BEA 7 Server User Manual


 
2 Upgrading WebLogic Server 4.5 and 5.1 to Version 7.0
2-32 BEA WebLogic Server 7.0 Upgrade Guide
Digital Certificates Generated by the Certificate Servlet
Digital certificates obtained through a CSR created by the Certificate Request
Generator servlet in WebLogic Server 5.1 cannot be used with this release of
WebLogic Server.
When creating a CSR using the Certificate Request Generator servlet in WebLogic
Server 5.1, the servlet does not make you specify a password for the private key. The
password is required in order to use the private key and associated digital certificate
with this release of WebLogic Server.
Use the JDK keytool utility to define a password for the digital certificate’s private
key. The digital certificate can then be used with this release of WebLogic Server.
Before using keytool to define the password for the private key, you may need to delete
extra characters at the end of each line in the private key.
Private Keys and Digital Certificates
In this release of WebLogic Server, more stringent checks are performed on private
keys and digital certificates. In order to use an existing private key and digital
certificate, you must perform the following upgrade steps:
1. If the private key is encrypted, convert the key to PEM format using the
java
utils der2pem
command and modify the header as follows:
----------BEGIN ENCRYPTED PRIVATE KEY----------
...
-----------END RSA PRIVATE KEY---------------------
If the private key is not in PEM format, you receive the following exception:
java.lang.Exception:Cannot read private key from file
C:\bea700sp5\user_proects\mydomain\privatkey.der
Make sure password specified in environnment property
weblogic.management.pkpassword is valid.
If the private key is unencrypted, use the java utils der.2pem command and
modify the header as follows:
----------BEGIN RSA PRIVATE KEY----------
...
----------END RSA PRIVATE KEY----------
2. Check to see if the digital certificate has an extra line at the end of the file. The
following should be the last line of the certificate file: