Generate a CSR for BEA Weblogic

Requesting a Private Key and Digital Certificate

You must submit your request in a particular format called a Certificate Signature Request (CSR). WebLogic Server includes a Certificate Request Generator servlet that creates a CSR. The Certificate Request Generator servlet collects information from you and generates a private key file and a certificate request file. You must then submit the CSR. Before you can use the Certificate Request Generator servlet, WebLogic Server must be installed and running.

1. Start the Certificate Request Generator servlet (certificate.war). The .war file is automatically installed when you start WebLogic Server. In a Web browser, enter the URL for the Certificate Request Generator servlet as follows:


Where hostname is the DNS name of the machine running WebLogic Server, and port is the number of the port at which WebLogic Server listens for SSL connections.

For example, if WebLogic Server is running on a machine named yourmachine and it is configured to listen for SSL communications at the default port 7002, you must enter the following URL in your Web browser to run the Certificate Request Generator servlet:


2. The Certificate Request Generator servlet loads a form in your web browser. Complete the form.

3. Click the Generate Request button. The Certificate Request Generator servlet displays messages informing you if any required fields are empty or if any fields contain invalid values. Click the Back button in your browser and correct any errors.

Note on private key passwords: If you do not specify a password, you will get an unencyrpted RSA private key. If you specify a password, you will get a PKCS-8 encrypted private key. When using PKCS-8 encrypted private keys, you need to enable the Use Encrypted Keys field on the SSL tab of the Server window in the Administration Console.

4. When all fields have been accepted, the Certificate Request Generator servlet generates the following files in the startup directory of your WebLogic Server:

  • mydomain_com-key.der: The private key file. The name of this file should go into the Server Key File Name field on the SSL tab in the Administration Console.
  • mydomain_com-request.dem: The certificate request file, in binary format.
  • mydomain_com-request.pem: The CSR file that you submit. It contains the same data as the .dem file but is encoded in ASCII so that you can copy it into email or paste it into a Web form.

Next Steps

For help installing your certificate, read here.

Subscribe To’s Newsletter

Don’t miss new articles and updates from

Stay Informed and Secure is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.