Follow Us on Twitter

How to create a new DemoIdentity.jks

by Ian Hoogeboom on May 28, 2010 · 6 comments

When you somehow need to create a new DemoIdentity.jks file for WebLogic, i.e. when the machine name has changed, follow the next steps.

The next functionality is tested on WebLogic version 10.3.2.

Create new certificate and keystore

Go to the server lib directory of WebLogic:

$> cd $MIDDLEWARE_HOME/wlserver_10.3/server/lib/

Set the right environment:

$> . ../bin/

Create a new certificate for your machine (test01.local.lan):

$> java utils.CertGen -cn test01.local.lan -keyfilepass DemoIdentityPassPhrase -certfile testcert -keyfile testkey

Generating a certificate with common name test01.local.lan and key strength 1024
issued by CA with certificate from CertGenCA.der file and key from CertGenCAKey.der file

Import this certifcate in a new key store:

$> java utils.ImportPrivateKey newkeystore.jks DemoIdentityKeyStorePassPhrase demoidentity DemoIdentityPassPhrase testcert.pem testkey.pem

Imported private key testkey.pem and certificate testcert.pem
into a new keystore newkeystore.jks of type jks under alias demoidentity

Now check if your public key/certifcate is imported in the new key store.

$> keytool -v -list -keystore newkeystore.jks -storepass DemoIdentityKeyStorePassPhrase

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: demoidentity
Creation date: Apr 12, 2010
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner: CN=test01.local.lan, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
Serial number: 4acc7d27882f10e38823617098da6d91
Valid from: Sun Apr 11 15:56:23 CEST 2010 until: Sat Apr 12 15:56:23 CEST 2025
Certificate fingerprints:
MD5:  12:97:52:76:3A:AB:1D:36:D7:DD:71:BB:8E:17:96:74
SHA1: 49:0A:09:CC:6C:9E:F0:6E:90:8F:64:C7:D3:BF:2D:39:E6:EB:BC:DD
Signature algorithm name: MD5withRSA
Version: 1

Replace the old DemoIdentity.jks

This newkeystore.jks is your new DemoIdentity.jks

$> ls *.jks
DemoIdentity.jks  DemoTrust.jks  newkeystore.jks
$> mv DemoIdentity.jks DemoIdentity.jks_
$> cp newkeystore.jks DemoIdentity.jks


How to create a new DemoIdentity.jks, 5.0 out of 5 based on 5 ratings
VN:D [1.9.22_1171]
Rating: 5.0/5 (5 votes cast)

{ 6 comments… read them below or add one }

Leon Dorfling January 21, 2011 at 1:59 pm

Thanks, helped a lot.


Pedro Morales March 16, 2012 at 4:56 am

This is great, thank you very much it works wonders!

I’d suggest

java utils.CertGen -cn `hostname` -keyfilepass DemoIdentityPassPhrase -certfile testcert -keyfile testkey

For Unix/Linux system so the command can be copy/pasted better on each box.


siva December 12, 2012 at 2:46 pm

Hi Ian,
Could you please help to setup one-way SSL from apache webserver to weblogic 11g in solaris 10.

Please provide the steps for both Demo and Custom.


Clemilson Abreu June 2, 2015 at 6:02 pm

Thanks a lot. Very well written steps.


Emanuele Oscar Del Viscovo February 8, 2017 at 7:41 pm

And if need to create the trust.jks How i do ?


yuwraj July 27, 2020 at 3:18 pm

provide steps for windows os too


Leave a Comment


Previous post:

Next post:

About Whitehorses
Company profile

Whitehorses website

Home page

Follow us
Blog post RSS
Comment RSS