Generate SSL Certificate Using the Keytool for Weblogic SSL Configuration Keytool is utility provided by the Java

software 1) Create a folder (cert- anywhere). Here we are creating cert folder under C:\cert 2) Set the WLST Environment using C:\bea\weblogic91\server\bin\ setWLenv cmd

Goto C:\cert directory and run the bellow cmd to generate the keystore keytool -genkey -alias one -keyalg RSA -keystore sample.jks Note : Dont give space while entering first name and last name

Next run the following cmd to generate the CSR keytool -certreq -keyalg RSA -alias one -file certreq.csr -keystore sample.jks

Goto google.com and type SSL Certigicate and open Verising site Click on Free 30 day SSL Trial

Click on Verisign @ SSL Test Ceritificate

Click on Continue

Enter the Technical contact & click on Continue

Select Server not listed on dropdown list

Give the server name (here we need give to which server provide security) as weblogic 9.1

Open C:\cert\ certreq.csr file and copy the content as specified in the below screen and submit the certreq.csr

Accept the Agreement & click on submit

You will get the Mail to your mail box as shown below

Verisign will send you the Certificate file in the mail 1. Root CA 2. Intermediate CA

Click on first link as shown in the below mail to download

Click the link

Click on the link

Click on Select All button and copy in to one text file in C:\cert and named it as CA.pem

Goto second link which received the mail. Do the same for intermediate certificate as well

Click on select all button and copy in to one text file in C:\cert and named it as IntermediateCA.pem

Copy the content Bellow the two links and saved as public.pem

Total 3 files

To understand these pem files to Keytool, We need to follow below steps keytool -import -alias verisignCA -file CA.pem -keystore sample.jks -trustcacerts

Next run the bellow cmd keytool -import -alias verisignIntermediateCA -file IntermediateCA.pem -keystore sample.jks -trustcacerts

Next run the following cmd keytool -import -alias one -file public.pem -keystore sample.jks -trustcacerts Note : While saving dont include any spaces in public.pem file

By using below command check all the reports are successfully imported or not keytool list keystore sample.jks -v

Go to weblogic console and enable SSL port (domain -> adminserver->configuration -> general)

Go to keystore tab.

For SSL Tab add the following changes

Alias name Give the keytool password (Eg: weblogic)

Restart the Weblogic admin server , In admin server console it will show the following information

Next open console with https://localhost:7004/console (Mozilla firefox)

Click on I understand the risks

Click on Add Exception

Right click on the console any where select view page Info

Click on details button

Click on view certificate here we can identify certificate information

Next open console with https://localhost:7004/console (Internet Explorer)

There is no Root CA Certificate in your Browser , install RootCA certificate in your browser Click on view certificate

Click on Install certificate

Click on next button

Click on next button

Click on finish

Click on ok

Click on yes button

Login here

Right click on the console any where goto properties

Click on certificate

Here we can identify Certifificate Information

Click on details to know the other details

Click on certification path to know where it is located