http://host:port/em
Goto Weblogic Domain-->Security--->Credentials
By default our SOA Suite application is configured with a cwallet.sso.
You can find it in jps-config.xml file
If you will have a look in this configuration file
$BEA_HOME/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml
<!-- KeyStore Service Instance -->
<serviceInstance name="keystore" provider="keystore.provider" location="./default-keystore.jks">
<description>Default JPS Keystore Service</description>
<property name="keystore.type" value="JKS"/>
<property name="keystore.csf.map" value="oracle.wsm.security"/>
<property name="keystore.pass.csf.key" value="keystore-csf-key"/>
<property name="keystore.sig.csf.key" value="sign-csf-key"/>
<property name="keystore.enc.csf.key" value="enc-csf-key"/>
</serviceInstance>
I am following Oracle® Fusion Middleware
Security and Administrator’s Guide for Web Services
11g Release 1 (11.1.1)
B32511-02
for this configuration.
Now for the configuration you have first create a key store.
you can use the following document for the same.
Once key store is created you need to create a map with the same name oracle.wsm.security
In the credential page create a new map
Now choose the map and create a key for basic credential of weblogic server
Next we need to create one more key for keystore i.e. keystore-csf-key
Provide the user name and password for the keystore
Now as you can see in configuration we have two more key
keystore.sig.csf.key and keystore.enc.csf.key
one for signing and one for encrypting.
In our test scenario we will create only one key for both the process.
Now in all you should see three keys in your map
so you are done with your configuration,now you only need to change your jps-config.xml file in
$BEA_HOME/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml
So the previous entry needs to be changed like this
<!-- KeyStore Service Instance -->
<serviceInstance name="keystore" provider="keystore.provider" location="./default-keystore.jks">
<description>Default JPS Keystore Service</description>
<property name="keystore.type" value="JKS"/>
<property name="keystore.csf.map" value="oracle.wsm.security"/>
<property name="keystore.pass.csf.key" value="keystore-csf-key"/>
<property name="keystore.sig.csf.key" value="arpit-key"/>
<property name="keystore.enc.csf.key" value="arpit-key"/>
</serviceInstance>
Also need to indicate your key store and provide its name ,Once done save the changes and restart the server.
Now when i tried to restart the server i found the error
INFO: SSLSocketFactoryManagerImpl.getKeystoreLocation SOA Keystore location: /refresh/home/Oracle/Middleware/user_projects/domains/base_domain/config/fmwconfig/default-keystore.jks
INFO: SSLSocketFactoryManagerImpl.getKeystorePassword Obtained null or empty keystore password
INFO: SSLSocketFactoryManagerImpl.getKeyPassword Obtained null or empty key password
INFO: SSLSocketFactoryManagerImpl.getSSLSocketFactory Could not obtain keystore location or password
in the managed server console.
This is because i have not configured my keystore and was trying to use the default key store so i revert my change and it started normally.This is just an approach i have tried it by creating keystore too but was not working for me.Unforunately i didn't note down the steps and screenshots so any one who has completed it succesfully can let me know the exact procedure.
No comments:
Post a Comment