WebLogic

Regenerating the 'DemoIdentity' certificate in WebLogic 12c

Ahmed Aboulnaga

2 min read

I recently encountered an Oracle WebLogic 12c environment that was installed 5 years ago, and whoever set it up at the time settled on using the included demo certificate created with the installation. Unfortunately, this demo cert expires after 5 years and now they are unable to start up their managed server.

The error in the logs are:

<Oct 7, 2021, 2:20:59,944 PM EDT> <Alert> <Security> <BEA-090154> <Identity certificate has expired: [
[
  Version: V3
  Subject: CN=DemoCertFor_test12c
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 1024 bits
  modulus: 135687768825257970920645103749378512647737621009184020990762899426300960611923373430758885109924074087110250668541195216859214695760272683547985604471057131191030374090625201144697417163468413950677609292596657234544449316372941272371625659602678021396555756075822965335563707180282782523324781153272285770993
  public exponent: 65537
  Validity: [From: Mon Sep 26 15:36:24 EDT 2016,
               To: Sat Sep 25 15:36:24 EDT 2021]
  Issuer: CN=CertGenCA, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
  SerialNumber: [    067ff157 a915]

To regenerate a demo cert, simply log into the EM console, navigate to WebLogic Domain > Security > Keystore, and expand system.

Highlight the demoidentity keystore row and click Manage, using the password DemoIdentityKeyStorePassPhrase:

Here you will find the certificate. Highlight it and click on Delete. You will be prompted for the private key password which is DemoIdentityPassPhrase:

Afterwards, click on Generate Keypair and enter the values below, replacing Common name with your server hostname. I suggest keeping the same password DemoIdentityPassPhrase:

Remember, this is for users of the demo keystore, which is not recommended to be used in a production environment.

For reference purposes, the default passwords for the demo trust, keystore, and cert are as follows:

  • Trust store password = DemoTrustKeyStorePassPhrase
  • Key store password = DemoIdentityKeyStorePassPhrase
  • Private key password = DemoIdentityPassPhrase