Weblogic 7.0 SSL configuration. - Weblogic

This is a discussion on Weblogic 7.0 SSL configuration. - Weblogic ; I have been creating a webservice needing secure connections. First I created certificate request and private key with weblogic certificate servlet. Then i received certificate from Verisign. I managed to get the key into keystore and the now ssl-connection works ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Weblogic 7.0 SSL configuration.

  1. Weblogic 7.0 SSL configuration.

    I have been creating a webservice needing secure connections.
    First I created certificate request and private key with weblogic certificate servlet. Then i received certificate from Verisign.
    I managed to get the key into keystore and the now ssl-connection works fine.
    The only problem is that Every time i connect to server with a web browser I get message like:
    ---------------
    - The certificate for "extranet.prosectotal.fi" is signed by the unknown Certificate Authority "VeriSign Trust Network". It is not possible to verify that this is a valid certificate
    ------------------
    The problem does not occure if I install Verisign Intermediate CA certificate to client side so I figured it is all about that Intermediate certificate. The web-service will come to public use so any client side installations are not possible.

    I've tried to get weblogic load that Intermediate certificate, but somehow I have not succeeded.

    I have tried to use server-certchain.pem file with following combinations
    a) only Intermediate certificate
    b) intermediate certificate + verisign root certificate
    c) server cert + intermediate cert + root cert

    I also have tried to put intermediate certificate to
    "Trusted CA File Name:" trusted.pem .

    None of these is still working so I could use some help.

    The weblogic server version I'm using is 7.0 SP4

  2. Re: Weblogic 7.0 SSL configuration.

    The certificate chain in the server certificate file must start with the server identity certificate, followed by the certificate of its issuer, and so on, until the self-signed root CA certificate if you want to include it too.

    Pavel.

+ Reply to Thread