Add the Oracle Identity Cloud Service Certificate to the Trust Keystore

If your Oracle Java Cloud Service instance is configured to use Oracle Identity Cloud Service for authentication, you must add the Oracle Identity Cloud Service certificate to your custom trust keystore.

1. Access the Oracle Java Cloud Service console.
2. Click Manage this service for your service instance, and then select Open Fusion Middleware Control Console.
3. Click WebLogic Domain, select Security, and then select Keystore.
4. Expand the system folder.
5. Click trust, and then click Manage.
6. Click idcs_root_ca, and then click Export.
7. Click Export Certificate, and then click Close.
8. SSH to the Administration Server node and switch to the oracle user.

   sudo su - oracle

9. Navigate to the /u01/data/keystores folder.
10. Create a new file named idcs_root_ca.cer. Paste the contents of the exported idcs_root_ca certificate into this file.
11. Use keytool to import idcs_root_ca.cer into your custom trust keystore.

    keytool -import -alias idcs_root_ca -file idcs_root_ca.cer -keystore trust_keystore_file

    For example:

    keytool -import -alias idcs_root_ca -file idcs_root_ca.cer -keystore trust.jks

12. When prompted, enter the password for the keystore.
13. When prompted to trust this certificate, enter yes.
14. Copy the updated trust keystore file to all the other nodes in your service instance.

    For example:

    ssh myinstance-wls-2
    scp myinstance-wls-1:/u01/data/keystores/trust.jks /u01/data/keystores