B Interoperating With Keystores From Prior Versions
If you are using WebLogic Server version 12.1.2 or later together with an earlier version of WebLogic Server, be aware that the demo trust keystore of the earlier versions does not contain the demo CA certificate used by version 12.1.2 and later. Therefore, if a 12.1.2 or later instance of WebLogic Server sends its public certificate to an instance of WebLogic Server running an earlier version, that public certificate will not automatically be trusted.
For interoperability with prior releases, you can use either of the following methods:
-
Use the system property
-Dsecurity.use.interopCA=true
to generate interoperable demo certificates signed by the previous demo CA certificate. -
On the 12.1.2 or later instance of WebLogic Server, use the CertGen utility with the
-cacert
-cakey
arguments to generate demo certificates signed by the previous demo CA certificate. Then, useImportPrivateKey
to import them intoDemoIdentity.jks
, as shown in the following example:java utils.CertGen -certfile <cert_file> -keyfile <private_key_file> -keyfilepass DemoIdentityPassPhrase -cacert $WL_HOME/server/lib/CertGenInteropCA.der -cakey $WL_HOME/server/lib/CertGenInteropCAKey.der -cakeypass password java utils.ImportPrivateKey -certfile <cert_file> -keyfile <private_key_file> -keyfilepass DemoIdentityPassPhrase -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -alias DemoIdentity -keypass DemoIdentityPassPhrase