***********************************************************************************
* Description: Renewal HTTPS SSL Certificate for Oracle WebLogic Fusion Middleware
* Date: 11:42 PM EST, 03/01/2018
***********************************************************************************

		 
<1> For security purpose, majority orgnization utilize HTTPS SSL\TLS to encrypt data for online transaction. 
     | 
     |__ o. To archive the goal, third party issue digital cerificate is needed. 
     |
     |__ o. Generally, cerificate validation date is not perminent, and needs renewal 2 or 3 yearly basis.
     |
     |__ o. To receive the new certificate, you need to submit your Certificate Signing Request [CSR] to your Certificate Authority.
     |
     |__ o. For WebLogic HTTP server, you need to create an Oracle wallet, and put all the Trusted cerificate and regular certificate within it to make it valid.
     |
     |__ o. If the old certificate going to expire, basiscally, you need to delete the old one, importing new one, and restart OHS. 
     |
     |__ o. The cerificates has 2 types, Trusted Certificate and Regular Certificate. 
             |
             |__ o. The purpose of Trusted Certificate is for "OK, I know and this GoDaddy as my CA. So, I have no doubt on all the certs issued from it."
             |      Usually, if you still use same CA for the renewal, you do not need to re-import Trusted Certificate again.
             |
             |__ o. Regular cerificate is for app user visting your website via HTTPS protocal, which needs to be re-import as renewal.
             |
             |__ o. CAUTION: What we trust is the vendor or CA who issues the cerificate, not the cerificate itself.
			 
			 
			 
			 
			 
			 
			 
<2> Step 1 - Submit "Certificate Signing Request" through Fusion Middleware dashboard for WebLogic HTTP server:
     |
     |__ o. The default port is 7002, which needs to be indicated appending to console URL:

	 
             
	
	
	
	
	
<3> Step 2 - After log into the console, finding existing wallet first. Go to "Web Tier" ==> Right click on "ohs1" ==> "Security" ==> "Wallets":


            


			
			

<4> Step 3 - Each wallet is corresponding to a physical folder on the server. For this case, the wallet location is below:
     |
     |__ o. Default wallet ............. /Data/Oracle/Middlewarenew/asinst_1/config/OHS/ohs1/keystores/default
     |      User created wallet ........ /Data/Oracle/Middlewarenew/asinst_1/config/OHS/ohs1/keystores/emeralit_SSL_wallet 
     |
     |
     |__ o. Before importing the new cerificate, Click on "Export" button, or copy the physical folder as a backup method.
     |	 
     |
     |__ o. "Auto-login" means no password is needed.
	
            
             
	
	
	
	
<5> Step 4 - Submitting Certificate Request:	
	
            
	
	
	
	

<6> Step 5 - Fulfill the Company or Orgnization Information:

            	
	
	
	
	
	
<7> Step 6 - Export and send over the encrypted request to your Certificate Authority:

            	
	
	
	
	
	
<8> Step 7 - After CA approves your CSR, a zipped package including Trusted Certificate and Regular Certificate will be sent over:	
	
            	
	
	
	
	
	
	
<9> Step 8 - After zipping the package, you can pick up the option for paste or upload to import the certificate accordingly:
     |
     |__ o. In this case, user still use GoDaddy as vendor, so aftering deleting the old regular cerificate, you can import the new one.

            
	
	
	
	
	
<10> Step 9 - To make the new certificate being actived, OHS needs to be restarted once: 
     |
     |__ o. Right click on "ohs1" ==> "Control" ==> "Restart"
	
	
	
	
	
	
<11> Step 10 - Go to website, and click on the "LOCK" icon next to website address to verify new cerificate is being used: