Top Web Hosts >> Forums >> Java Programming

  How do you install Godaddy SSL Certificate on Weblogic 10.3?
  Name : Aladar     Date : 10-11-29 02:45     Hit : 11769    
  Trackback : (2.2K), Down : 397, 2010-11-29 02:45:00
   ImportKey.class (3.2K), Down : 14, 2010-11-29 02:45:00¡¦ (720)¡¦ (1165)
We've renewed Godaddy SSL certificate without having to regenerate the private Key or CSR. How do we install the SSL Certificate?  I've spent a good day trying to figure this out, and here is how it worked.

1. We have identity.jks and trust.jks files that worked past year. We only have to regenerate the identity.jks keystore file.

2. Godaddy provided two certificate files gd_bundle.crt and certificate.crt files. We only need to regenerate the identity.jks keystore file from the certificate.crt file as we already have rootca certificated imported in the trust.jks keystore file.

3. We have to extract the Private Key from the existing identity.jks keystore. To do this we'll need the file (attached to this article). Download the file and perform the following command.

C:\> java -jar {keystore_path} JKS {keystore_password} {alias} {target_file}

We now have the private key file, say "private.key".

4. Now, we need to import the private key/ certificate pair to the identity.jks keystore. To do this, perform the following:

% openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
% openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
% set CLASS_PATH=.
% java ImportKey key.der cert.der
Using keystore-file : /home/user/keystore.ImportKey
One certificate, no chain.
Key and certificate stored.
Alias:importkey  Password:importkey

5. You now have the keystore.ImportKey keystore file. Update the keystore file with the correct alias, keystore password, and key password by using the 'keytool' utility.

5a. Rename keystore.

% ren keystore.ImportKey identity.jks

5b. Change Keystore password.

% keytool -keystore identity.jks -storepasswd
Enter keystore password: 
New keystore password:
Re-enter new keystore password:

5c. Change Private Key password

% keytool -keypasswd -keypass <old_keypass> -new <new_keypass> -keystore identity.jks

5d. Change Alias

% keytool -changealias -alias <alias> -destalias <newalias> -keystore identity.jks

6. Make a backup of existing identity.jks and replace the existing identity.jks with the new, and restart the server from the Weblogic Console. If your new identity.jks didn't setup correctly, the weblogic may not start. You'll have to keep a backup of the old, in order to correct the problem.