Manualshelf

Technical data

ManualsBrandsBEA ManualsComputer equipmentWebLogic Server 7
281282283284285286287288289290
Configuring the SSL Protocol
Administration Guide 14-51
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
A PEM(.pem) format digital certificate begins and ends with the following lines,
respectively:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Note: Your digital certificate may be one of several digital certificates in the file,
each of which is bounded by the
BEGIN CERTIFICATE and END CERTIFICATE
lines. Typically, the digital certificate file for a WebLogic Server is in one file,
with either a
.pem or .der extension, and the WebLogic Server certificate
chain is in another file. Two files are used because different WebLogic Servers
may share the same certificate chain.
The first digital certificate in the certificate authority file is the first digital
certificate in the WebLogic Server’s certificate chain. The next certificates in
the file are the next digital certificates in the certificate chain. The last
certificate in the file is a self-signed digital certificate that ends the certificate
chain.
A DER (
.der) format file contains binary data. WebLogic Server requires that the file
extension match the contents of the certificate file so be sure to save the file you receive
from your certificate authority with the correct file extension.
Assign protections to the private key file and digital certificates so that only the
system User of WebLogic Server has read privileges and all other users have no
privileges to access the private key file or digital certificate. If you are creating a file
with the digital certificates of multiple certificate authorities or a file that contains a
certificate chain, you must use PEM format. WebLogic Server provides a tool to for
converting DER-format files to PEM format, and visa versa. For more information, see
WebLogic Utilities.
Defining Trusted Certificate Authorities
When establishing an SSL connection, WebLogic Server checks the identity of the
certificate authority against a list of trusted certificate authorities to ensure the
certificate authority currently being used is trusted.