The original certification path to the Entrust 2048 root looks like this:

->SSL Certificate (Webserver certificate)

    ->L1B Intermediate

        ->2048 Root

When implementing the 2048 to 1024 chain, create the following certification path on the server:

->SSL Certificate (Webserver certificate)

    ->L1B Intermediate

        ->Entrust 2048 Chain

            ->1024 Root

To implement this new chain, you must create a .pem file that contains all of the certificates in the path.  Using notepad, create a new file and save it as EntrustSSL.pem. The file should list the certificates in the following order:

-----BEGIN CERTIFICATE-----

(Your Webserver Certificate - obtained using the certificate pickup page.)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(The L1B Chain Certificate - obtained using the certificate pickup page as Chain Certificate.)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(The 2048 to 1024 Chain - obtained using our root pickup page as Entrust 2048 Chain.)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(The Entrust.net Secure Server Certification Authority (1024 bit root) - obtained using root pickup page as Entrust Secure CA.)

-----END CERTIFICATE-----

Save the .pem file with all of these certificates in the correct order.

The Entrust root pickup page can be accessed here:

To Install the certificate:

1 - Copy the private key file and the EntrustSSL.pem file to: \wlserver6.0\config\mydomain

2 - Give the private key and EntrustSSL.pem files protective rights so that only the System User can access these files.

3 - Open the BEA Administration Console.

4 - Open the Server Configuration window.

5 - Click the SSL tab.

6 - In the Server Certificate field, enter the full file name and path of the EntrustSSL.pem file.

7 - In the Server key field, enter the full file name and path of the private key used to generate the CSR.

8 - Set SSL port to 443.

9 - Enable SSL.

10 - Reboot the server.