SSL Certificates

SSL Certs, SSL Certificate, SSL Certificates

Securing Your Online Business

Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2009-12-16 11:04:51.0

TN 7881 - How do I install a SSL certificate with BEA Weblogic (Version 7 or older) using 2048 Chain?

Problem:
BEA Weblogic requires a certificate from a CA that has the Basic Constraints extension.

Cause:

The Entrust.net Certification Authority (2048) CA root certificate does not include the Basic Constraints field.
 
Solution:

Create a new certification path that chains your SSL certificate to the Entrust1024 bit root, which includes the Basic Constraints field.
 

The original certification path to the Entrust 2048 root looks like this:

 

->SSL Certificate (Webserver certificate)

    ->L1C Intermediate

        ->2048 Root

 

When implementing the 2048 to 1024 chain, create the following certification path on the server:

->SSL Certificate (Webserver certificate)

    ->L1C Intermediate

        ->Entrust 2048 Chain

            ->1024 Root

 

To implement this new chain, you must create a .pem file that contains all of the certificates in the path. 

To create a .pem file

1. To obtain the Entrust root, navigate to http://www.entrust.net/developer/index.cfm.  

2. Using Notepad, create a new file and save it as EntrustSSL.pem. The file should list the certificates in the following order:

 

-----BEGIN CERTIFICATE-----

(Your Webserver Certificate - obtained using the certificate pickup page.)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(The L1C Chain Certificate - obtained using the certificate pickup page as Chain Certificate.)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(The 2048 to 1024 Chain - obtained using our root pickup page as Entrust 2048 Chain.)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(The Entrust.net Secure Server Certification Authority (1024 bit root) - obtained using root pickup page as Entrust Secure CA.)

-----END CERTIFICATE-----

 

2. Save the EntrustSSL.pem file with all of these certificates in the correct order.

 

You can now install the certificate.

 

 

To install the certificate

 

1. Copy the private key file and the EntrustSSL.pem file to: \wlserver6.0\config\mydomain.

 

2. Give the private key and EntrustSSL.pem files protective rights so that only the System User can access these files.

 

3. Open the BEA Administration Console.

4. Open the Server Configuration window.

 

5. Click the SSL tab.

 

6. In the Server Certificate field, enter the full file name and path of the EntrustSSL.pem file.

 

7. In the Server key field, enter the full file name and path of the private key used to generate the CSR.

 

8. Set SSL port to 443.

9. Enable SSL.

 

10. Reboot the server.


SSL Certificates

buyEV Multi-Domain SSL

buyAdvantage SSL

buyStandard SSL

buyUC Multi-Domain SSL

buyAdobe CDS

buyCode Signing Certificates

buySecure Email Certificates