Generate certificate chains with Keytool
(Doc ID 2897246.1)
Last updated on DECEMBER 06, 2024
Applies to:
Oracle WebLogic Server - Version 10.3.6 and laterInformation in this document applies to any platform.
Goal
With JDK 7 enhance -gencert / -ext, keytool is no longer limited to generating self-signed certificates. A certificate chain can be easily built for demo purposes.
This sample script builds a 3-tiers certificate chain: root > gcs > server
- JEP 229: Create PKCS12 Keystores by default since Jdk 9
- JDK-8186143 to support wildcards for DNS subject alternative names, Jdk needs 8u351+, 11.0.17+, 15+
- JDK-8008292 New PKCS12 keystore by keytool requires storepass = keypass, but JKS has no this limitation
- Keystore generated here can be used in Jdk7 and later release
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |