Generate a JKS (Key Store)

Create a KeyStore:

keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 2048


Generate a CSR:


keytool -certreq -alias mydomain -keystore KeyStore.jks -file mydomain.csr


Import the root & intermediate certificates into your keystore:


keytool -import -trustcacerts -alias root -file root.crt -keystore KeyStore.jks


keytool -import -trustcacerts -alias intermediate -file intermediate.crt -keystore KeyStore.jks


 Store and import your new certificate:


keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore KeyStore.jks

Importing Certificates in Java Key Store(JKS)

whenever you are working with Weblogic and want to setup Certificates, you will need to configure the Java Key store, a file where certificates are stored.

You will first needs either a self signed certificate or a external certificate that you have requested through a third party like GlobalSign, etc.

Either way you will get a .crt or .pem file which includes the certificate. Store this certificate in  a known location on your server. For example: /opt/certs/

Also note down the keystore location that is currently configured in Weblogic. Note down the full path in Custom Identity Keystore.

Listing of Certificates

keytool -list -keystore /keystore.jks -storepass ***

Importing a single certificate to a keystore

keytool -importcert -file newcert.pem -destkeystore /keystore.jks -deststoretype jks \
    -deststorepass *** -alias 

Importing a  keystore (PKCS12) to a JKS

keytool -importkeystore -srckeystore cert-key.p12 -srcstoretype pkcs12 -srcstorepass *** keystore /keystore.jks -deststoretype jks -deststorepass ***

After this has been imported into the JKS, you might need a restart of the application server.