My Oracle Support Banner

Getting Started with WebLogic Server: How to Configure SSL on Oracle WebLogic Server with Custom Identity and Java Standard Trust (Doc ID 1109753.1)

Last updated on JULY 06, 2021

Applies to:

Oracle WebLogic Server - Version 9.0 and later
Information in this document applies to any platform.


WebLogic Server (WLS) is configured by default with Demo Identity and Demo Trust. To use these, we just need to enable the SSL port under the General Tab of the server, and WLS will start listening over SSL on that port.

However, using these demo certificates is not recommended in a production environment because they do not provide adequate security. Instead of using the demo certificates, we can either get our certificates signed by a third-party certifying authority or use self-signed certificates (use our own root ca which we can use to sign our own certificates).

To generate the certificates, we need to use keytool. Keytool is a standard java keystore utility. This is included with the Java SE JDK as well as the JRockit JDK.

For more information, please see the Keytool documentation.

A keystore is a database of key material. Key material is used for a variety of purposes, including authentication and data integrity. There are various types of keystores available, including "PKCS12" and Java's "JKS." There are two types of keystores: identity keystores and trust keystores. An identity keystore contains the server's private key and is therefore referred to as the identity. This keystore can contain more than one private key. A trust keystore contains the root and intermediate certificates which are trusted by the server.

In this document, we will look at the steps that need to be implemented to configure SSL using custom certificates through a JKS type of keystore.

NOTE: When a signed public key expires, and is replaced, if the public key is the same (that is, only the signature has changed), then the public key can be re-imported into the identity keystore using the private key alias as before (see below). If, however, a new private key and public key is generated, then build a completely new identity keystore as described here.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Create the Identity and Trust Keystores
 Configure the keystore in WebLogic Server

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.