Obtain and Install CA Certificates in Oracle WebLogic Server

The deployment of JD Edwards EnterpriseOne Server Manager Console and Server Manager agents includes temporary self-signed Certificate Authority (CA) certificates. Self Signed Certificates are not inherently trusted by the JDK / JRE / Java distributions and are not recommended for Production environments. Because self-signed certificates are set to expire at preset and non-extendable times, you must obtain and install your own CA certificates. These must be certificates that are verified by a verified CA authority such as Entrust, Symantec Corporation, or Thawte.

The following outlines the general procedure to create a Keystore and to generate a Certificate Signing Request (CSR).

1. In your local environment, obtain and install a Java Keystore. This is a repository for security certificates - either authorization certificates or public key certificates - plus corresponding private keys. These keys are used for SSL encryption by the Oracle WebLogic Server. A file with extension jks serves as keystore.

2. From the Keystore, generate a Certificate Signing Request (CSR).

3. Export the Certificate Signing Request (CSR).

4. Validate the CSR. For example, you could use the validation tools provided by Symantec (https://ssltools.websecurity.symantec.com/checker).

5. Submit the CSR to the Certificate Authority such as Entrust or Symantec Corporation.

6. Logged in as the WebLogic Adminstrator, you must manually modify of Oracle WebLogic Server to use the new Keystore.

Tip:

For additional details on working with CA certificates on your Oracle WebLogic Server, refer to this guide: Fusion Middleware Administering Security for Oracle WebLogic Server 12.1.3 at this link:

https://docs.oracle.com/middleware/1213/wls/SECMG/ssl_overview.htm#SECMG718