This appendix explains how to use keystores in WebLogic Server version 12.1.2 or later together with keystores in a previous version of WebLogic Server.
If you are using WebLogic Server version 12.1.2 or later together with a previous version of WebLogic Server, be aware that the demo trust keystore of the previous versions does not contain the demo CA certificate used by version 12.1.2 and later. Therefore, if a 12.1.2 or later instance of WebLogic Server sends its public certificate to an instance of WebLogic Server running a prior version, that public certificate will not automatically be trusted.
For interoperability with prior releases, you can use either of the following methods:
Use the system property -Dsecurity.use.interopCA=true to generate interoperable demo certificates signed by the previous demo CA certificate.
On the 12.1.2 instance of WebLogic Server, use the CertGen utility with the -cacert -cakey arguments to generate demo certificates signed by the previous demo CA certificate. Then, use ImportPrivateKey to import them into DemoIdentity.jks, as shown in the following example:
java utils.CertGen
-certfile <cert_file>
-keyfile <private_key_file>
-keyfilepass DemoIdentityPassPhrase
-cacert $WL_HOME/server/lib/CertGenInteropCA.der
-cakey $WL_HOME/server/lib/CertGenInteropCAKey.der
-cakeypass password
java utils.ImportPrivateKey
-certfile <cert_file>
-keyfile <private_key_file>
-keyfilepass DemoIdentityPassPhrase
-keystore DemoIdentity.jks
-storepass DemoIdentityKeyStorePassPhrase
-alias DemoIdentity
-keypass DemoIdentityPassPhrase