Hi Experts,
I am writing to seek your advice regarding the options “Custom Identity and Java Standard Trust, and Custom Identity and Custom Trust” used for configuring SSL trust in the WebLogic Server environment.
I have encountered issues with the TLS settings when attempting to call HTTPS URLs using Java Standard Trust and to overcome that issue, I have followed the steps outlined in the blogs mentioned below, and I successfully configured Custom Trust in both our Test and Production servers. This configuration has enabled us to access HTTPS URLs without any further complications.
>> https://blogs.oracle.com/blogbypuneeth/post/steps-to-create-a-csr-certificate-signing-request-using-keytool-and-get-it-signed-from-an-external-ca-certificate-authority-thawte-
>> https://blogs.oracle.com/blogbypuneeth/post/steps-to-configure-custom-identity-and-custom-trust-with-weblogic-server
From a security standpoint, I would like to seek your guidance on whether it is appropriate to continue using Custom Trust keystore instead of Java Standard Trust for SSL configuration. Through the use of Custom Trust, can we ensure that only trusted certificates are accepted, thereby reducing the risk of unauthorized access and potential security vulnerabilities. Is this approach provides us with greater control and flexibility in managing trusted certificates, particularly those obtained from external Certificate Authorities such as Thawte, Sectigo, etc.
I have successfully completed the SSL configuration in production environment as well. However, before proceeding with the next steps of sharing the HTTPS URL with end users, I would greatly appreciate your advice/suggestions on proceeding ahead with Custom Trust in all our environments. Your advice/suggestions in this matter will help me move forward with confidence.
Please let me know your thoughts and any additional considerations you may have regarding this SSL trust configuration.
Thanks & Regards