Updating Expired Verisign Certificates 1/12/2004
On January 7th, 2004, several certificates issued by Verisign expired, causing the failure of SSL on several BEA weblogic servers.
The following steps can be taken to update these certificates (verisignclass3ca, verisignclass2ca, verisign Class 3 intermediate certificate).
1. Obtain the updated certificates.
The certificates necessary can be downloaded from the click2gov website, Support Center.
They are:
- Verisign Public Class 3 2028
- Verisign Intermediate Class 3 2011
Place both of these downloaded files into your Java/bin directory located at:
[weblogic drive letter]:\bea\jdk141_03\bin
2. Update the cacerts keystore in the java security directory.
Open a command prompt and navigate to the java bin directory:
[weblogic drive letter]:\bea\jdk141_03\bin
Commands:
keytool -delete -alias verisignclass2ca -keystore c:\bea\jdk141_03\jre\lib\security\cacerts
keytool -delete -alias verisignclass3ca -keystore c:\bea\jdk141_03\jre\lib\security\cacerts
keytool
–import –alias verisignclass3ca2028 –file VerisignClass3Root.arm –keystore
c:\bea\jdk141_03\jre\lib\security\cacerts
Trust this
certificate: y
3. Update the intermediate certificate in your web browser (Use Internet explorer ) where your private certificate is stored.
Open Internet Explorer.
Select Tools, Internet Options.
Select the Content tab and then click on the Certificates button.
Select the Intermediate Certification Authorities tab. In the list box, find the entry for:
www.verisign.com Class 3 Public Primary. Expires 1/7/2004.
Click the "remove" button.
Confirm the removal by selecting "yes".
Now, click the "Import button"
Browse to the new intermediate certificate and select it. You may have to alter the file filter select box at the bottom in order to see the file you are trying to import.
Click the "Next" button.
Select "Automatically select the certificate store based on the type of certificate.", and click the "Next" button.
Verify the selected options and click the "Finish" button.
You should now have the correct Intermediate certificate in place.
4. Export your private certificate from Internet Explorer and import into the c2gkeystore.jks
Instructions here
5. Stop and re-start your WebLogic service. Test the system.