A WebLogic Server is installed when you install EPM System components. If you use a different WebLogic Server installation to host EPM System components, perform the following procedure on that installation to import the root CA certificate into the Sun JVM and JRockit JVM keystores of the WebLogic Server.
Default Sun JVM keystore: MIDDLEWARE_HOME/jdk160_11/jre/lib/security/cacerts
Default JRockit JVM keystore: MIDDLEWARE_HOME/jrockit_160_05/jre/lib/security/cacerts
Note: | If you are using a CA whose root certificate is available in the keystore, you do not need to perform this procedure. |
Note: | Perform this procedure on each WebLogic Server machine to which EPM System components will be deployed. This certificate is used to manage outgoing SSL requests from WebLogic Server. |
To install root CA certificate for WebLogic Server using keytool:
If you are not using a well-known third-party CA, copy the root CA certificate into a local directory on the machine where WebLogic Server is installed.
From a console, change directory to MIDDLEWARE_HOME/jdk160_11/jre/bin.
Execute a keytool command such as the following to install the signed certificate into the Sun JVM keystore:
keytool -import -alias ALIAS -file CA_CERT_FILE -keystore KEYSTORE -storepass KEYSTORE_PASSWORD -trustcacerts
For example, you can use the following command to add a certificate CAcert.crt stored in the current directory into the Sun JVM keystore with Blister as the certificate alias in the keystore. Default storepass (changeit) is assumed.
keytool -import -alias Blister -file CAcert.crt -keystore ../lib/security/cacerts -storepass changeit -trustcacerts
Note:
The preceding command and example use some of the syntax for importing certificates using keytool. See keytool documentation for a complete list of import syntax.
Execute a command such as the following to install the root CA certificate into the JRockit JVM keystore:
keytool -import -alias ALIAS -file CERT_FILE -keystore KEYSTORE -storepass KEYSTORE_PASSWORD -trustcacerts
For example, you can use the following command to add a certificate CAcert.crt stored in the current directory into the JRockit JVM keystore with Blister as the certificate alias. Default storepass (changeit) is assumed.
keytool -import -alias Blister -file CAcert.crt -keystore MIDDLEWARE_HOME/jrockit_160_05/jre/lib/security/cacerts -storepass changeit -trustcacerts
Note:
Ensure that you replace MIDDLEWARE_HOME with the directory path.