Covering J2EE Security and WebLogic Topics

WebLogic with a PKCS12 Keystore

I recently tried to get WebLogic 8.1.3 Server to use a PKCS12 keystore which contained the server’s identity certificate. A PKCS12 file contains the private key and public certificate. For all practical purposes, it’s just like a JKS keystore as long as you specify the PKCS12 store type when using the WebLogic Console Keystore Configuration screen or keytool. The convention for PKCS12 filename extensions is either .p12 or .pfx.

Normally, I use JKS keystores so I was in uncharted territory although all signs indicated that it should work. As my luck would have it, it didn’t work. Upon server startup I received a “Set tag error” which prevented the SSL port from working.

As it turns out, the problem was caused by a bug in JDK 1.4.2_04. Supposedly, it was fixed in 1.4.2_05 which comes with WLS 8.1.4. However, I used JDK 1.4.2_06 and it worked just fine.