|
ipsCA sent you your server Certificate.
After
you receive your certificate, two other certificates will be
necessary to setup your SSL Server, IPS SERVIDORES ROOT CERTIFICATE and
the intermediate CA IPSCA CLASEA1. It is essential that these
certificates are also installed on your webserver in order to establish
correct SSL connections with your customer's browsers. Should they
be required, you may download these certificates individually or jointly as a bundled file below:
IPSServidores.crt
IPSCACLASEA1.crt
Before installing the server certificate, install both
certificates. Follow the instructions in 'Storing a CA certificate'.
When you receive your certificates you need to
store them in the mydomain directory.
Note: If you obtain a private key file from a
source different from the Certificate Request Generator servlet, verify that the
private key file is in PKCS#5/PKCS#8 PEM format.
To use a certificate chain, append the
additional PEM-encoded digital certificates to the
digital
certificate that IPSCA issued for the WebLogic Server. This is
the intermediate CA IPSCLASEA1. The last
digital
certificate in the file chain will be the
IPSSERVIDORES digital
certificate that is self-signed (that is, the rootCA certificate).
Configure WebLogic Server to use the SSL protocol. You need to enter the following information on the SSL tab in the Server Configuration window:
In the Server Certificate File Name field, enter the full directory location
and name of the digital certificate for WebLogic Server.
In the Trusted CA File Name field, enter the full directory location and name
of the digital certificate for ipsCA who signed the digital certificate of WebLogic Server. In the Server Key File Name field, enter the full directory
location and name of the private key file for WebLogic Server.
Use the following command-line option to start WebLogic Server.
-Dweblogic.management.pkpassword=password where password is the password
defined when requesting the digital certificate.
Storing Private
Keys and Digital Certificates
Once you have a private key and digital certificate, copy the private key file
generated by the Certificate Request Generator servlet and the digital
certificate you received into the mydomain directory. Private Key files and
digital certificates are generated in either PEM or Definite Encoding Rules
(DER) format. The filename extension identifies the format of the digital
certificate file. A PEM (.pem) format private key file begins and ends with the
following lines, respectively:
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
A PEM (.pem) format digital certificate begins and ends with the following
lines, respectively:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Note: Typically, the digital certificate file
for a WebLogic Server is in one file, with either a .pem or .der extension, and
the WebLogic Server certificate chain is in another file. Two files are used
because different WebLogic Servers may share the same certificate chain.
The first digital certificate in the
certificate authority file is the first digital certificate in the WebLogic
Server's certificate chain. The next certificates in the file are the next
digital certificates in the certificate chain. The last certificate in the file
is a self-signed digital certificate that ends the certificate chain. A DER
(.der) format file contains binary data. WebLogic
Server requires that the file extension match the contents of the certificate
file.
Note: If you are creating a file with the
digital certificates of multiple certificate authorities or a file that
contains a certificate chain, you must use PEM format. WebLogic Server provides
a tool for turning DER format files into PEM format, and vice versa.
|
