Ask a Question

Advanced Search

Solution ID : SO22406

Last Modified : 05/02/2018

Certificate Signing Request (CSR) Generation Instructions for BEA Weblogic 8.0, 9.0 and 10.0


This document was created to assist with the generation of a Certificate Signing Request (CSR) for BEA Weblogic  8.x -10.x. If this document can not be used within the environment, RapidSSL recommends contacting an organization that supports Weblogic.
Step 1: Create a Keystore and Private Key
NOTE: As of 1/1/2016 all public SSL certificates must be issued as SHA-256 with at least a 2048-bit key size.  Please ensure that the server can support these standards before requesting a certificate.
  1. Create a keystore and private key by executing the following command.  The private key will be created within the keystore file and labeled with the alias provided in the command.  Please take note of the alias specified, the same alias is required for generating the Certificate Signing Request (CSR) and for the certificate install.

    keytool -genkey -alias [alias name] -keyalg RSA -keystore [keystore filename] -keysize 2048

    For example:

  2. Enter and re-enter a keystore password. Tomcat uses a default password of changeit. Hit Enter if you want to keep the default password. If you use a different password, you will need to specify a custom password in the server.xml configuration file.
  3. Enter the subject information for the SSL certificate.

    - First and last name / Common Name:  One of these fields will be presented.  Enter the host + domain the certificate will be issued to.  For example: or * for a wildcard.
    - Organizational Unit (OU): The department or organizational unit making the request.  For example: Technical Support
    - Organization (O): Enter the name of the organization requesting the certificate as it is registered.  Avoid special characters.  For example: Symantec Corporation
    - Locality or City (L): The Locality field is the city or town name, for example: Mountain View.
    - State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California
    - Country Name (C): Use the two-letter code without punctuation for country, for example: US
  4. The next step will be to set a private key password.  This will be in addition to the keystore password.


Step 2: Generate a Certificate Signing Request (CSR)

  1. Execute the following command to generate the CSR:

    keytool -certreq -keyalg RSA -alias [alias name] -file [CSR file] -keystore [keystore filename]

    For example:

    If an non-current version of Java is used, the command below may be used to specify the SHA-256 algorithm.

    keytool -certreq -keyalg RSA -alias [alias name] -file [CSR file] -keystore [keystore filename] -sigalg SHA256withRSA

    For example:

  2. Create a copy of the keystore file. Having a back-up file of the keystore at this point can help resolve installation issues that may occur when importing the certificate.
  3. To copy and paste the full CSR file contents into the enrollment form, open the file in a plain-text editor (Notepad or Vi are recommended).  Below is an example CSR, please be sure to submit the full contents of the CSR including the header and footer lines.



Once the certificate has been issued, refer to this link for installation instructions.