Friday, October 01, 2010

Create Keystore from EM conosle in SOA Suite 11g

Log in to EM console

http://host:port/em

Goto Weblogic Domain-->Security--->Credentials



By default our SOA Suite application is configured with a cwallet.sso.
You can find it in jps-config.xml file


If you will have a look in this configuration file

$BEA_HOME/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml

<!-- KeyStore Service Instance -->
<serviceInstance name="keystore" provider="keystore.provider" location="./default-keystore.jks">
<description>Default JPS Keystore Service</description>
<property name="keystore.type" value="JKS"/>
<property name="keystore.csf.map" value="oracle.wsm.security"/>
<property name="keystore.pass.csf.key" value="keystore-csf-key"/>
<property name="keystore.sig.csf.key" value="sign-csf-key"/>
<property name="keystore.enc.csf.key" value="enc-csf-key"/>
</serviceInstance>


I am following Oracle® Fusion Middleware
Security and Administrator’s Guide for Web Services
11g Release 1 (11.1.1)
B32511-02

for this configuration.


Now for the configuration you have first create a key store.

you can use the following document for the same.

Once key store is created you need to create a map with the same name oracle.wsm.security

In the credential page create a new map



Now choose the map and create a key for basic credential of weblogic server



Next we need to create one more key for keystore i.e. keystore-csf-key

Provide the user name and password for the keystore





Now as you can see in configuration we have two more key

keystore.sig.csf.key and keystore.enc.csf.key

one for signing and one for encrypting.

In our test scenario we will create only one key for both the process.




Now in all you should see three keys in your map



so you are done with your configuration,now you only need to change your jps-config.xml file in

$BEA_HOME/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml

So the previous entry needs to be changed like this

<!-- KeyStore Service Instance -->
<serviceInstance name="keystore" provider="keystore.provider" location="./default-keystore.jks">
<description>Default JPS Keystore Service</description>
<property name="keystore.type" value="JKS"/>
<property name="keystore.csf.map" value="oracle.wsm.security"/>
<property name="keystore.pass.csf.key" value="keystore-csf-key"/>
<property name="keystore.sig.csf.key" value="arpit-key"/>
<property name="keystore.enc.csf.key" value="arpit-key"/>
</serviceInstance>



Also need to indicate your key store and provide its name ,Once done save the changes and restart the server.

Now when i tried to restart the server i found the error

INFO: SSLSocketFactoryManagerImpl.getKeystoreLocation SOA Keystore location: /refresh/home/Oracle/Middleware/user_projects/domains/base_domain/config/fmwconfig/default-keystore.jks

INFO: SSLSocketFactoryManagerImpl.getKeystorePassword Obtained null or empty keystore password

INFO: SSLSocketFactoryManagerImpl.getKeyPassword Obtained null or empty key password

INFO: SSLSocketFactoryManagerImpl.getSSLSocketFactory Could not obtain keystore location or password

in the managed server console.

This is because i have not configured my keystore and was trying to use the default key store so i revert my change and it started normally.This is just an approach i have tried it by creating keystore too but was not working for me.Unforunately i didn't note down the steps and screenshots so any one who has completed it succesfully can let me know the exact procedure.

No comments: