EssentialSSL Certificate Installation: BEA Systems Weblogic

BEA Weblogic Certificate Installation Instructions

You will be receiving the following five files from Sectigo:

  • Root AddTrustExternalCARoot.crt
  • Intermediate CA UTNAddTrustSGCCA.crt
  • Intermediate CA ComodoUTNSGCCA.crt
  • Intermediate CA EssentialSSLCA.crt
  • domain/site certificate yourdomainname.crt

Or click to download the EssentialSSL CA files

Note: If you obtain a private key file from a source other than the Certificate Request Generator servlet, verify that the private key file is in PKCS#5/PKCS#8 PEM format.


To use a certificate chain:

  • Append the additional PEM-encoded digital certificates to the digital certificate that issued for the WebLogic Server (the intermediate CA certificate).
  • The last digital certificate in the file chain will be the Root certificate that is self-signed. (example below:)


They must be pasted this in order:

  • EssentialSSLCA.crt First
  • Followed by the ComodoUTNSGCCA.crt,UTNAddTrustSGCCA.crt
  • And finally the AddTrustExternalCARoot.crt
  • Tthe result will look similar to the example below (note: no blank line between then end of one certificate and the start of the next):


-----BEGIN CERTIFICATE-----
MIIEyDCCBDGgAwIBAgIEAgACmzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
.....
zs1x+3QCB9xfFScIUwd21LkG6cJ3UB7KybDCRoGAAK1EqlzWINlVMr5WlvHqvaDj
vA2AOurM+5pX7XilNj1W6tHndMo0w8+xUengDA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEmTCCA4GgAwIBAgIQPToFJgm2LuWMNik4Y1ThJDANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
.....
xxXAVEvJZhYpY99xq7YHkvrzT/Ix1jLQTTXbW4m4CORo3thHy9de6BaylCGcalu/
tIGG3cXyqHE+3adKtfr4bDs0mptYfU3U01tTI2tJOBahmJ+EXquuP67Of8gX5DKr
xNMvmpAxwpJTlu1yp/7E2jkpUWjtkI2Xjv5FGbc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEhjCCA26gAwIBAgIQUkIGSk83/kNpSHqWZ/9dJzANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
.....
7uRJQ8E5fc8vlqd1XX5nZ4TlWSBAvzcivwdDtDDhQ4rNA11tuSnZhKf1YmOEhtY3
vm9nu/9iVzmdDE2yKmE9HZzvmncgoC/uGnKdsJ2/eBMnBwpgEZP1Dy7J72skg/6b
kLRLaIHQwvrgPw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
.....
IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
-----END CERTIFICATE-----


Configure WebLogic Server to use the SSL protocol
you need to enter the following information on the SSL tab in the Server Configuration window:

  • In the Server Certificate File Name field, enter the full directory location and name of the digital certificate for WebLogic Server.
  • In the Trusted CA File Name field, enter the full directory location and name of the digital certificate for Comodo who signed the digital certificate of WebLogic Server.
  • In the Server Key File Name field, enter the full directory location and name of the private key file for WebLogic Server.
  • Use the following command-line option to start WebLogic Server.
    • Dweblogic.management.pkpassword=password where password is the password defined when requesting the digital certificate.


Storing Private Keys and Digital Certificates

  • Once you have a private key and digital certificate
  • copy the private key file generated by the Certificate Request Generator servlet and the digital certificate you received into the mydomain directory.
  • Private Key files and digital certificates are generated in either PEM or Definite Encoding Rules (DER) format.
  • The filename extension identifies the format of the digital certificate file.
  • A PEM (.pem) format private key file begins and ends with the following lines, respectively:

-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
A PEM (.pem) format digital certificate begins and ends with the following lines, respectively:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

Note: Typically, the digital certificate file for a WebLogic Server is in one file, with either a .pem or .der extension, and the WebLogic Server certificate chain is in another file. Two files are used because different WebLogic Servers may share the same certificate chain.

  • The first digital certificate in the certificate authority file is the first digital certificate in the WebLogic Server's certificate chain.
  • The next certificates in the file are the next digital certificates in the certificate chain.
  • The last certificate in the file is a self-signed digital certificate that ends the certificate chain.
  • A DER (.der) format file contains binary data. WebLogic Server requires that the file extension match the contents of the certificate file.


​​​​​​​Note: If you are creating a file with the digital certificates of multiple certificate authorities or a file that contains a certificate chain, you must use PEM format. WebLogic Server provides a tool for converting DER format files to PEM format, and visa versa.