Entrust Certificate Services Support Knowledge Base
Last Modified: 2015-11-25 15:25:12.0
TN 8461 - SSL/TLS Certificate Installation Instructions - WeblogicBefore you Begin
- The steps to import the certificate require a utility called
Keytool. All of the steps below will be performed using Java keytool.
- Important: In order to install your certificate, you must use the same keystore that was created when you requested the certificate. You must also use the same keystore alias name that was used when the keystore and corresponding private key were generated.
- Never share private keys or keystore files.
- If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
- It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
- Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
- For more information on SSL/TLS Best Practices, click here.
1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a file named CertificateBundle.p7b. This file includes the entire certificate chain.
2. Type and run the following command on your Tomcat server – the sections that are underlined in this command are variables based on your keystore file name and the alias name you used to create your keystore and Certificate Signing Request.
Please note: It is recommended that you type the command into your terminal instead of pasting the command.
keytool –import -trustcacerts -alias server
–file CertificateBundle.p7b -keystore yoursite.jks
- You will be prompted to supply your keystore password. You must supply the password to complete the import process.
- If a prompt appears asking you if you want to trust the certificate, enter yes.
- If the certificate installs correctly, you will
see a message in the prompt that states “Certificate
reply was installed in keystore”
3. In Weblogic server administration, expand Servers and select the server you need to update.
4. Select Configuration -> Keystores -> SSL.
5. Click the Change link under Keystore Configuration.
6. Select Custom Identity and Java Standard Trust as the keystore configuration type and continue.
7. For the Custom Identity Keystore File Name, enter the path to your Java keystore. Select Keystore type as jks .
8. Enter your Custom Identity Keystore Passphrase as the password you used when you created the Java keystore
9. Confirm the password, click Continue and then Finish.
10. Go back under Servers and select the server that you are working with.
11. Select Configuration -> Keystores -> SSL.
12. Under Configure SSL, select Keystores as the method for storing identities.
13. Enter the server certificate key alias (in this example, myalias was used), and the keystore password
14. Click Finish to finalize the changes. You will need to reboot Weblogic for those changes to take effect.