Create CSR and apply SSL certificate in Weblogic on Linux OS
1. Backup existing pskey file
Location $PS_CFG_HOME/webserv/<webDomain>/piaconfig/keystore/pskey
2. Keep keystore password handy and run under mentioned command to generate CSR.
$PS_CFG_HOME/webserv/<webDomain>/piabin/pskeymanager.sh -create
PeopleSoft PSKeyManager:
Enter your current keystore password [press ENTER to quit]:
Passw0rd
Note: The specified keystore password is just an example.
Generate new keys
All certificates and keys require an alias that they will be referenced by.
Press ENTER to use local machine name, to exit enter 'QUIT'.
Specify an alias for this certificate [testserver1]:
xyz
Specify a common name for this certificate.
For server certificates specify the host name as requested by clients.
For client certificates specify the name is the name of the client.
What is the common name for this certificate ['xyz'] ?
xyz.com
What is the name of your organizational unit?
IT
What is the name of your organization?
XYZ
What is the name of your City or Locality?
Plano
What is the name of your State or Province?
TX
What is the two-letter country code for this unit?
US
How many days should this certificate request be valid for [90]?
365
Note: You can enter number of days as per your requirement. e.g. 365/730
What key size would you like to use [2048]?
Note: Press Enter key to accept the default value.
What key algorithm would you like to use [RSA]?
What key signing algotithm would you like to use [SHA256withRSA]?
Enter a private key password (press ENTER to use keystore password):
PvtPassw0rd
Note: Please enter private key password as per your requirement and make a note of private key password. The specified password is just an example
Is the above information correct (yes/no/quit) [yes] ?
yes
Generating private key.
What is your first and last name?
[Unknown]: What is the name of your organizational unit?
[Unknown]: What is the name of your organization?
[Unknown]: What is the name of your City or Locality?
[Unknown]: What is the name of your State or Province?
[Unknown]: What is the two-letter country code for this unit?
[Unknown]: Is CN=xyz.com, OU=IT, O=XYZ, L=Plano, ST=TX, C=US correct?
[no]:
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore
Generating Certificate signing request 'CSR'.
Provide this CSR to a Certificate Authority for signing.
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore
Contents of Certificate signing request for xyz:
-----BEGIN NEW CERTIFICATE REQUEST-----
.
.
.
.
-----END NEW CERTIFICATE REQUEST-----
Certificate signing request also written to xyz-certreq.txt
3. Get the CSR signed by Certificate Authority.
Please share the generated CSR with Certificate authority. In this case the file xyz-certreq.txt
4. Apply certificate received from Certificate Authority.
Extract root and intermediate certificate and put it into a text file in following order
Server Certificate
Intermediate Certificate
Root Certificate
Suppose you created a text file as per above mentioned instructions at /tmp/signed.cer
$PS_CFG_HOME/webserv/<webDomain>/piabin/pskeymanager.sh -import /tmp/signed.cer
It will ask you to enter keystore password a the command prompt and alias for the certificate
5. Configuring the WebLogic Server to use the keystore.
Login to WebLogic console
Click on "Lock and Edit"
Navigate to Environment, Servers, PIA
Go to keystores tab
Select 'Custom Identity and Custom Trust'
Enter keystore password at Custom Identity Keystore Passphrase field and Confirm Custom Identity Keystore Passphrase field.
Click on ‘SSL’ tab; update alias and private key passphrase, click on Save button and Release configuration.
sign out from the Weblogic console.
Also Login to PIA and update intermediate and root at Digital Certificates and then bounce PIA.
1. Backup existing pskey file
Location $PS_CFG_HOME/webserv/<webDomain>/piaconfig/keystore/pskey
2. Keep keystore password handy and run under mentioned command to generate CSR.
$PS_CFG_HOME/webserv/<webDomain>/piabin/pskeymanager.sh -create
PeopleSoft PSKeyManager:
Enter your current keystore password [press ENTER to quit]:
Passw0rd
Note: The specified keystore password is just an example.
Generate new keys
All certificates and keys require an alias that they will be referenced by.
Press ENTER to use local machine name, to exit enter 'QUIT'.
Specify an alias for this certificate [testserver1]:
xyz
Specify a common name for this certificate.
For server certificates specify the host name as requested by clients.
For client certificates specify the name is the name of the client.
What is the common name for this certificate ['xyz'] ?
xyz.com
What is the name of your organizational unit?
IT
What is the name of your organization?
XYZ
What is the name of your City or Locality?
Plano
What is the name of your State or Province?
TX
What is the two-letter country code for this unit?
US
How many days should this certificate request be valid for [90]?
365
Note: You can enter number of days as per your requirement. e.g. 365/730
What key size would you like to use [2048]?
Note: Press Enter key to accept the default value.
What key algorithm would you like to use [RSA]?
What key signing algotithm would you like to use [SHA256withRSA]?
Enter a private key password (press ENTER to use keystore password):
PvtPassw0rd
Note: Please enter private key password as per your requirement and make a note of private key password. The specified password is just an example
Is the above information correct (yes/no/quit) [yes] ?
yes
Generating private key.
What is your first and last name?
[Unknown]: What is the name of your organizational unit?
[Unknown]: What is the name of your organization?
[Unknown]: What is the name of your City or Locality?
[Unknown]: What is the name of your State or Province?
[Unknown]: What is the two-letter country code for this unit?
[Unknown]: Is CN=xyz.com, OU=IT, O=XYZ, L=Plano, ST=TX, C=US correct?
[no]:
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore
Generating Certificate signing request 'CSR'.
Provide this CSR to a Certificate Authority for signing.
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore
Contents of Certificate signing request for xyz:
-----BEGIN NEW CERTIFICATE REQUEST-----
.
.
.
.
-----END NEW CERTIFICATE REQUEST-----
Certificate signing request also written to xyz-certreq.txt
3. Get the CSR signed by Certificate Authority.
Please share the generated CSR with Certificate authority. In this case the file xyz-certreq.txt
4. Apply certificate received from Certificate Authority.
Extract root and intermediate certificate and put it into a text file in following order
Server Certificate
Intermediate Certificate
Root Certificate
Suppose you created a text file as per above mentioned instructions at /tmp/signed.cer
$PS_CFG_HOME/webserv/<webDomain>/piabin/pskeymanager.sh -import /tmp/signed.cer
It will ask you to enter keystore password a the command prompt and alias for the certificate
5. Configuring the WebLogic Server to use the keystore.
Login to WebLogic console
Click on "Lock and Edit"
Navigate to Environment, Servers, PIA
Go to keystores tab
Select 'Custom Identity and Custom Trust'
Enter keystore password at Custom Identity Keystore Passphrase field and Confirm Custom Identity Keystore Passphrase field.
Click on ‘SSL’ tab; update alias and private key passphrase, click on Save button and Release configuration.
sign out from the Weblogic console.
Also Login to PIA and update intermediate and root at Digital Certificates and then bounce PIA.
