Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-04-10 14:29:59.0

SSL/TLS Certificate Installation Instructions - Weblogic

Article Number: 46428

User-added image
Purpose: SSL/TLS Certificate Installation Guide
For Weblogic 12+
User-added image
Skip to Installation

Need Certificate Signing Request (CSR) help? Read our technote here.

Before you Begin...

  • The steps to import the certificate require a utility called Keytool. All of the steps below will be performed using Java keytool.

  • Important: In order to install your certificate, you must use the same keystore that was created when you requested the certificate.  You must also use the same keystore alias name that was used when the keystore and corresponding private key were generated.  

  • Never share private keys or keystore files. 

  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).

  • It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.

  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.

  • For more information on SSL/TLS Best Practices, click here.

Installing your Entrust SSL/TLS Certificate on a Weblogic Server

1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a file named CertificateBundle.p7b.  This file includes the entire certificate chain. 

2. Type and run the following command on your Tomcat server – the sections that are underlined in this command are variables based on your keystore file name and the alias name you used to create your keystore and Certificate Signing Request.

Please note: It is recommended that you type the command into your terminal instead of pasting the command.

         keytool –import -trustcacerts -alias server –file CertificateBundle.p7b -keystore yoursite.jks

  • You will be prompted to supply your keystore password. You must supply the password to complete the import process.

  • If a prompt appears asking you if you want to trust the certificate, enter yes.

  • If the certificate installs correctly, you will see a message in the prompt that states “Certificate reply was installed in keystore

3. In Weblogic server administration, expand Servers and select the server you need to update.

4. Select Configuration -> Keystores -> SSL.

5. Click the Change link under Keystore Configuration.

6. Select Custom Identity and Java Standard Trust as the keystore configuration type and continue.

7. For the Custom Identity Keystore File Name, enter the path to your Java keystore. Select Keystore type as jks .

8. Enter your Custom Identity Keystore Passphrase as the password you used when you created the Java keystore

9. Confirm the password, click Continue and then Finish.

10. Go back under Servers and select the server that you are working with.

11. Select Configuration -> Keystores -> SSL.

12. Under Configure SSL, select Keystores as the method for storing identities.

13. Enter the server certificate key alias (in this example, myalias was used), and the keystore password

14. Click Finish to finalize the changes. You will need to reboot Weblogic for those changes to take effect.

 

Your SSL/TLS Certificate should now be installed. If you have any questions or concerns please contact the Entrust Certificate Services support department for further assistance.

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
 

CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

TN8461