Generate CSR: BEA WebLogic Server 8 & 9 &10

Follow these instructions to generate a Private Key and CSR.

1. Using the java keytool command line utility, the first thing you need to do is create a keystore and generate the key pair. Do this with the following command: keytool -genkey -keysize 1024 -keyalg RSA -alias tomcat -keystore mykeystore

Tip: The 1024 in the command above is the key bit length. ipsCA recommends at leat 1024 (2048 for EV SSL).

2. You will be prompted for a password for the keystore. Tomcat uses a default password of "changeit". Hit enter if you want to keep the default password. If you use a different password, you will need to specify a custom password in the server.xml configuration file.


3. You will be prompted for a password for the private key within the keystore. If you press enter at the prompt, the key password is set to the same password as that used for the keystore from the previous step. The key password must be at least 6 characters long. Make a note of the passwords. If lost they cannot be retrieved.


4. You will be asked for several pieces of info which will be used by ipsCA to create your new SSL certificate. These fields include the Common Name (aka domain, FQDN), organization, country, key bit length, etc. Use the CSR Legend in the right-hand column of this page to guide you when asked for this information. The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &


5. On some older versions of the keytool utility, the next field that you will be prompted for is What is your first and last name? At this prompt, you must specify the Common Name of your web site (see CSR legend), not your real first and last name.


6. You will then be prompted for your organizational unit, organization, etc.


7. Now generate the Certificate Signing Request (CSR) from the private key generated above using the following command: keytool -certreq -alias tomcat -file yourdomain.csr -keystore mykeystore This creates a CSR and stores it in a file named yourdomain.csr.


8. Save a copy of your CSR.
   Below is an example of what your CSR will look like. This is a example only and cannot be used to generate your SSL certificate.

-----BEGIN CERTIFICATE REQUEST----- MIIB3zCCAUgCAQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdHZW9yZ2lhMRAw DgYDVQQHEwdBdGxhbnRhMREwDwYDVQQKEwhHZW9DZXJ0czEaMBgGA1UECxMRSW5l cm5ldCBNYXJrZXRpbmcxGTAXBgNVBAMTEHd3dy5nZW9jZXJ0cy5jb20xITAfBgkq hkiG9w0BCQEWEmFkbWluQGdlb2NlcnRzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEA5KOi+RnRzBuBQeFYjrwZg1sfT7zr4L8j0Khuoj621x+lGBmFC76c kGclUIQBmuyp9T9NrNqAjGtEmgdFr6cWLJtgXgi+BaZDLX9BMYF49NuTggNoEUMX crQRAENHb2YthG2SEcF5p98RNcDPzWOA3a4AMvgkxDlDGYUhbcQhnt0CAwEAAaAA MA0GCSqGSIb3DQEBBAUAA4GBAIapt6Tw0BTYUwEAX0/oKvaaN/ghErR85jdW7xOD b1hL0yNfb495A7e/IQyBEP5a/v+QUOtibHS4geiPhH9etAI+DSQmctjbf6dMGJql gCXGwlsTbjPOSmNT+/X2Uvf1BlplwqAMDghEuFHsjshlypz1NEg94ri2K9N1VrBs
+iAv
-----END CERTIFICATE REQUEST-----

WebLogic 8, 9 and 10 SSL Certificate Installation

Install your SSL Digital Certificate in WebLogic

1.      First, download the your_domain_com.p7b certificate file

2.      Run the following command to install the certificate file to your keystore:

keytool -import -trustcacerts -alias server -file your_domain_com.p7b -keystore your_domain.jks

You should get a confirmation stating that the "Certificate reply was installed in keystore"

If it asks if you want to trust the certificate. Choose y or yes.

The installation of this file loads all the necessary certificates to your keystore. Now you just need to configure your server to use it.

Configuring the Keystore for use in WebLogic

1. On your WebLogic server, expand the "Servers" node and choose the server you will be configuring.

2.      Next, go to Configuration-->Keystores and SSL.

Several default keystores or previously installed keystores may be displayed under "Keystore Configuration."

3. To enable your new keystore, click the "Change..." link under "Keystore Configuration."


4. Choose "Custom Identity and Java Standard Trust" as your keystore configuration type, then click Continue.


5. Under "Custom Identity Keystore File Name" enter the full path to the your_domain.jks file on your server.


6. For "Custom Identity Keystore Type" select jks.

7.      The "Custom Identity Keystore PassPhrase" should be the password you specified when the keystore was created.

If you have forgotten that password, you will need to begin the process of creating your keystore from the beginning.

8. You will again be asked to enter your keystore password and confirm.


9. Click Continue, and then Finish.


10. You will now need to go back under the "Servers" node and select the server you are configuring.


11. Next, go to Configuration-->Keystores and SSL, then click the "Change..." link under "Keystore Configuration."


12. In the Configure SSL page, choose "Key Stores" as the method in which identity and trust is stored for the WebLogic server.

13.  Specify the "Private Key Alias" and "Passphrase" that were used when creating your keystore.

If you followed our instructions or used our command generator, "server" is your alias. The passphrase is the keystore password.

14.  Click Continue, then Finish.

Reboot the WebLogic server. Your keystore should now be installed and enabled.

return to the top

© 1995 - 2009 ipsCA, IPS Certification Authority, S.L. all Rights reserved. Our CPS summarized or complete, CRLs, Root Certificates and legal documents   can be found in our repository Read our  Privacy Policy and Terms of Use