![]() |
![]() |
Generating a CSR for BEA WebLogic Server
This document describes how to generate a CSR (Certificate Signature Request) for WebLogic Server.
Preparing to Generate a CSR
WebLogic Server is available with exportable- or domestic-strength SSL.
The standard WebLogic Server distribution supports only exportable-strength SSL. The domestic version is available only by request to your BEA sales representative. Since the United States Government relaxed restrictions on exporting encryption software in early 2000, so the domestic WebLogic Server version can be used in most countries.
Important! You should use the domestic WebLogic Server distribution to generate a CSR and to deploy your applications. If you generate your CSR using the exportable WebLogic Server distribution, you cannot accept high-strength connections and you cannot authenticate clients that present domestic-strength certificates.
Prerequisites
Check the following prerequisites before you continue:
You can verify that SSL is operational and that you have domestic strength SSL by searching the WebLogic Server log for a message like this one:
<SSLListenThread> Using domestic strength SSL.
If you do not know this password, you will need the help of your WebLogic Server system administrator.
Generating a Key Pair and CSR for WebLogic Server
You use the Certificate Request Generator servlet to generate your private key, public key, and CSR.
http://hostname:port/Certificate
For example, if WebLogic Server is running on the computer named "ogre" and it is configured to listen at the default port 7001, enter this URL in your browser:
http://ogre:7001/Certificate
The Certificate Request Generator servlet loads a form in your browser.
Country code The two digit-ISO code for your country. The code for the United States is "US". You can find a complete list here. Organizational unit name The name of your division, department, or other operational unit of your organization. Organization name The name of your organization. The certificate authority may require that the host name you enter is in a domain registered with the InterNIC to this organization. E-mail address Enter the e-mail address of the host administrator. Full host name Enter the fully-qualified name of the server where the certificate will be installed. This is the name used for DNS lookups of the server, such as www.mydomain.com. Browsers compare the site name in the URL to the name in the certificate. If you change the name later, you must request a new certificate. Locality name (city) Enter the name of your city, town, or other locality. If you operate with a license granted by a city, this is a required field and you must enter the name of the city that granted your license, and you must enter your State or Province in the State name field. State name If you are in the United States or Canada, enter the name of the State or Province in which your organization operates. Do not abbreviate. Random string (Optional) Enter a string of characters to be used by the encryption algorithm. You do not have to remember this string in the future. It is used to add an external factor to the encryption algorithm, making it more difficult for anyone to break the encryption. For this reason, you should enter a string that is not likely to be guessed. A long string with a good mixture of uppercase and lowercase letters, digits, spaces, and punctuation characters contributes to more secure encryption. Strength The length (in bits) of the keys to be generated. The longer the key, the more difficult it is for someone to break the encryption. If you have the exportable WebLogic Server version, this field does not appear. 512-bit keys are generated. With the domestic version, you can choose 512-, 768-, or 1024-bit keys. 1024-bit is recommended.
The Servlet displays messages if any required fields are empty or if any fields contain invalid values. Click Back in your browser and correct any errors.
When all of the fields have been accepted, the Servlet displays the Certificate Request, the name of your private key file, and the name of the certificate request file.
Additional Information
Refer to Using WebLogic SSL for additional instructions on installing your certificate and configuring WebLogic SSL.
|
Copyright © 2000 BEA Systems, Inc. All rights reserved.
|