WebLogic Server uses the following algorithm when it loads its trusted CA certificates:
- If the keystore is specified by the
-Dweblogic.security.SSL.trustedCAkeystorecommand-line argument, load the trusted CA certificates from that keystore. - Else if the keystore is specified in the configuration file (
config.xml), load trusted CA certificates from the specified keystore. If the server is configured with DemoTrust, trusted CA certificates will be loaded from theWL_HOME\server\lib\DemoTrust.jksand the JDKcacertskeystores. - Else if the trusted CA file is specified in the configuration file (
config.xml), load trusted CA certificates from that file (this is only for compatibility with 6.x SSL configurations). - Else load trusted CA certificates from
WL_HOME\server\lib\cacertskeystore.
