Regenerate the DemoIdentity.jks and DemoTrust.jks keystores
By default, WebLogic Server is configured with two keystores:
• DemoIdentity.jks—Contains a demonstration private key for WebLogic Server. This keystore contains the identity for WebLogic Server.
• DemoTrust.jks—Contains the trusted certificate authorities from the WL_HOME\server\lib\DemoTrust.jks and the JDK cacerts keystores. This keystore establishes trust for WebLogic Server.
These keystores are located in the WL_HOME\server\lib directory.
NOTE: We do not use the demonstration keystores in a production environment.
Let’s See how we can regenerate the DemoIdentity.jks and DemoTrust.jks keystores.
By default, WebLogic Server is configured with two keystores:
• DemoIdentity.jks—Contains a demonstration private key for WebLogic Server. This keystore contains the identity for WebLogic Server.
• DemoTrust.jks—Contains the trusted certificate authorities from the WL_HOME\server\lib\DemoTrust.jks and the JDK cacerts keystores. This keystore establishes trust for WebLogic Server.
These keystores are located in the WL_HOME\server\lib directory.
NOTE: We do not use the demonstration keystores in a production environment.
Let’s See how we can regenerate the DemoIdentity.jks and DemoTrust.jks keystores.
1.Re-generating DemoIdentity.jks
Set Class Path by running below
. <WL_HOME>/server/bin/setWLSEnv.sh (Unix) (use the 'dot' to run the script in the same shell)
• Execute this command to generate identity entities (certificate plus key):
java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey -strength 1024
NOTE: This would create the files in the present working directory.
• Execute this command to import the identiy entities into Java Keystore:
java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile demokey.pem -keyfilepass DemoIdentityPassPhrase -certfile democert.pem -alias demoidentity
NOTE: This would create "DemoIdentity.jks" in the present working directory.
• Confirm that the certificate (along with key) is imported:
keytool -list -v -keystore DemoIdentity.jks
2.Re-generating DemoTrust.jks
Set Class Path by sourcing setWLSEnv.sh
. <WL_HOME>/server/bin/setWLSEnv.sh (Unix) (use the 'dot' to run the script in the same shell)
• Execute below command to import the Demo CA into DemoTrust.jks:
keytool -importcert -trustcacerts -alias wlscertgencab -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -file <WL_HOME>\server\lib\CertGenCA.der
NOTE: This would create "DemoTrust.jks" in the present working directory if there is no file named "DemoTrust.jks" present there. However, if there is any such keystore file already present in the present directory, then it would simply import the certificate as a trusted entry into this keystore file. A path can also be prefixed to the keystore name in the command argument "-keystore" above such that the keystore is created at the specified location instead of in present working directory.
