Scribd
Upload
159 views4 pages

SSL in Weblogic 12C

Uploaded by

krrish.testing6773
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
159 views4 pages

SSL in Weblogic 12C

Uploaded by

krrish.testing6773
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

SSL IN WEBLOGIC 12C

I. WebLogic Server 8 – 12x: Create Your CSR with Java


Keytool
Important: To avoid getting errors when you install and configure your SSL certificate, we
recommend you generate a new Keystore before you create the CSR. This applies to certificate
reissues and renewals.

Step 1: Use Keytool to Create a New Keystore


Note: The keytool utility is located in your JDK’s “\bin” directory

Run Command

C:\bea\jdk\bin\keytool -genkey -alias server -keyalg RSA -keystore your_domain.jks

Specify a password. The default value will be "changeit".

Create New Keystore

When prompted, enter the information for your SSL certificate.

Important: When prompted for the first and last name, DO NOT type your first and last name.
Instead, type the domain name the certificate is being issued for (e.g., www.yourdomain.com,
mail.yourdomain.com, *.yourdomain.com).

When asked to verify your information, type "y" or "yes" to confirm.

Create a password

Next, you will need to create a password. You will use this password to generate your CSR and to
import your certificate. Store this password in a safe, secure place (such as a trusted and secured
password manager).

Step 2: Generate a Certificate Signing Request (CSR)


from Your New Keystore
Recommended: Save yourself some time. Use the DigiCert Java Keytool CSR Wizard to generate a
Keytool command to create your WebLogic CSR. Just fill out the form, click Generate, and then paste
your customized Java Keytool command into your terminal.
How to Generate a CSR for WebLogic 8 - 12x Using
Java Keytool
If you prefer to build your own Keytool commands to generate your WebLogic CSR, follow the
instructions below.

Run Command

In Keytool, type the following command:

keytool -certreq -alias server -keyalg RSA -file your_domain.csr -keystore your_domain.jks

In the command above, your_domain should be the name of the domain you want to secure with
this SSL certificate. When ordering a Wildcard certificate, do not include the asterisk (*) in the
filename (e.g., your_domain). That is not a valid Keytool character.

Generate CSR

When prompted, type the password you created earlier (when you created your new Keystore).

Your CSR should now be created.

Back-up Keystore File

We recommend that you create a back-up copy of the Keystore file before continuing on. Having a
back-up of the Keystore file can help resolve issues that may occur during certificate installation.

Order Your SSL/TLS Certificate

Open the your_domain.csr file you created with a text editor.

Copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW
CERTIFICATE REQUEST----- tags, and paste it in to the DigiCert order form.

Install Certificate

After you've received your SSL certificate from DigiCert, you can install it on your server.
II. WebLogic Server 8 – 12x: Install and Configure Your
SSL/TLS Certificate
Step 1: Use Java Keytool to Install Your SSL Certificate in WebLogic

 Download Certificate

Download the your_domain_com.p7b certificate file from your DigiCert Account.

On the My Orders tab, click the order number link and then click Download.

 Install the Certificate File in Your Keystore

1. Run the command below to install the certificate.

keytool -import -trustcacerts -alias server -file


/your_domain_com.p7b
-keystore your_domain_com.jks

Note: Make sure to replace your_domain_com with the domain the certificate is
securing.

2. You should get a confirmation that the "Certificate reply was installed in keystore".
3. If you are prompted to trust the certificate, type "y" or "yes".
4. The installation of this file loads all the necessary certificates to your Keystore.

 Now you just need to configure your server to use the certificate

Step II: Configure the Keystore for Use in WebLogic

1. On your WebLogic server, expand the Servers node and select the server you need to
configure.
2. Next, go to Configuration-->Keystores and SSL.

Note: Under Keystore Configuration, several default Keystores or previously


installed Keystores may be displayed.

3. To enable your new keystore, under Keystore Configuration, click the Change...
link
4. Select Custom Identity and Java Standard Trust as your keystore configuration
type, and then click Continue.
5. Under Custom Identity Keystore File Name, type the full path to the
your_domain.jks file on your WebLogic server.
6. For Custom Identity Keystore Type, select jks.
7. For Custom Identity Keystore PassPhrase, type the password you created when
creating the Keystore.
Note: If you have forgotten that password, you will need to begin the process of
creating your Keystore from the beginning (see WebLogic Server 8 – 12x: Create
Your CSR with Java Keytool).

8. When asked again, type your Keystore password and confirm.


9. Click Continue. Then click Finish.
10. Go back and expand the Server node and select the server you are configuring.
11. Next, go to Configuration-->Keystores and SSL and under Keystore
Configuration, click the Change… link
12. On the Configure SSL page, select Key Stores as the method in which identity and
trust is stored for the WebLogic server.
13. Specify the Private Key Alias and Passphrase that were used when creating your
Keystore.

Note: If you followed our instructions or used our command generator, "server" is
your alias. The passphrase is the keystore password.

14. Click Continue. Then click Finish.


15. Reboot the WebLogic server.

Congratulations! Your Keystore should now be installed and enabled on your


WebLogic server.

Testing Your SSL/TLS Certificate Installation


DigiCert® SSL Installation Diagnostic Tool

If your site's publicly accessible, use our Server Certificate Tester to test your SSL/TLS
certificate installation; it detects common installation problems.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy