SSL Configuration for WebLogic

How to Generate Certificate Using the Key tool for Weblogic

The keytool is special utility provided by the Java to work with Certificates and security stuff. Here in this we will let you know the each option that is useful to create java key store, sign the keystore and

Step 1 Set the WebLogic environment variables available with the PATH, CLASSPATH etc., by issuing C:\bea\weblogic91\server\bin\setWLSEnv.cmd

On UNIX environments, The profile will be set to work, otherwise you can make sure by running script from $WL_HOME/server/bin path.

Step 2 Create a dedicated folder (SSLCert- anywhere) to store all Certificate stuff in it. Here we made a folder name as ‘cert’ under c:\cert

Step 3  Generating a “sample.jks” file with java keytool command.

keytool -genkey -alias one -keyalg RSA -keystore sample.jks  

Note : Please don’t give space while entering your first name and last name as inputs you can enter as sample shown.

Step 4 Creating a certificate request using keytool with the following command

keytool -certreq -keyalg RSA -alias one -file certreq.csr -keystore sample.jks

Better choice to experiment with trail certificates on test environments. Please don’t use this scenario for production environment. Easy ways to get a kick start at Google and type SSL Certificate and open VeriSign website. Click on “Free 30 day SSL Trial”

Click on VeriSign @ SSL Test Certificate

Step 5

Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

Now you need to enter the data

Open C:\cert\certreq.csr file and copy the content as specified in the below screen and submit the certreq.csr

Click on Submit

You will get the Mail to your mail box as shown below

VeriSign will send you the Certificate file to your email that you enter while registering. There are two important  certificate links

1. Root CA certificate

2. Intermediate CA certificate

Click on each link as shown in the lower side of email message that is for download.

Download the Root CA  

Click the link


Click on select all button and copy in to one text file in C:\bea\SSLCert and named it as CA.pem Go to second link which is given in the email. Do the same for intermediate CA certificate as well.

Copy the content and saved as public.pem

Total 3 files

Step 6: To understand these .pem files to Keytool, We need to follow below steps

keytool -import -alias verisignCA -file CA.pem -keystore sample.jks -trustcacerts

keytool -import -alias verisignIntermediateCA -file Intermediate.pem -keystore sample.jks -trustcacerts

Step 7  converting to trusted

keytool -import -alias one  -file public.pem -keystore sample.jks -trustcacerts

Note : While saving don’t include any spaces in public.pem file

By using below command check all the reports are successfully imported or not

Step  8

keytool -list -keystore mykeystore.jks -v

Go to WebLogic console and enable SSL port

(domain -> adminserver->configuration -> general)

Go to keystore tab.

For SSL Tab add the following changes

Now, restart the WebLogic admin server, open the admin server logs file it will show the following information

Enable Admin server using SSL Port

When you browser with https first time it will be like this…

Now SSL configuration completed.  You can verify that use the https://localhost:7002/console there is no Root CA Certificate in your Browser, install RootCA certificate in your browser

Click on Yes button