Importing certificates in weblogic server

While working on day to day work, I was able to find 2 different way to import a certificate on your weblogic server

  1. Importing certificate using key tool over command prompt
  2. Importing certificate using KeyStore Service (KSS)


Importing certificate using key tool over command prompt

To know the WebLogic server’s trust Keystore location: On the home page, proceed to Servers under Environment subsection.

  • Select the Admin server out of the list of servers displayed –
  • Proceed to the Keystores tab, under Keystores tab, select the Demo Trust Keystore path. This is the path where our keystore resides.

At this path, run the following keytool command:
keytool -import -trustcacerts -alias TestCA –file <Filename with location> -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
For e.g., assuming downloaded certificate is kept at the location where .jks file available and name of the certificate is certificatename.cer then keytool command would look like:
keytool -import -trustcacerts -alias TestCA–file certificatename.cer -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase



A message Certificate was added to keystore is displayed, which confirms the successful import of the certificate.

Note- If you get a ‘Certificate already exists in the Keystore message’, enter ‘Y’(yes) and proceed to import the certificate.

You can verify the same by enlisting all the certificates using the following command:
keytool –list –keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase


The newly imported certificate appears as part of existing certificates in the keystore,



Importing certificate using KeyStore Service (KSS)

To import a certificate using KeyStore Service (KSS), need to ensure that KSS is enabled.

Please ensure KSS for demo is enabled.If its not, follow the below steps to enable it
go to the WebLogic console, Click on Domain –> Security –> Advanced page and select ‘Use KSS for Demo’ checkbox.
Click Save.

Note – Above option is available on Oracle 12c version. I could not find same on 11g.

Now, navigate to your em console and right click on weblogic domain –> Security –>KeyStore


Expand the drop-down list in which the Keystore resides and Select the row corresponding to the Keystore. For this case, System –>Trust


If the Keystore is password-protected, you are prompted for a password. Enter the Keystore password and click OK.
Click on Manage option,
The Import Certificate dialog appears.
Select the certificate type, either Certificate or Trusted Certificate, from the drop-down. For this case, use ‘Trusted Certificate’. Provide an alias, for example, ‘testTrust’.

Specify the certificate source. If using the Paste option, copy and paste the certificate directly into the text box. If using the Select a file option, click Browse to select the file from the operating system.
Click OK. The imported certificate or trusted certificate appears in the list of certificates.
Click OK.


Restart your Admin server to reflect the changes.

This entry was posted in Weblogic and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s