How to Generate a CSR for BEA Weblogic 10

You will need to create a key pair for your server to generate a CSR. These two items are a digital certificate key pair and must not be separated. Losing your public/private key file or password will result in you havinf to generate a new one, causing your SSL Certificate to no longer match. You will have to order a new SSL Certificate and which may result in a charge.

Instructions on how to generate a Certificate Singing Request for BEA Weblogic Server 10:

  1. Using the java keytool command line utility, the first thing you need to do is create a keystore and generate the key pair. Do this with the following command: keytool -genkey -keysize 2048 -keyalg RSA -alias tomcat -keystore mykeystore

  2. You will be prompted for a password for the keystore. Tomcat uses a default password of "changeit". Hit enter if you want to keep the default password. You will need to specify a custom password in the server.xml configuration file if you use a different password.

  3. You will be prompted for a password for the private key within the keystore. If you press enter at the prompt, the key password is set to the same password as that used for the keystore from the previous step. The key password must be at least 6 characters long. Make a note of the passwords. If lost they cannot be retrieved.

  4. You will be asked for several pieces of info which will be used by VeriSign to create your new SSL certificate. These fields include the mandatory fields Common Name (aka domain, FQDN), Organization Name, Organizational Unit, Locality, State/Region, Country (two-letter ISO code).

    Note: The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &

    At this prompt, you must specify the Common Name of the web site you want to protect (e.g., not your real first and last name.

  5. Now generate the Certificate Signing Request (CSR) from the private key generated above using the following command: keytool -certreq -alias tomcat -file yourdomain.csr -keystore mykeystore

    This creates a CSR and stores it in a file named yourdomain.csr.

  6. Verify your CSR

  7. Save a copy of your CSR. The CSR will be needed during the online order process. You'll be asked to copy-and-paste your CSR into a special CSR box.