Create a CSR and install and configure your SSL certificate on your WebLogic 8, 9, 10, 11, and 12.x server
Use these instructions to use Java Keytool for WebLogic servers to create your certificate signing request (CSR). Then, use Java Keytool and the WebLogic Administration Console to install and configure your SSL certificate on your WebLogic 8, 9, 10, 11, and 12.x server.
Restart Note: After you've installed your SSL/TLS certificate and configured the server to use it, you must restart your WebLogic server.
-
To create your certificate signing request (CSR), see WebLogic Server 8 – 12x: Create Your CSR with Java Keytool.
-
To install your SSL certificate, see WebLogic Server 8 – 12x: Install and Configure Your SSL/TLS Certificate.
I. WebLogic Server 8 – 12x: Create Your CSR with Java Keytool
Use the instructions in this section to first create a new Keystore file and then to create your own Java Keytool commands for generating your WebLogic server CSR.
Important: To avoid getting errors when you install and configure your SSL certificate, we recommend you generate a new Keystore before you create the CSR. This applies to certificate reissues and renewals.
Step 1: Use Keytool to Create a New Keystore
-
Run Command
keytool -genkey -alias server -keyalg RSA -keystore your_domain.jks
In the command above, your_domain should be the name of the domain you want to secure with this SSL certificate. When ordering a Wildcard certificate, do not include the asterisk (*) in the filename (e.g., your_domain). That is not a valid Keytool character.
-
Create New Keystore
-
When prompted, enter the information for your SSL certificate.
Important: When prompted for the first and last name, DO NOT type your first and last name. Instead, type the domain name the certificate is being issued for (e.g., www.yourdomain.com, mail.yourdomain.com, *.yourdomain.com).
-
When asked to verify your information, type "y" or "yes" to confirm.
-
Create a password
Next, you will need to create a password. You will use this password to generate your CSR and to import your certificate. Store this password in a safe, secure place (such as a trusted and secured password manager).
-
Step 2: Generate a Certificate Signing Request (CSR) from Your New Keystore
Recommended: Save yourself some time. Use the DigiCert Java Keytool CSR Wizard to generate a Keytool command to create your WebLogic CSR. Just fill out the form, click Generate, and then paste your customized Java Keytool command into your terminal.
How to Generate a CSR for WebLogic 8 - 12x Using Java Keytool
If you prefer to build your own Keytool commands to generate your WebLogic CSR, follow the instructions below.
-
Run Command
In Keytool, type the following command:
keytool -certreq -alias server -keyalg RSA -file your_domain.csr -keystore your_domain.jks
In the command above, your_domain should be the name of the domain you want to secure with this SSL certificate. When ordering a Wildcard certificate, do not include the asterisk (*) in the filename (e.g., your_domain). That is not a valid Keytool character.
-
Generate CSR
-
When prompted, type the password you created earlier (when you created your new Keystore).
-
Your CSR should now be created.
-
-
Back-up Keystore File
We recommend that you create a back-up copy of the Keystore file before continuing on. Having a back-up of the Keystore file can help resolve issues that may occur during certificate installation.
-
Order Your SSL/TLS Certificate
-
Open the your_domain.csr file you created with a text editor.
-
Copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it in to the DigiCert order form.
-
-
Install Certificate
After you've received your SSL certificate from DigiCert, you can install it on your server.
II. WebLogic Server 8 – 12x: Install and Configure Your SSL/TLS Certificate
If you still need to create a certificate signing request (CSR) and order your certificate, see WebLogic Server 8 – 12x: Create Your CSR with Java Keytool.
After we've validated and issued your SSL certificate, you can install it on your WebLogic 8, 9, 10, 11, or 12.x server (where the CSR was generated) and configure the server to use the certificate.
Step 1: Use Java Keytool to Install Your SSL Certificate in WebLogic
-
Download Certificate
Download the your_domain_com.p7b certificate file from your DigiCert Account.
On the My Orders tab, click the order number link and then click Download.
-
Install the Certificate File in Your Keystore
-
Run the command below to install the certificate.
keytool -import -trustcacerts -alias server -file /your_domain_com.p7b
-keystore your_domain_com.jksNote: Make sure to replace your_domain_com with the domain the certificate is securing.
-
You should get a confirmation that the "Certificate reply was installed in keystore".
-
If you are prompted to trust the certificate, type "y" or "yes".
-
The installation of this file loads all the necessary certificates to your Keystore.
-
-
Now you just need to configure your server to use the certificate.
Step II: Configure the Keystore for Use in WebLogic
-
On your WebLogic server, expand the Servers node and select the server you need to configure.
-
Next, go to Configuration-->Keystores and SSL.
Note: Under Keystore Configuration, several default Keystores or previously installed Keystores may be displayed.
-
To enable your new keystore, under Keystore Configuration, click the Change... link
-
Select Custom Identity and Java Standard Trust as your keystore configuration type, and then click Continue.
-
Under Custom Identity Keystore File Name, type the full path to the your_domain.jks file on your WebLogic server.
-
For Custom Identity Keystore Type, select jks.
-
For Custom Identity Keystore PassPhrase, type the password you created when creating the Keystore.
Note: If you have forgotten that password, you will need to begin the process of creating your Keystore from the beginning (see WebLogic Server 8 – 12x: Create Your CSR with Java Keytool).
-
When asked again, type your Keystore password and confirm.
-
Click Continue. Then click Finish.
-
Go back and expand the Server node and select the server you are configuring.
-
Next, go to Configuration-->Keystores and SSL and under Keystore Configuration, click the Change… link
-
On the Configure SSL page, select Key Stores as the method in which identity and trust is stored for the WebLogic server.
-
Specify the Private Key Alias and Passphrase that were used when creating your Keystore.
Note: If you followed our instructions or used our command generator, "server" is your alias. The passphrase is the keystore password.
-
Click Continue. Then click Finish.
-
Reboot the WebLogic server.
Congratulations! Your Keystore should now be installed and enabled on your WebLogic server.
Testing Your SSL/TLS Certificate Installation
DigiCert® SSL Installation Diagnostic Tool
If your site's publicly accessible, use our Server Certificate Tester to test your SSL/TLS certificate installation; it detects common installation problems.