You will receive an email from the Registration Authority when your certificate request has been approved that contains a link to a location where your certificate may be obtained. Clicking on this link will bring up a browser window that contains the details of your issued certificate and includes a section that looks something like the following:
-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----
Copy everything you see between and including the lines that look like
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
and paste it into an appropriately named text file e.g. mydomain_com-cert.pem - in the mydomain directory.
Note: If you obtain a private key file from a source other than the Certificate Request Generator servlet, verify that the private key file is in PKCS#5/PKCS#8 PEM format.
To use a certificate chain, append the additional PEM-encoded CA digital certificates to the digital certificate that was just issued to you for the WebLogic Server. The order is important (include the files in the order of trust). The server digital certificate should be the first digital certificate in the file. The issuer of that digital certificate should be the next file and so on until you get to the self-signed root certificate authority certificate. This digital certificate should be the last certificate in the file. You cannot have blank lines between digital certificates. Specify the file in the Server Certificate File attribute on the SSL Attributes tab in the WebLogic Server Administration Console.
To configure WebLogic Server to use the SSL protocol, you need to enter the following information on the SSL tab in the WebLogic Server Administration Console:
Storing Private Keys and Digital Certificates
Once you have a private key and digital certificate, copy the private key file generated
by the Certificate Request Generator servlet and the digital certificate you received into
the mydomain directory. Private Key files and digital certificates are generated in
either PEM or Definite Encoding Rules (DER) format. The filename extension
identifies the format of the digital certificate file. A PEM (.pem) format private
key file begins and ends with the following lines, respectively:
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
A PEM (.pem) format digital certificate begins and ends with the following lines,
respectively:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Note: Typically, the digital certificate file for a WebLogic Server is in one file, with either a .pem or .der extension, and the WebLogic Server certificate chain is in another file. Two files are used because different WebLogic Servers may share the same certificate chain.
The first digital certificate in the certificate authority file is the first digital certificate in the WebLogic Server's certificate chain. The next certificates in the file are the next digital certificates in the certificate chain. The last certificate in the file is a self-signed digital certificate that ends the certificate chain. A DER (.der) format file contains binary data. WebLogic Server requires that the file extension match the contents of the certificate file.
Note: If you are creating a file with the digital certificates of multiple certificate authorities or a file that contains a certificate chain, you must use PEM format. WebLogic Server provides a tool for converting DER format files to PEM format, and visa versa.
Copyright © Trustis Limited 2010. All
Rights Reserved
This document is licensed for use only in conjunction with the use of Trustis Trust
Services