Keytool binary is a java tool provided by JDK/ JRE ($JAVA_HOME/bin)
- To create a keypair using java keytool (only if using well-known CA) :
- To create CSR to send it to PKI (internal or CA) :
- Send .pem file to your CA to ask your certificate.
To create a self-singed certificate, use the following command :
To be able to import your CA in truststore, you need to export it first :
Add your CA to a custom or existing truststore is a mandatory step to authorize Weblogic Server to use this certificate and to avoid Handshake errors
- To add certificate CA to a truststore :
When adding a CA to a trustsotre, it is mandatory to add ROOT CA and any intermediate CA. .
The provided exemple shows how to add a certificate isssued by mywlsca depending of root CA myCA.