On the machine that hosts WebLogic Server, use a tool (for example, keytool) to create a custom keystore to store the signed certificate for EPM System web components.
This keystore will be used for managing incoming SSL requests to WebLogic Server.
Note: | Perform this procedure on each WebLogic Server machine to which EPM System components will be deployed. |
To create a custom keystore and import certificate:
From a console, change directory to MIDDLEWARE_HOME/jdk160_11/jre/bin.
Execute a keytool command such as the following to create the custom keystore (identified by the -keystore directive in the command) in an existing directory:
keytool -genkey -dname "cn=myserver, ou=EPM, o=myCompany, c=US" -alias epm_ssl -keypass password -keystore C:\oracle\Middleware\EPMSystem11R1\ssl\keystore -storepass password -validity 365 -keyalg RSA
Note:
The common name (cn) that you set must match the server name. If you use fully qualified domain name (FQDN) as the cn, you must use the FQDN while deploying web components.
Generate a certificate request.
keytool -certreq -alias epm_ssl -file C:/certs/epmssl_csr -keypass password -storetype jks -keystore C:\oracle\Middleware\EPMSystem11R1\ssl\keystore -storepass password
Obtain a signed certificate for the WebLogic Server machine.
Optional: If you are not using a well-known third-party CA to sign the server certificate, execute a keytool command such as the following to import the root CA certificate into the custom keystore or into an available Java keystore:
keytool -import -alias blister_CA -file c:/certs/CA.crt -keypass password -trustcacerts -keystore C:\Oracle\Middleware\EPMSystem11R1\ssl\keystore -storepass password
Note:
The CA certificate must be available to WebLogic Server. See step 10 in Configuring EPM System Web Components Deployed on WebLogic Server.
Import the signed certificate into the keystore:
keytool -import -alias epm_ssl -file C:/certs/epmssl_crt -keypass password -keystore C:\Oracle\Middleware\EPMSystem11R1\ssl\keystore -storepass password