Skip to main content

Entrust SSL/TLS Certificate Installation Instructions - Weblogic

User-added image
Purpose: SSL/TLS Certificate Installation Guide
For Weblogic 12+
User-added image
Skip to Installation

Need Certificate Signing Request (CSR) help? Read our technote here .

NOTE:
As of November 12, 2024, Entrust introduced a new TLS certificate hierarchy as part of the deployment. The TLS certificate delivery now includes two certificate chains. The delivery of these certificate chains can be in the form of:

  • Intermediate 1 (filename: intermediate1.crt ) and Intermediate 2 (filename: intermediate2.crt ) or
  • Concatenate PEM file (filename: CertificateBundle1.pem ) or
  • P7B format file (filename: Certificatebundle.p7b )

Both intermediate/chain certificates must be installed in your environment.

Before you Begin...

  • The steps to import the certificate require a utility called Keytool. All of the steps below will be performed using Java keytool.

  • Important: In order to install your certificate, you must use the same keystore that was created when you requested the certificate.  You must also use the same keystore alias name that was used when the keystore and corresponding private key were generated.

  • Never share private keys or keystore files.

  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method ( e-mail is not considered a secure method of transfer ).

  • It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.

  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.

  • For more information on SSL/TLS Best Practices, click here .

Installing your Entrust SSL/TLS Certificate on a Weblogic Server

1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a file named CertificateBundle.p7b .  This file includes the entire certificate chain.

2. Type and run the following command on your Tomcat server – the sections that are underlined in this command are variables based on your keystore file name and the alias name you used to create your keystore and Certificate Signing Request.

Please note : It is recommended that you type the command into your terminal instead of pasting the command.

keytool –import -trustcacerts -alias server –file CertificateBundle.p7b -keystore yoursite.jks

  • You will be prompted to supply your keystore password. You must supply the password to complete the import process.

  • If a prompt appears asking you if you want to trust the certificate, enter yes .

  • If the certificate installs correctly, you will see a message in the prompt that states “ Certificate reply was installed in keystore

3. In Weblogic server administration, expand Servers and select the server you need to update.

4. Select Configuration -> Keystores -> SSL.

5. Click the Change link under Keystore Configuration.

6. Select Custom Identity and Java Standard Trust as the keystore configuration type and continue.

7. For the Custom Identity Keystore File Name , enter the path to your Java keystore. Select Keystore type as jks .

8. Enter your Custom Identity Keystore Passphrase as the password you used when you created the Java keystore

9. Confirm the password, click Continue and then Finish .

10. Go back under Servers and select the server that you are working with.

11. Select Configuration -> Keystores -> SSL.

12. Under Configure SSL , select Keystores as the method for storing identities.

13. Enter the server certificate key alias (in this example, myalias was used), and the keystore password

14. Click Finish to finalize the changes. You will need to reboot Weblogic for those changes to take effect.

Your SSL/TLS Certificate should now be installed. If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance.

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088