

Keystore for internal SSL communication for AFX and remote agents

The certificate alias for AFX/Remote Agents is documented as being created with a channel named Aveksa8444 which can be edited under
Environment > Servers > Instance Name ProtocolsAveksa8444Security tabCustom Channel Private Key Alias.


Warning: The server.keystore uses the server alias server. If you import server.keystore into your WebLogic keystore, it is possible that there will be a conflict with the certificate alias server that is commonly used

If you have your own certificate that is currently in use in a WebLogic keystore and the server alias is server, run this command to rename the alias prior to importing server.keystore into your WebLogic keystore as instructed in RSA Identity Governance & Lifecycle Installation Guide. In the example below, server.jks is the name of your existing keystore. 

keytool -changealias -keystore server.jks -alias server -destalias aveksa-server
What is important is that there are two different certificates in the WebLogic keystore both with different aliases that are known to you..


EXAMPLE:

The following example shows screenshots of a configuration where the WebLogic keystore has two certificates one named weblogic-server and the other is aveksa-server:
  • WebLogic certificate for port 7004 SSL connections:
Image descriptionImage description
  • RSA Identity Governance & Lifecycle port 8444 for SSL connections:
Image descriptionImage description

 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-24 03:55 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.