1. Using Oracle Java Cloud Service - SaaS Extension
  2. Setting Up Trust Between WebLogic Domains and JCS-SaaS Extension
  3. Guidelines for Using setup-wss-trust

Guidelines for Using setup-wss-trust

Understanding how to use certain key parameters, including -alias and -path, is critical to establishing trust from an on-premises environment to an instance deployed on JCS-SaaS Extension.

Specifying the Alias and Path

If a certificate has already been uploaded to the JCS-SaaS Extension instance in the cloud, it would have been uploaded against an alias. To set up trust, the instance needs to know this alias The mandatory -alias parameter identifies the certificate issued for your local WebLogic Server domain. To be identified by its alias, the certificate needs to be uploaded to the JCS-SaaS Extension instance in the cloud. If this certificate is not already imported to the cloud instance, you’ll also need to specify the argument -path: 

$ javacloud -setup-wss-trust  -identitydomain myiddomain -serviceinstance myinstance -user user.com -password ****  -alias myorg -path myorg.jks -issuer myorgname

By specifying the path, when setting up the trust the certificate will be imported automatically against the alias value. If the certificate is already imported, just specify the existing alias: 

$ javacloud -setup-wss-trust  -identitydomain myiddomain -serviceinstance myinstance -user user.com -password ****  -alias myorg -issuer myorgname

and JCS-SaaS Extension will know where to find the certificate based on that alias.

Specifying the Certificate Filetype

The JCS-SaaS Extension instance needs to know the certificate's filetype. If you specify this value as part of the path (–path), the instance can derive the filetype from there; for instance, in the preceding command example, the value for -path is myorg.jks so the JCS-SaaS Extension instance would use this filetype .jks as the certificate filetype. If you don’t include a filetype with the -path parameter, you need to specify it by using the -certfiletype parameter: 

$ javacloud -setup-wss-trust  -identitydomain myiddomain -serviceinstance myinstance -user user.com -password ****  -alias myorg -path myorg -certfiletype JKS -issuer myorgname

Listing Available Certificates

An instance might already have a number of certificates uploaded. To see if You can list all the trusted certificates using the command -list-wss-certificates: 

$ javacloud -list-wss-certificates  -identitydomain myiddomain -serviceinstance myinstance -user user.com -password ****

For information on -list-wss-certificates, see Managing Web Services Security Truststore.

Setting Up Trust from the Instance to the WebLogic Server Environment

setup-wss-trust only establishes trust in one direction: from your on-premises environment to the JCS-SaaS Extension instance in the cloud. If you want to set up trust in the other direction, you will have to follow the steps required for your specific SaaS application. However you set up this “reverse” trust, you will need to use the -ouput flag with setup-wss-trust to spedify the location where the certificate will be downloaded. For example: 

$javacloud -setup-wss-trust  -identitydomain myiddomain -serviceinstance myinstance -user user.com -password ****  -alias myorg -path myorg.jks -issuer myorgname
 -output c:/mycerthome/trustcert/