This article will describe the method to import certificate in SOA 11g and 12c. In 11g its stored in java key tool, while in 12c it is in OPSS (i.e database).Below are applicable for both 11g and 12c.
Steps for 11g:
In the weblogic console in SOA/OSB managed server check for keystore tab.You will see that demo identity and demo trust will be enabled.Now login to linux server where SOA managed server is running.
ps -ef|grep -i SSL
You will find a process like
“-Djavax.net.ssl.trustStore=/app/fmw/111/wlserver_10.3/server/lib/DemoTrust.jks”
Take a backup of this DemoTrust.jks file.
keytool -import -trustcacerts -alias <Alias
Name> -file <Certificate File > -keystore <Trust Store Location>
-storepass <passwd>
The services will need restart after this.
Steps for 12c:
As seen 12c , the OPSS based keystore is used.Below are the steps.
- Remove Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks from setDomainEnv.sh
The follow below steps.
1. Log in to Fusion Middleware Control (EM).
2. From the navigation pane, locate the domain i.e "SOA Domain"
3. Navigate to Security, then Keystore. The Keystore page appears.
4. Expand the stripe in which the keystore resides and Select the row corresponding to the keystore. For this case system -> trust
We will use Trustore to place the certificate to call the external SSL partner link.
5. Click Manage.
6. If the keystore is password-protected, you are prompted for a password. Enter the keystore password and click OK.
7. The Manage Certificates page appears. Click Import.
8. The Import Certificate dialog appears.
9. Select the certificate type, either Certificate or Trusted Certificate, from the drop-down. For this case use "Trusted Certificate"
10. Provide an alias i.e "testTrust"
11. Specify the certificate source. If using the Paste option, copy and paste the certificate directly into the text box. If using the Select a file option, click Browse to select the file from the operating system.
12. Click OK. The imported certificate or trusted certificate appears in the list of certificates.
13. Click OK.
14. Bounce the managed server.