We were using VeriSign SSL certificates for our Weblogic
admin and managed servers. It seemed easy to enable the SSL: create the
keystore -> generate then send the SSL certificate requests of the servers
-> receive the SSL certificates -> import the Verisign CA, issuing as
well as the server certificates into the keystore -> import the Verisign CA
and issuing certificates to update the keystore configuration from the Weblogic
admin console to point to the keystore for the servers -> restart the
servers
Then it was time to renew the SSL certificates. However my
company decided to switch to Microsoft certificates using internal CA and
issuing certificates, since these servers are only used inside the company.
Following above steps I renewed the certificates, but on starting the Weblogic
servers, I got CERTIFICATE UNKNOWN warning messages in the logs.
It turned out that I also need to import the
Microsoft CA and issuing certificates to EM Grid Control agent keystore, which
is under $AGENT_HOME/sysman/config/montrust/
AgentTrust.jks and the keystore password is welcome by
default. It is because the EM Grid Control agent keystore does have the
VeriSign CA certificate by default, but doesn’t have Microsoft CA certificate.