Wildcard Certificates and PeopleSoft keystores

I love to use the wildcard certificates that you can get from providers like godaddy.  However, there is a serious problem once you create your CSR and generate your certificate and import it into your keystore.  It works great on this system, but I just said it is a wildcard certificate!  So when I go to my next system and I want to use the same certificate what am I to do, if I generate a new CSR it will revoke my other servers certificate.  I need the private key from the original certificate and I haven’t found a nice way to make that in PeopleSoft yet.

I had a client give me their wildcard certificate in a pkcs12 (pfx) format which PeopleSoft does not like at all.  However I find this great command that will take the pfx certificate and convert it into its own JKS keystore.  This works awesome, all I need to do is import the root and intermediate certificates into the keystore which are almost always available from the certificate provider and now I have a keystore that works within PeopleSoft and once I assign the keystore and assign the alias within the weblogic console, I am ready to go!

keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS

I found that I can create a keystore and a new private key / CSR using Portecle which is a great tool for working with keystores. Once I create a new CSR and use the CSR to generate a wild card certificate, I import the certificate into the keystore and import the root and intermediate certificates into the keystore and then save the keystore in JKS format, and I am good to go! Put the new keystore into the keystore folder within your PIA site ({domain}\piaconfig\keystore). Next you need to go into your weblogic console and set the PIA domain to accept the new keystore and assign the alias from the keystore for the SSL certificate.