Generate certificate chains with Keytool (Doc ID 2897246.1)

Last updated on DECEMBER 06, 2023

Applies to:

Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.

Goal

With JDK 7 enhance -gencert / -ext, keytool is no longer limited to generating self-signed certificates. A certificate chain can be easily built for demo purposes.

This sample script builds a 3-tiers certificate chain: root > gcs > server

JEP 229: Create PKCS12 Keystores by default since Jdk 9
JDK-8186143 to support wildcards for DNS subject alternative names, Jdk needs 8u351+, 11.0.17+, 15+
JDK-8008292 New PKCS12 keystore by keytool requires storepass = keypass, but JKS has no this limitation
Keystore generated here can be used in Jdk7 and later release

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Generate certificate chains with Keytool (Doc ID 2897246.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!