HOME | FAQ | CONTACT

Installing an SSL certificate on BEA Weblogic

Part one: Download and save your certificates and key

    1. Open the email we sent you, that contains the certificate for your domain name.

    2. Copy the certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

    3. Paste the certificate into a blank document in a text editor. Use an editor that will not add characters, such as TextPad.

    4. Save the document. We recommend that you name it YourDomainName.crt and save it in /wlserver6.0/config/mydomain.

      We recommend that you also back up your certificate on another computer or storage device.

    5. Confirm which certificate you purchased, and determine which set of Root and Intermediate certificates to download.

      To confirm which certificate you purchased, review your order confirmation.

      • If you purchased SBS Instant, download set A below.

      • If you purchased SBS Secure or Secure Plus, download set B below.

      A -- SBS Instant

      -OR-

      B -- SBS Secure and Secure Plus

    6. Download the Root-Intermediate set for your domain name certificate. To download, right-click each certificate file name and select Save Target As.

      Save the certificates to the /wlserver6.0/config/mydomain directory of your Web server.

    7. If your private key is not already in /wlserver6.0/config/mydomain, put a copy there.

    Part two: Build certificate chains

    WebLogic uses two chain files, one that acts as the certificate for your domain name, and the other that defines trusted Certificate Authorities.

    To build the chain for your domain name

    1. Open a text editor and paste the contents of each certificate. Paste the certificate for your domain name at the top, and work your way sequentially to the Root certificate. Include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- strings. For example, if you purchased SBS Instant, your certificate chain will look like this:

      -----BEGIN CERTIFICATE-----
      YourDomainName.crt
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      InstantValidationSBSIntermediate2CA.crt
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      InstantValidationAddTrustUTNServerIntermediate1CA.crt
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      InstantValidationUTN-USERFirst-HardwareGlobalRoot.crt
      -----END CERTIFICATE-----

    2. Save the combined file to the /wlserver6.0/config/mydomain directory as SBSInstantChain.pem (or, if you purchased SBS Secure or Secure Plus, SBSSecureChain.pem).

    To build the chain that defines trusted Certificate Authorities

    1. Open a text editor and paste the contents of each Intermediate and Root certificate. Paste the lowest-ranking Intermediate at the top, and work your way sequentially to the Root certificate. Include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- strings. For example, if you purchased SBS Instant, your certificate chain will look like this:

      -----BEGIN CERTIFICATE-----
      InstantValidationSBSIntermediate2CA.crt
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      InstantValidationAddTrustUTNServerIntermediate1CA.crt
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      InstantValidationUTN-USERFirst-HardwareGlobalRoot.crt
      -----END CERTIFICATE-----

    2. Save the combined file to the /wlserver6.0/config/mydomain directory as SBSInstantTrustedCAChain.pem (or SBSSecureTrustedCAChain.pem).

    To protect your system, assign read-only permissions to the WebLogic administrator, and no access to any other users, for the private key, the certificate for your domain name, and the SBS*Chain.pem file.

    Part three: Configure WebLogic

    1. In the Server Configuration window, open the SSL tab.
    2. In the Server Certificate File Name field, enter the full directory location and name of the digital certificate for WebLogic Server (something like /wlserver6.0/config/mydomain/SBSInstantChain.pem).
    3. In the Trusted CA File Name field, enter the full directory location and name of the trusted chain file (something like /wlserver6.0/config/mydomain/SBSInstantTrustedCAChain.pem).
    4. In the Server Key File Name field, enter the full directory location and name of the private key file for WebLogic Server.
    5. Enable SSL.
    6. Set SSL Listen Port to 443.
    7. In most cases, the Client Certificate Enforced check box should be cleared.
    8. Click Apply.
    9. Reboot the WebLogic server.

    Use the following command to start WebLogic Server:

    • -Dweblogic.management.pkpassword=password where password is the password defined when requesting the digital certificate.

    Note: WebLogic requires PEM format for the certificate chains. WebLogic Server provides a tool for converting DER format files to PEM format, and visa versa.




Copyright © 2008 Secure Business Services, All rights reserved. Terms of Service | Privacy Policy