Ask a Question

Alert ID : INFO167

Last Modified : 05/03/2018

Managed PKI for SSL - Installation Instructions for BEA Weblogic Server 8.0. 9.0, 10.0, 11.0, and 12.x

Description


This document provides instructions for installing SSL Certificates on BEA Weblogic 8.0. 9.0, 10.0, 11.0, and 12.x. If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Weblogic.
 
Step 1. Download Symantec CA Certificates:
 
  1. Download the Intermediate CA certificate from this link: INFO657
  2. Click on Managed PKI for SSL tab
  3. Select the appropriate Intermediate CA certificate for your SSL Certificate type. 
    NOTE: To check which certificate you have purchased, follow the steps from this link: SO22021
  4. Copy the Intermediate CA certificate and paste it on a Notepad.
  5. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added. 
  6. Save the file as Intermediate.txt
     

Step 2. Obtain the SSL Certificate

  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive an email with
    the Certificate attached (cert.cer), as well as in the body of the email itself.
  2. Copy the certificate, imbedded in the body of the email and paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters.
    Confirm that there are no extra lines or spaces in the file.

    The text file should look like:

    -----BEGIN CERTIFICATE-----

              [encoded data]

    -----END CERTIFICATE-----

    NOTE: To download the certificate from your Managed PKI for SSL subscriber services page, see solution SO6621
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
     
  3. Open the Intermediate.txt file from Step 1, copy the content and paste it right bellow your certificate.
  4. The file should look like this when finished:

    -----BEGIN CERTIFICATE-----
    (Your SSL certificate)
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    (Intermediate certificate)
    -----END CERTIFICATE-----

    Save the file as Mycert.pem

Step 3: Install the SSL Certificate

  1. Using the java keytool command line utility, import the pem file you created above using the following command:
     
    keytool -import -alias your_alias_name -trustcacerts -file Mycert.pem -keystore your_keystore_filename

    NOTE: The command should be typed on one line. This command imports the certificate into the keystore named mykeystore in the working directory. Your keystore path and name may be different.


Step 4: Configure the Identity and Trust keystores for WebLogic Server
 

  1. In the left pane of the Console, expand Environment and select Servers.
  2. Click the name of the server for which you want to configure the identity and trust keystores.
  3. Select Configuration > Keystores.
  4. By default, WebLogic ships with demo certificates for testing purposes.
  5. Click the 'Change' link in the upper-right portion of the configuration items. This will display the drop-down list of options for configuration.
  6. Choose 'Custom Identity and Java Standard Trust' from the list.
  7. Specify the identity keystore information:
  • Custom Identity key store file Name: c:wheremykeystoreislocatedmykeystore.keystore (The fully qualified path to your keystore)
  • Custom Identity key Store Type: jks (Generally, this attribute is jks)
  • Custom Identity key Store Pass Phrase: keystore_password (The password defined when creating the keystore)
  • Confirm Customer Identity key Store Pass Phrase: Keystore_password (The password defined when creating the keystore)
  • Java standard Trust Key Store Pass Phrase: changeit (unless your system admin changed it the password for the cacerts keystore is "changeit"
  • Confirm Java Standard Trust Key Store Pass Phrase: changeit (unless your system admin changed it the password for the cacerts keystore is "changeit")
     
  1. Click 'continue'

    [Review SSL Private Key Settings]
  • Private key Alias: keyEntry_friendly_name (the alias is the friendly name for your keyEntry (private key), if you do not remember it please run the following command to confirm the alias:
     
    keytool -list -keystore [keystore_friendly_name] -v

  • Passphrase: keyEntry_password (specify the keyEntry (private key) password. The password for the private key may differ from the one for the keystore)
  • Confirm Passphrase: keyEntry_password (specify the keyEntry (private key) password. The password for the private key may differ from the one for the keystore)

 

  1. Click 'continue' 
  2. Click Finish.
  3. Reboot WebLogic Server.
  4. Verify certificate installation using the Symantec Installation Checker


BEA Weblogic

          For more information, refer to Weblogic documentation