Installing pfx certificate into Oracle Weblogic Server 12.2.1.4.0

A couple of days back my colleague Inderjeet Singh currently leading Datawiz Consultancy Services Sdn. Bhd. called me to share an issue where he needed to install PFX certificate in Oracle Weblogic Server 12.2.1.4.0

The recommended key store format for Weblogic is JKS. We were scratching our heads, trying to figure out how to install this certificate on the target server, which has Oracle Portal, Forms, and Reports installed.

We solved it in the following way:

First, we decided to focus on the Portal Server where they are hosting the Oracle Application Express Application.

Next, we divided our task into two parts.

1st Part 
is to convert PFX certificate into JKS format and storing it in Keystore.  JKS is a database format for both storing the private key, and the associated certificate or certificate chain.

2nd Part 
is put this information into Oracle Weblogic Configuration using Admin Server.

For 1st Part, We did as follows:

Open a cmd prompt and go to <domain_home>/bin folder and run "setDomainEnv.cmd"

This sets the environment variable so that keytool is available for us.

Then we run the following command:

keytool -importkeystore -srckeystore mydomain.com.my.pfx -srcstoretype pkcs12 -destkeystore mydomain.jks -deststoretype JKS

It ask us following:

>> enter dest keystore password: (keep same as private key: pfxfilepassword)

>> enter source keystore password: pfxfilepassword

** We kept keystore password same as pfx file password to avoid confusion

Format:

keytool -importkeystore -srckeystore [pfx_file_to_convert.pfx] -srcstoretype pkcs12 -destkeystore [identity.jks] -deststoretype JKS

Using above command we generated new keystore in jks database format from pfx certificate.

Check Alias of the generated keystore using following command

keytool -v -list -storetype jks -keystore mydomain.jks

It will ask you password and will give details about the mydomain.jks including alias name.

2nd Part was easy

Update Keystore file location and related details in the Weblogic configurations for target Server

Updating Keystores Details

and then Alias and password in SSL tab as follows

Updating SSL

After this, we were ready to go :) and we configured the other server in the same way.

I hope this helps someone.