Using WebLogic 12.2.1.4
Company has it's own CA.
I create a genkeypair using keytool (keystore=identity.jks, alias=weblogic)
I create a CSR using identity.jks and sent CSR to my CA.
CA sends back server.p7b, server.p7c, server.cer.
I open server.p7b and find 3 certs (root, intermediate, server).
If I export the server.cer from server.p7b, it is the same info as the standalone server.cer. So, I only export root.cer and intermediate.cer (as X509).
I would like to have separate identity.jks and trust.jks.
I am not sure what to import into each.
When I attempt to import the server.cer into identity.jks using the same alias as was used during creation, I get an error “Failed to establish chain from reply”.
Should the server.cer be imported into identity.jks? Should I use the same alias? Do I need to import server.cer into the trust.jks?
My logic says to import server.cer into identity.jks and root.cer and intermediate.cer into trust.jks, but I cannot get this to work.
Thank you.