WebLogic Server Command Reference
WebLogic Server provides the ValidateCertChain
utility to check whether or not an existing certificate chain will be rejected by WebLogic Server. The utility uses certificate chains from PEM files, PKCS-12 files, PKCS-12 keystores, and JKS keystores. A complete certificate chain must be used with the utility. The following is the syntax for the ValidateCertChain
utility:
java utils.ValidateCertChain -file pemcertificatefilenamejava utils.ValidateCertChain -pem pemcertificatefilenamejava utils.ValidateCertChain -pkcs12store pkcs12storefilenamejava utils.ValidateCertChain -pkcs12file pkcs12filename passwordjava utils.ValidateCertChain -jks alias storefilename [storePass]
Example of valid certificate chain:
Example of invalid certificate chain:
java utils.ValidateCertChain -jks mykey mykeystoreCert[0]: CN=corba1,OU=FOR TESTING ONLY, O=MyOrganization,L=MyTown,ST=MyState,C=US
CA cert not marked with critical BasicConstraint indicating it is a CACert[1]: CN=CACERT,OU=FOR TESTING ONLY, O=MyOrganization,L=MyTown,ST=MyState,C=USCertificate chain is invalid