I recently encountered an Oracle WebLogic 12c environment that was installed 5 years ago, and whoever set it up at the time settled on using the included demo certificate created with the installation. Unfortunately, this demo cert expires after 5 years and now they are unable to start up their managed server.
The error in the logs are:
<Oct 7, 2021, 2:20:59,944 PM EDT> <Alert> <Security> <BEA-090154> <Identity certificate has expired: [ [ Version: V3 Subject: CN=DemoCertFor_test12c Signature Algorithm: SHA256withRSA, OID = 1.2.840.113518.104.22.168 Key: Sun RSA public key, 1024 bits modulus: 135687768825257970920645103749378512647737621009184020990762899426300960611923373430758885109924074087110250668541195216859214695760272683547985604471057131191030374090625201144697417163468413950677609292596657234544449316372941272371625659602678021396555756075822965335563707180282782523324781153272285770993 public exponent: 65537 Validity: [From: Mon Sep 26 15:36:24 EDT 2016, To: Sat Sep 25 15:36:24 EDT 2021] Issuer: CN=CertGenCA, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US SerialNumber: [ 067ff157 a915]
To regenerate a demo cert, simply log into the EM console, navigate to WebLogic Domain > Security > Keystore, and expand system.
Highlight the demoidentity keystore row and click Manage, using the password
Here you will find the certificate. Highlight it and click on Delete. You will be prompted for the private key password which is
Afterwards, click on Generate Keypair and enter the values below, replacing Common name with your server hostname. I suggest keeping the same password
Remember, this is for users of the demo keystore, which is not recommended to be used in a production environment.
For reference purposes, the default passwords for the demo trust, keystore, and cert are as follows:
- Trust store password = DemoTrustKeyStorePassPhrase
- Key store password = DemoIdentityKeyStorePassPhrase
- Private key password = DemoIdentityPassPhrase