3 Replies Latest reply: Mar 11, 2013 11:20 AM by MarianoP76 RSS

    Which provider for a demo SSL certificate ?

    user13129417
      Hi all,
      I'd need configuring SSL for my Oracle Weblogic 12c cluster. I'd like to start with a demo certificate, can you recommend a provider which is able to generate a demo RootCA compatible with Oracle Weblogic ? by the way, is is mandatory to have also the intermediate certificate from the Authority, in order to complete the SSL configuration ?
      Thanks
      Frank
        • 1. Re: Which provider for a demo SSL certificate ?
          MarianoP76
          WebLogic comes installed with a Demo Certificate that can be used for testing.
          Another option is to generate a "self signed certificate" (see for example steps 1, 4 in http://www.akadia.com/services/ssh_test_certificate.html), or use a free trial certificate from certification authorities (for example : https://www.symantec.com/ssl-certificates).

          Bye

          Mariano
          • 2. Re: Which provider for a demo SSL certificate ?
            user13129417
            Thanks for your reply. Well I've followed several tutorials about SSL configuration on Weblogic. I'm able to import the RootCA

            *keytool -import -trustcacerts -alias rootcacert -keystore [keystore_name].jks -file rootCA.cer -storepass [keyStorePassword]*

            and the IntermediateCA using

            *keytool -import -trustcacerts -alias intermediatecacert -keystore [keystore_name].jks -file intermediateCA.cer -storepass [keyStorePassword]*

            However if I try to import Server Certificate into the Keystore identity:

            *keytool -import -alias myAlias -keystore [keystore_name].jks -file servercert.cer -keypass [keyPassword] -storepass [keyStorePassword]*

            Here's the error returned:

            Error keytool: java.security.cert.CertificateException: sun.security.pkcs.ParsingException: ObjectIdentifier() -- data isn't an object ID (tag = 48)

            Any idea how to fix it ?
            Thanks
            Frank
            • 3. Re: Which provider for a demo SSL certificate ?
              MarianoP76
              It seems an error related to the format of the certificate you are importing. Please check if it is a binary file or a text file and try transferring it again with the correct ftp options (ascii/binary). See also this thread for additional hints about the certificate format: Error Importing Certificate file Using Keytool

              Other hints are:
              - import the CA certificate in the trust keystore, not in the identity one ( ${JAVA_HOME}/jre/lib/security/cacerts )
              - use the same "-alias myAlias" you used when you gereated the private key and the certificate request (this ensures the signed certificate is chained with the private key: in the keystore you have to see a certificate chain composed by 2 certificates, not two distinct certificates).
              - use the option -trustcacerts also in the last import commoand (to use trusts found into ${JAVA_HOME}/jre/lib/security/cacerts keystore)

              I hope this helps

              Mariano