Skip navigation.

Administration Console Online Help

PreviousNextvertical dots separating previous/next from contents/index/pdfContents

Create keystore used by SOAP message digital signatures

Before you begin

You must first create the Web Service security configuration that is associated with a Web Service before you can configure specific features.

See Create a Web Service security configuration for details about creating a security configuration.


The core security realm of WebLogic Server includes a default keystore configured with a key and certificate pair, which message-level secured Web Services can use to encrypt and digitally sign SOAP message. However, it is a good practice to use different key and certificate pairs for different tasks. For this reason, you can create a keystore which the WebLogic Web Services runtime can use to digitally sign SOAP messages when needed, as described by the following procedure.

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane of the Administration Console, select your domain. This is the top-level node of the navigation tree.
  3. In the right pane, select Web Service Security.
  4. In the table, click the name of the Web Service security configuration for which you want to create a keystore used by SOAP message digital signatures.

    Web Services programmers associate a Web Service security configuration using the @WssConfiguration JWS annotation; the value attribute specifies the associated configuration name. If the programmer does not specify the value attribute, the Web Service is associated with the default security configuration: default_wss.

  5. Click Web Service Security > Credential Provider.
  6. Click New.
  7. Enter the following values in the required fields:
    • Name: A name for your credential provider. This can be anything you want.
    • Class Name: Enter the following exact value: weblogic.wsee.security.bst.ServerBSTCredentialProvider.
    • Token Type: Enter the following exact value: x509.
  8. Click Finish.
  9. In the Credential Providers table, click the name of the credential provider you just created.
  10. At the bottom of the page in the Credential Provider Properties table, click New.
  11. Enter the following values in the fields:
    • Name: Enter the following exact value: IntegrityKeyStore.
    • Value: Enter the following exact value: oasis.jks.

    Ensure the Is Encrypted check box is not checked.

  12. Click OK.
  13. In the Credential Provider Properties table, click New again.
  14. Enter the following values in the fields:
    • Name: Enter the following exact value: IntegrityKeyStorePassword.
    • Value: Enter the following exact value: true.

    Check the Is Encrypted check box.

  15. Click OK.
  16. In the Credential Provider Properties table, click New again.
  17. Enter the following values in the fields:
    • Name: Enter the following exact value: IntegrityKeyAlias.
    • Value: Enter the following exact value: Bob.

    Ensure the Is Encrypted check box is not checked.

  18. Click OK.
  19. In the Credential Provider Properties table, click New again.
  20. Enter the following values in the fields:
    • Name: Enter the following exact value: IntegrityKeyPassword.
    • Value: Enter the following exact value: true.

    Check the Is Encrypted check box.

  21. Click OK.
  22. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
    Not all changes take effect immediately—some require a restart (see Use the Change Center).

After you finish

You must redeploy any Web Service which is associated with this security configuration for the security changes to take effect.

 

Skip navigation bar   Back to Top