BEA WebLogic Server 7 사용자 설명서

BEA WebLogic Server 7.0 Upgrade Guide

Digital certificates obtained through a CSR created by the Certificate Request 
Generator servlet in WebLogic Server 5.1 cannot be used with this release of 
WebLogic Server. 

When creating a CSR using the Certificate Request Generator servlet in WebLogic 
Server 5.1, the servlet does not make you specify a password for the private key. The 
password is required in order to use the private key and associated digital certificate 
with this release of WebLogic Server. 

Use the JDK keytool utility to define a password for the digital certificate’s private 
key. The digital certificate can then be used with this release of WebLogic Server.  
Before using keytool to define the password for the private key, you may need to delete 
extra characters at the end of each line in the private key.

In this release of WebLogic Server, more stringent checks are performed on private 
keys and digital certificates. In order to use an existing private key and digital 
certificate, you must perform the following upgrade steps:

1. If the private key is encrypted, convert the key to PEM format using the 

java 

utils der2pem

 command and modify the header as follows:

----------BEGIN ENCRYPTED PRIVATE KEY----------
...
-----------END RSA PRIVATE KEY---------------------

If the private key is not in PEM format, you receive the following exception:

java.lang.Exception:Cannot read private key from file
C:\bea700sp5\user_proects\mydomain\privatkey.der
Make sure password specified in environnment property 
weblogic.management.pkpassword is valid.

If the private key is unencrypted, use the 

java utils der.2pem

 command and 

modify the header as follows:

----------BEGIN RSA PRIVATE KEY----------
...
----------END RSA PRIVATE KEY----------

2. Check to see if the digital certificate has an extra line at the end of the file. The 

following should be the last line of the certificate file: