Configuring the Keystore for Oracle Web Services Manager

Set up the Keystore for message protection and configure the Credential Store Provider.

Tip:

If you have not yet deployed Oracle Enterprise Manager, you must deploy it before completing this procedure. EPM System Installer installs Enterprise Manager but does not deploy it. To deploy it, use the WebLogic Configuration Wizard to extend the domain with the Oracle Enterprise Manager template.

The Financial Close Management client and the Financial Management Web service use the following policies:

  To set up the keystore used by Web Services Manager:

  1. Create a Keystore.

    See “How to Create and Use a Java Keystore” in the “Setting up the Keystore for Message Protection” section of the Oracle Fusion Middleware Security and Administrator's Guide for Web Services 11g Release 1 (11.1.1). (http://download.oracle.com/docs/cd/E14571_01/web.1111/b32511/setup_config.htm#BABJHIBI).

    Use the keytool to create a Java keystore. For example, go to /Oracle/Middleware/user_projects/$DOMAIN_HOME/config/fmwconfig in the server running the WebLogic Administration Server hosting your EPM System domain and execute the following command to add a key pair to the keystore:

    keytool -genkeypair -keyalg RSA -alias orakey -keypass welcome1 -keystore default-keystore.jks -storepass welcome1 -validity 3600

    This command creates a keystore with the name default-keystore.jks if it does not already exist and adds a new private key entry with alias 'orakey' and password welcome1 to it. You can change the alias, password, and domain name as needed in the command.

    Note:

    If the keytool command is not recognized, the Path environmental variable might not include JDK. Add the JDK to the Path variable using the following command: set PATH=%PATH%;C:\Oracle\Middleware\JDK160_21\bin\;.;.

  2. Assign the Keystore to the EPM System WebLogic domain.

    See “Setting up the Keystore for Message Protection” in the Oracle® Fusion Middleware Security and Administrator's Guide for Web Services 11g Release 1 (11.1.1) http://download.oracle.com/docs/cd/E14571_01/web.1111/b32511/setup_config.htm#BABJHIBI.

    1. Using the Enterprise Manager – Fusion Middleware control, in the Navigator pane, expand WebLogic Domain to show the domain for which you need to configure the keystore, and then select the domain.

    2. Using Fusion Middleware Control, click WebLogic Domain, right-click to go to Security, and then Security Provider Configuration. Click the plus sign (+) to expand the Keystore control near the bottom of the page, and then click Configure.

      The Web Services Manager Keystore Configuration page is displayed.

    3. If it is not already selected, click the Configure Keystore Management box.

    4. Enter the path and name for the keystore that you created. By default, the keystore name is default-keystore.jks, but you can change this. However you cannot change the keystore type. It must be JKS.

    5. Enter a password for the keystore and confirm it.

    6. Enter an alias and password for the signature and encryption keys. Confirm the passwords.

      The alias and password for the signature and encryption keys define the string alias and password used to store and retrieve the keys.

    7. Click OK to submit the changes.

      Note that changing any of the fields on this page requires a restart of Oracle Enterprise Manager Fusion Middleware Control to take effect.

    Note:

    Copy the keystore (default-keystore.jks) and the cwallet.sso files to $DOMAIN_HOME/config/fmwconfig on every machine that hosts either the admin server or the managed server of the WebLogic domain. For a single node installation, there is only one machine that hosts the admin and managed servers. For a distributed node installation, the managed servers can be spread over many machines.