To have an End to End certificate between client till weblogic managed server, there are following options to configure the certificate –
- Using Enterprise manager to create Wallet and map it to weblogic domain and OHS.
- using wlst to achieve from command like
- using keytook to create the keystore and map it to weblogic domain and later to OHS
During the OHS to keystore conversion, I have some issues with the certificate import –
Error –
“weblogic sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target AND Registration Failed sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
when I checked the certificate chain I found the irregularity in the order of certificates.
It should be like –
chain 0 - should shows identity certificate
chain 1 - should shows intermediate certificate (1 or more as per your organizations certificate management)
chain 2 - should shows root certificate (it must be the last in the certificates chain file)
Export the server certificate from existing keystore –
keytool -export -keystore kstwallet.jks -alias kstdev12 -file kstdev12_cert.cer