Technical data

Configuring the SSL Protocol

Administration Guide 14-49

4. Click the Generate Request button.

The Certificate Request Generator servlet displays messages informing you if

any required attributes are empty or if any attributes contain invalid values.

Click the Back button in your browser and correct any errors.

When all attributes have been accepted, the Certificate Request Generator servlet

generates the following files in the startup directory of your WebLogic Server:

l www__com-key.der—The private key file. The name of this file should go

into the Server Key File Name attribute field on the SSL tab in the

Administration Console.

l www__com-request.dem—The certificate request file, in binary format.

l www__com-request.pem—The CSR file that you submit to the certificate

authority. It contains the same data as the

.dem file but is encoded in ASCII

so that you can copy it into e-mail or paste it into a Web form.

5. Select a certificate authority and follow the instructions on that authority’s Web

site to purchase a digital certificate.

l VeriSign, Inc. offers two options for WebLogic Server: Global Site Services,

which features strong 128-bit encryption for domestic and export Web

browsers, and Secure Site Services, which offers 128-bit encryption for

domestic Web browsers and 40-bit encryption for export Web browsers.

l Entrust.net digital certificates offer 128-bit encryption for domestic browser

versions and 40-bit encryption for export browser versions.

Strength The length (in bits) of the keys to be generated. The longer the

key, the more difficult it is for someone to break the encryption.

If you have the domestic version of WebLogic Server, you can

choose 512-, 768-, or 1024-bit keys. The 1024-bit key is

recommended.

Note: This field only appears on the domestic version of the

Certificate Request Generator servlet.

Table 14-17 Fields on the Certificate Request Generator Form

Field Description