BEA Logo BEA WebLogic Server Release 1.1

  Corporate Info  |  News  |  Solutions  |  Products  |  Partners  |  Services  |  Events  |  Download  |  How To Buy

Generating a CSR for BEA WebLogic Server

 

This document describes how to generate a CSR (Certificate Signature Request) for WebLogic Server.

Contents
Preparing to Generate a CSR
Generating a Key Pair and CSR for WebLogic Server
Additional Information

Preparing to Generate a CSR

WebLogic Server is available with exportable- or domestic-strength SSL.

The standard WebLogic Server distribution supports only exportable-strength SSL. The domestic version is available only by request to your BEA sales representative. Since the United States Government relaxed restrictions on exporting encryption software in early 2000, so the domestic WebLogic Server version can be used in most countries.

Important! You should use the domestic WebLogic Server distribution to generate a CSR and to deploy your applications. If you generate your CSR using the exportable WebLogic Server distribution, you cannot accept high-strength connections and you cannot authenticate clients that present domestic-strength certificates.

Prerequisites

Check the following prerequisites before you continue:

Generating a Key Pair and CSR for WebLogic Server

You use the Certificate Request Generator servlet to generate your private key, public key, and CSR.

Follow these steps:

  1. In a web browser, enter the URL for the WebLogic Server Certificate Request Generator servlet. The URL is in this format:

    http://hostname:port/Certificate

  2. The browser prompts for a WebLogic Server login and password. Log in as system.

    The Certificate Request Generator servlet loads a form in your browser.

  3. Complete the Certificate Request Generator form as follows:

    Country code

    The two digit-ISO code for your country. The code for the United States is "US". You can find a complete list here.

    Organizational unit name

    The name of your division, department, or other operational unit of your organization.

    Organization name

    The name of your organization. The certificate authority may require that the host name you enter is in a domain registered with the InterNIC to this organization.

    E-mail address

    Enter the e-mail address of the host administrator.

    Full host name

    Enter the fully-qualified name of the server where the certificate will be installed. This is the name used for DNS lookups of the server, such as www.mydomain.com. Browsers compare the site name in the URL to the name in the certificate. If you change the name later, you must request a new certificate.

    Locality name (city)

    Enter the name of your city, town, or other locality. If you operate with a license granted by a city, this is a required field and you must enter the name of the city that granted your license, and you must enter your State or Province in the State name field.

    State name

    If you are in the United States or Canada, enter the name of the State or Province in which your organization operates. Do not abbreviate.

    Random string

    (Optional) Enter a string of characters to be used by the encryption algorithm. You do not have to remember this string in the future. It is used to add an external factor to the encryption algorithm, making it more difficult for anyone to break the encryption. For this reason, you should enter a string that is not likely to be guessed. A long string with a good mixture of uppercase and lowercase letters, digits, spaces, and punctuation characters contributes to more secure encryption.

    Strength

    The length (in bits) of the keys to be generated. The longer the key, the more difficult it is for someone to break the encryption.

    If you have the exportable WebLogic Server version, this field does not appear. 512-bit keys are generated. With the domestic version, you can choose 512-, 768-, or 1024-bit keys. 1024-bit is recommended.

  4. Click Generate Request.

    The Servlet displays messages if any required fields are empty or if any fields contain invalid values. Click Back in your browser and correct any errors.

    When all of the fields have been accepted, the Servlet displays the Certificate Request, the name of your private key file, and the name of the certificate request file.

  5. Make a backup copy of the key file and CSR on a floppy disk. Store the backup copy in a safe, private place.

  6. Return to the Enrollment Pages and follow the instructions in Enrollment Step 4: Submit CSR to submit your CSR.

Additional Information

Refer to Using WebLogic SSL for additional instructions on installing your certificate and configuring WebLogic SSL.