Articles in Root

Create a CSR in BEA WebLogic

Problem

How to generate a CSR on BEA WebLogic?

Solution

You must start the Certificate Request Generator.

  1. Open a new browser.
  2. Enter in https://[hostname]:[port]/certificate

    Note: [hostname] is the DNS name of the machine running the WebLogic Server.
    Note: [port] is the number of the port for SSL connections.  BEA WebLogic defaults this to 7002.
    Example: https://localhost:8443/certificate
    After you have done this, a form should load on your web browser.
  3. You should fill out the details in this form according to the information below:

    Country code: Use the two-letter code without punctuation for country, for example: BM or UK or CH.
    Organizational unit name: This field is the name of the department of other group making the request within the organization.
    Organization name: This is the exact legal name of the company as it is registered.
    Email address: BEA WebLogic requires you to enter in an email address that will show up in the certificate.
    Full host name: This is also referred to as the Common Name in the certificate or as the FQDN.  This is the Host plus the Domain Name.  It looks like "secure.example.com" or "example.com".
    Locality name (city): The Locality field is the city or town name, for example: Hamilton or London.
    State name: Spell out the state completely; do not abbreviate the parish, state or province name, for example: Pembroke or Connecticut.
    Private Key Password: This is the password used to encrypt the private key of your SSL certificate.  You have two options with this field.
  4. If you leave this field blank, the server will generate an unencrypted RSA private key.
  5. If you decided to enter in a password, the server will generate a PKCS-8 encrypted private key.  Please remember this password as you will need it for the install.
    Note: The password must be at least 6 characters long.
    Note: In the Administration Console, you will need to enable the Use Encrypted Keys field on the SSL tab in the server window or you will not be able to use the private key.
    Random string: This is optional but recommended.  You must enter in a string of characters used by the encryption algorithm to enhance security.  If you decided to do this step, QuoVadis recommends that you enter in a string of random characters including capital letters, lowercase letters, symbols, numbers and spaces.
    Note: You do not have to memorize the string you input.
    Note: If you do not see Random string in the form, then ignore this step.
    Strength: Select Domestic - 1024 bit key length.

  6. Click on Generate Request.

    The following three files will be created in the startup directory of your WebLogic server:
    [Full host name]-key.der - This is your private key to your SSL certificate.
    [Full host name]-request.dem - This is the  CSR (certificate signing request) in binary format.
    [Full host name]-request.pem - This is the CSR that you should submit.
  7. Open [Full host name]-request.pem using a simple text editor such as Notepad.
  8. Copy all the contents of [Full host name]-request.pem including the BEGIN and END NEW CERTIFICATE REQUEST (as seen below).
    -----BEGIN NEW CERTIFICATE REQUEST-----
    (contents of [Full host name]-request.pem)
    -----END NEW CERTIFICATE REQUEST-----
  9. Paste the information you just copied into the form that can be found on the QuoVadis website.