Created Private Key & Self signed certficate in a Key Store
keytool -genkey -alias mydomain -keystore mydomain.ks -dname cn=mydomain.com -keyalg RSA -sigalg SHA1withRSA
Created Certificate Request and sent to Internal CA
keytool -certreq -alias mydomain -keystore mydomain.ks -file mydomain_project.csr
Once Internal(Company) CA issues the certificate - which looks like something like this
e.g. -----BEGIN CERTIFICATE----- MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6 -----END CERTIFICATE-----
Copied this to a .pem file
Update the self signed certifcate in (identity) KeyStore with CA signed certificate & Created a new Java Key Store(Trust) CA signed certificate(using the .pem file)
keytool -import -alias mydomain -trustcacerts -file company_cert.pem -keystore mydomain.ks
keytool -import -alias mydomain -trustcacerts -file company_cert.pem -keystore trust.jks
On Weblogic I imported the keystores as follows and Enabled SSL.
Identity - mydomain.ks (with Private Key + CA certificate)
Trust - trust.jks (which has CA certificate)
Issue: Once I hit my internal site deployed on the weblogic. I get a message - Not a trusted certificate. I then download the certifcate from the browser only then https works.but the certificate shows it is signed bythe domain name I gave, instead of my Internal CA name.
Question: I expected it to work(with out actually downloading again) as I already have Internal CA certificates and other internal applications work on https. Did I do any thing wrong?
