SupraLink Solutions
Internet Solutions Provider
7527 Papineau Avenue
Montréal, Québec
Canada H2E 2G9
Telephone: 514.906.1536
Fax: 514.906.1738
Driving Directions: Link to Yahoo Maps
BEA WebLogic 6
Generate a Certificate Signing Request — CSR

Follow these instructions to generate a CSR for your Web site. When you have completed this process, click the Close button above to close this window and continue to the next step.

Obtaining a Private Key and Digital Certificate
You need a private key and digital certificate for each deployment of WebLogic Server that will use the SSL protocol. To acquire a digital certificate from a certificate authority, you must submit your request in a particular format called a Certificate Signature Request. WebLogic Server includes a Certificate Request Generator servlet that creates a CSR. The Certificate Request Generator servlet collects information from you and generates a private key file and a certificate request file. You can then submit the CSR to a certificate authority such as VeriSign, GeoTrust or SupraLink. Before you can use the Certificate Request Generator servlet, WebLogic Server must be installed and running.

Please note that if you obtain a private key file from a source other than the Certificate Request Generator servlet, verify that the private key file is in PKCS#5/PKCS#8 PEM format.

To generate a CSR, perform the following steps:

  1. Start the Certificate Request Generator servlet. The .war file for the servlet is located in the \wlserver6.1\config\\applications directory. The .war file is automatically installed when you start WebLogic Server.
  2. In a Web browser, enter the URL for the Certificate Request Generator servlet as follows: https://hostname:port/certificate/

    The components of this URL are defined as follows:
    • hostname is the DNS name of the machine running WebLogic Server.
    • port is the number of the port at which WebLogic Server listens for SSL connections. The default is 7002. 
      For example, if WebLogic Server is running on a machine named supralink and it is configured to listen for SSL communications at the default port 7002 to run the Certificate Request Generator servlet, you must enter the following URL in your Web browser:
      https://supralink:7002/certificate/
  3. The Certificate Request Generator servlet loads a form in your Web browser. Complete the form displayed in your browser, using the information in the following table: 

     Distinguished
     Name Field    		  Explanation  Example
    Country The two-letter ISO abbreviation for your country. CA
    Organization The exact legal name of your organization. Do not abbreviate. SupraLink
    Organizational Unit Section of the organization.

    Marketing
    Email Address E-mail address of the administrator; the digital certificate is mailed to this e-mail address. email@domain.com
    Full Host Name Fully qualified name of the WebLogic Server on which the digital certificate will be installed. This name is the one used for DNS lookups of the WebLogic Server. If you intend to secure the URL https://www.supralink.com/,
    then your CSR's server hostname
    must be www.supralink.com
    Locality Name Name of your city or town. If you operate with a license granted by a city, this attribute is required; you must enter the name of the city that granted your license. Montreal
    State or Province Name The state or province where your organization is located. Cannot be abbreviated. Quebec

  4. The password used to encrypt the private key. Enter a password in the field Private Key Password if you want to use a protected key with WebLogic Server. If you choose to use a protected key, you are prompted for the password whenever the key is used. If you specify a password, you get a PKCS-8 encrypted private key. SupraLink recommends using a password to protect private keys. If you do not want to use a protected key, leave this field blank. To use protected private keys, enable the Key Encrypted attribute on the SSL tab of the Server window in the Administration Console.
  5. The length (in bits) of the keys to be generated. The longer the key, the more difficult it is for someone to break the encryption. If you have the domestic version of WebLogic Server, you can choose 512, 768, or 1024-bit keys. The 1024-bit key is recommended. Please note that this field only appears on the domestic version of the Certificate Request Generator servlet. 
  6. Click the Generate Request button. The Certificate Request Generator servlet displays messages informing you if any required attributes are empty or if any attributes contain invalid values. Click the Back button in your browser and correct any errors. 

    When all attributes have been accepted, the Certificate Request Generator servlet generates the following files in the startup directory of your WebLogic Server:
    • www__com-key.der — The private key file. The name of this file should go into the Server Key File Name attribute field on the SSL tab in the Administration Console.
    • www__com-request.dem — The certificate request file, in binary format.
    • www__com-request.pem — The CSR file that you submit to the certificate authority. It contains the same data as the .dem file but is encoded in ASCII so that you can copy it into e-mail or paste it into a Web form. 
  7. Select a certificate authority and follow the instructions on that authority's Web site to purchase a digital certificate.
  8. When you are instructed to select a server type, choose BEA WebLogic Server to ensure that you receive a digital certificate that is compatible with WebLogic Server.
  9. When you receive your digital certificate from the certificate authority, you need to store it in the \wlserver6.1\config\ directory.
  10. Configure WebLogic Server to use the SSL protocol, you need to enter the following information on the SSL tab in the Server Configuration window:
    • In the Server Certificate File Name attribute, enter the full directory location and name of the digital certificate that establishes the identity of WebLogic Server.
    • In the Trusted CA File Name attribute, enter the full directory location and name of the digital certificate for the certificate authority who signed the digital certificate of WebLogic Server.
    • In the Server Key File Name attribute, enter the full directory location and name of the private key file for WebLogic Server.
  11. If you are using a protected private key, use the following command-line option to start WebLogic Server.

         Dweblogic.management.pkpassword=password

    where password is the password for the private key.

Innovating Information Security
SupraLink, in partnership with GeoTrust, the leading provider of next generation information security services, delivers secure e-commerce transactions, identity verification and authentication solutions to the global web community. SupraLink ensures a new level of e-business security — your first step toward leveraging the full business potential of the Internet.