| BEA WebLogic
7 |
| Generate a Certificate Signing
Request — CSR |
Follow these instructions to generate a CSR for your Web site. When you have completed this process, click the
Close button above to close this window and continue to the next step.
Using the Cert Gen Utility
Please note that the CertGen utility generates digital certificates and private keys that should only be used for demonstration or testing purposes and not in a production environment.
The CertGen utility creates a private key and digital certificate signed by the demonstration certificate authority (CertGenCAB). The digital certificates generate by the Cert Gen utility have the hostname of the machine on which they were generated as the common name. If you want to use host name verification, you must generate a digital certificate for every machine on which you wish to use SSL.
The CertGen utility generates two .pem files and two .der files. View the .der files in a Web browser to view the details of the generated digital certificate. Use the .pem files when you boot WebLogic Server or use the digital certificates with a client.
To generate a certificate — CSR:
- Copy the following files to the directory in which you run the CertGen utility:
- WL_HOME\server\lib\CertgenCA.der
— The digital certificate for a certificate authority trusted by WebLogic Server.
- WL_HOME\server\lib\CertGenCAKey.der
— The private key for a certificate authority trusted by WebLogic Server.
- Enter the following command at a command prompt:
prompt> java utils.CertGen password certfile keyfile [export] [hostname]
where:
- password is the password for the private key
- certfile is the name of the digital certificate file. The file is put in the domain
directory
- keyfile is the name of the generated private key file. The file is put in the domain
directory
- hostname is the name of the machine for which you are obtaining a digital certificate. This option allows you to use host name verification.
By default, the CertGen tool generates domestic strength certificates. Specify the [export] option if you want the tool to generate export strength certificates. If you want to export domestic strength digital certificates that use a host name, specify [export] as "
"
Using the Certificate Request Generator Servlet
Before using a WebLogic Server deployment in a production environment,
you need to obtain a private key and certificate from a trusted
certificate authority such as VeriSign, Entrust or GeoTrust. To
acquire a digital certificate from a certificate authority, you must
submit your request in a particular format called a CSR. The
Certificate Request Generator servlet collects information from you
and generates a private key file and a CSR. You then submit the CSR to
a certificate authority.
To generate a certificate — CSR:
-
Copy the certificate.war file to the applications directory
(copy the file before the server boots or while the server is
running). The Configuration Wizard performs this step for you.
-
In a Web browser, enter the URL for the Certificate Request
Generator servlet as follows: http (or
https)://hostname:port/certificate/
The components of this URL are defined as follows:
-
hostname is the DNS name of the machine running WebLogic Server.
-
port is the number of the port at which WebLogic Server listens for
SSL connections. The default is 7002. Any port on
which WebLogic Server listens for communications can be
specified.
For example, if WebLogic Server is running on a machine named
supralink and it is configured to listen for SSL communications at the
default port 7002 to run the Certificate Request Generator servlet,
you must enter the following URL in your Web browser:
https://supralink:7002/certificate/
-
The Certificate Request Generator servlet loads a form in your
Web browser. Complete the form displayed in your browser, using the
information in the following table:
Distinguished
Name Field |
Explanation |
Example |
| Country |
The two-letter ISO abbreviation for your
country. |
CA |
|
Organization
|
The exact
legal name of your organization. Do not abbreviate.
|
SupraLink
|
| Organizational
Unit |
Section of the organization. |
Marketing |
| Email Address |
E-mail address of the
administrator; the digital certificate is mailed to this e-mail
address. |
email@domain.com |
| Full Host
Name |
Fully qualified name of the WebLogic Server on which the digital certificate will be installed. This name is the one used for DNS lookups of the WebLogic Server, for example,
node.com. Web browsers compare the host name in the URL to the name in the digital certificate. If you change the host name later, you must request a new digital certificate. |
Je ne sais
pas si je dois écrire
cela ici
If you intend
to secure the URL https://www.supralink.com/,
then your CSR's server hostname
must be www.supralink.com |
| Locality Name |
Name of your city or town. If you operate with a license granted by a city, this attribute is required; you must enter the name of the city that granted your license. |
Montréal |
|
State or
Province Name
|
The state or
province where your organization is located. Cannot be
abbreviated.
|
Quebec |
| Private Key
Password |
The password used to encrypt the private key. Enter a password in this field if you want to use a protected key with WebLogic Server. If you choose to use a protected key, you are prompted for the password whenever the key is used. If you specify a password, you get a PKCS-8 encrypted private key. |
bestsslinusa |
|
Strength
|
The length (in bits) of the keys to be generated. The longer the key, the more difficult it is for someone to break the encryption.
If you have the domestic version of WebLogic Server, you can choose 512-, 768-, or 1024-bit keys. The 1024-bit key is recommended.
|
1024
|
-
Click Generate Request. The Certificate Request Generator servlet
displays messages informing you if any required attributes are empty
or if any attributes contain invalid values. Click Back in your Web
browser and correct any errors.
When all attributes have been accepted, the Certificate Request
Generator servlet generates the following files in the start directory
of your WebLogic Server:
-
hostname-key.der — The private
key file.
-
hostname-request.dem — The
certificate request file, in binary format.
-
hostname-request.pem — The CSR file that you submit to the
certificate authority. It contains the same data as the .dem file but
is encoded in ASCII so that it can be copied into e-mail or pasted it
into a Web form.
-
Select a certificate authority as SupraLink and follow our instructions on
our Web site to purchase a digital certificate.
Innovating Information Security
SupraLink, in partnership with GeoTrust, the leading provider of next
generation information security services, delivers secure e-commerce
transactions, identity verification and authentication solutions to
the global web community. SupraLink ensures a new level of
e-business security — your first step toward leveraging the full
business potential of the Internet.
|