3.4.1 About Obtaining and Importing Trusted Certificate

The Trusted Certificate needs to be obtained from the CA and imported into the identity store.

Obtaining Trusted Certificate from CA

The processes of obtaining a trusted certificate vary from one CA to another. The CA might perform additional offline verification. Consult the CA issuing the certificate for details on the process to be followed to submit the CSR and obtain the certificate.

Importing Certificate into Identity Store

Store the certificate obtained from the CA in the previous step, in a file, preferably in PEM format. Other formats like the p7b file format would require conversion to the PEM format. Details on performing the conversion are not listed here. Refer to the Oracle Weblogic Server documentation on Securing Oracle Weblogic Server, for details on converting a Microsoft p7b file to the PEM format.

The command to be executed for importing a certificate into the identity store depend on whether the trust store is chosen (in the earlier step; see section 2 of this document). It is highly recommended to verify the trust path when importing a certificate into the identity store. The commands provided below assume the use of the Java Standard Trust store.

For information on importing the intermediate CA certificate and identity certificate, refer to the below topics:

• Import Intermediate CA Certificate
  You need to import the intermediate CA certificate into the identity keystore. Most Certificate Authorities do not use the root CA certificates to issue identity certificates for use by customers. Instead, Intermediate CAs issue identity certificates in response to the submitted CSRs.
• Import Identity Certificate
  You can import the identity certificate into the keystore using the command.