1. Set the environment.

setEnv.sh

2. Run the following command.

>>> "genkey" Generates a new private key entry and self-signed digital certificate
in a keystore. If the keystore does not exist, it is created. <<<

keytool -genkey -alias support -keyalg RSA -keysize 1024 -dname "CN=www.bea.com,
OU=Support, O=BEA Systems Inc, L=Burlington, S=Massachusetts, C=US " -keypass
weblogic -keystore <BEAHOME>\user_projects\ssl_domain\support.jks -storepass
support

3.Next command:

>>> "certreq" Generates a CSR, using the PKCS#10 format. Sent the CSR to be sent
to a trusted CA. The trusted CA authenticates the certificate requestor and
returns a digital certificate to replace the existing self-signed digital
certificate in the keystore. <<<

keytool -certreq -alias support -sigalg "MD5withRSA" -file

<BEAHOME>\user_projects\ssl_domain\certreq.pem -keystore
<BEAHOME>\user_projects\ssl_domain\support.jks -storepass support

4. Once CSR file is generated, send it to Certification Authority (CA). You will
get mail in response.

5. Steps are provided to download the rootCA, Click on the link to download
rootCA and save the file with '.cer' extension.

6. Second step is to install signed certificate. You can find at the end of the
e-mail content.

7. copy from
------BEGIN CERTIFICATE---------

------END CERTIFICATE-----------

8. Paste it in notepad and save it as supportcert.pem (remove white space if

present)

9.Run the following command:

>>> "import trustcacerts" Loads a trusted CA certificate into a keystore. If the

keystore does not exist, it is created. <<<

keytool -import -alias rootca -trustcacerts -file

<BEAHOME>\user_projects\ssl_domain\rootCA.cer -keystore
<BEAHOME>\user_projects\ssl_domain\supporttrust.jks -storepass rootca

10. Hit enter. It will prompt for trust this certificate. Say "Yes"

11. keytool -import -trustcacerts -alias support -file

<BEAHOME>\user_projects\ssl_domain\supportcert.pem -keypass weblogic -keystore
<BEAHOME>\user_projects\ssl_domain\support.jks -storepass support

12. Hit enter. It will prompt for trust this certificate. Say "Yes"
 13. If you get an error message that states "failed to establish chain from
reply" then you need to add intermediate CA Certificate to your custom trust
keystore.

14. Cross for the following files in your domain directory:

a)certreq.pem.
b)rootCA.cer
c)support.jks
d)supportcert.pem
e)supporttrust.jks

15. Start weblogic server and configure SSL

16. In console:
click-->myServer-->configuration-->General. Scroll down till SSL
click-->myServer-->configuration-->parameter is visible.

18. Check the SSL Listen Port Enabled. Default port is 7002. Then click on apply.

19. Click on Keystore & SSL tab. Click on "change" link.

20. Choose "Custom Identity and Custom Trust" . Enter the details for custom
identity and custom trust. Then click on "continue".

21. Enter the details for SSL Private key setting. Then click on continue.
Finally click on "Finish".

22. Restart the weblogic server.

23. Open new browser window and type the following https://localhost:7002/console

24. Enter the user name and password.

25. Once you login and able to see console window, it is confirmed that SSL is
configured properly.