Requesting a Private Key and Digital Certificate
You must submit your request in a particular format called a Certificate Signature Request (CSR). WebLogic Server includes a Certificate Request Generator servlet that creates a CSR. The Certificate Request Generator servlet collects information from you and generates a private key file and a certificate request file. You must then submit the CSR. Before you can use the Certificate Request Generator servlet, WebLogic Server must be installed and running.
1. Start the Certificate Request Generator servlet (
.war file is automatically installed when you start WebLogic Server. In a Web browser, enter the URL for the Certificate Request Generator servlet as follows:
hostname is the DNS name of the machine running WebLogic Server, and
port is the number of the port at which WebLogic Server listens for SSL connections.
For example, if WebLogic Server is running on a machine named
yourmachine and it is configured to listen for SSL communications at the default port
7002, you must enter the following URL in your Web browser to run the Certificate Request Generator servlet:
2. The Certificate Request Generator servlet loads a form in your web browser. Complete the form.
3. Click the Generate Request button. The Certificate Request Generator servlet displays messages informing you if any required fields are empty or if any fields contain invalid values. Click the Back button in your browser and correct any errors.
[su_note class=”warning”]Note on private key passwords: If you do not specify a password, you will get an unencyrpted RSA private key. If you specify a password, you will get a PKCS-8 encrypted private key. When using PKCS-8 encrypted private keys, you need to enable the Use Encrypted Keys field on the SSL tab of the Server window in the Administration Console.[/su_note]
4. When all fields have been accepted, the Certificate Request Generator servlet generates the following files in the startup directory of your WebLogic Server:
mydomain_com-key.der: The private key file. The name of this file should go into the Server Key File Name field on the SSL tab in the Administration Console.
mydomain_com-request.dem: The certificate request file, in binary format.
mydomain_com-request.pem: The CSR file that you submit. It contains the same data as the
.demfile but is encoded in ASCII so that you can copy it into email or paste it into a Web form.