New Technologies

  • Java
  • Javascript
  • DTML
  • Dot Net
  • ASP .Net
  • C# .Net
  • PHP
Your Ad Here

Saturday, May 10, 2008


SSL Generation PROCESS



The CertGen is only used for weblogic and works only on the system installed weblogic.

Set the class path in system environments variables to \bea\weblogic700\server\lib\weblogic.jar

Generate a Private key and a certificate (public key) using CertGen


Java utils.CertGen [EXPORT] [hostname]

Password : This is the password given to the private key.

Certfilename : This is the file name for the certificate. This is also called Public keyfilename : This is the name of the private key file.

Export : use this option, so that weblogic accepts the key.

Hostname : By default the hostname is the system name.


Java utils.CertGen satish123 weblogiccert weblogickey export

The files generated by the above example are:

Public keys (certificates)

Weblogiccert.pem (this is in pem format)

Weblogiccert.der (this is in der format)

Private keys:

Weblogickey.pem (this key is in pem format)

Weblogickey.der (this key is in der format)


Then generate a jks file using the above-generated private and public keys.

If we give an already existing file for a jks then the importprivatekey will override the contents and generate a new file so careful when giving the jks file name.


Java utils.ImportPrivateKey keystore keystorepass alias keypass certfile keyfile

E.g.: java utils.ImportPrivateKey satish.jks satish123 weblogickey satish123 weblogiccert.der weblogickey.der

Keystore : Name of the keystore (jks file name)

Keystorepass : Password for keystore.

Alias : this is the name we have to give in Server Private Key Alias in weblogic console (see below fig).

Keypass :Password of the private key given when generating the key

Certfile :name of the certificate filename.

Keyfile :name of the private key filename.


The below step is not necessary if we give the path in the startWebLogic.cmd

The trustedCAKeyStore is the path and name of the java key store (jks)

And the pkpassword is the password for the keystore.

If we have not given this weblogic will take the default keystore as j2sdk1.4.2_10\jre\lib\security\cacerts and the default password is “changeit” if we have not given the string . in startweblogic.cmd.



Then import the above generated public key or certificate to



Configuration in weblogic7.0 server

Go to https://localhost:7002/console

Now go to servers select myserver à connections à SSL

Set the default key store

Private Key Store Location:

To the jks that is generated for weblogic

Private Key Store Pass Phrase: Give the password

Declare the Server Private Key Alias: the alias name give for generation of weblogic keys.

Server Certificate File Name the path and name of the certificate file

Server Key File Name: give the name of private key

Server Private Key Pass phrase: Give the required password


Now restart the weblogic server to get the ssl try this on the default port no 7002

No comments:

Your Ad Here