Configuring Edge Application Security Certificates in WebLogic

To import and configure the security certificates (such as CCB, WAMV2, MWM certificates):

1. Export the edge application certificate and save it on the integration server to add it to the key store.

Example: /Oracle/Middleware/Oracle_Home/user_projects/domains/ SERVICES_LOCATION/ccbcert.cer

2. Create a new keystore (example: UtilitiesIntegration.jks) for importing the edge application certificates.

Example:

keytool -genkey -keystore /Oracle/Middleware/Oracle_Home/wlserver/server/lib/ UtilitiesIntegration.jks -storepass xxxxxxx

3. Import the edge application certificates into the new trust store.

Example:

keytool -import -file /Oracle/Middleware/Oracle_Home/user_projects/domains/ SERVICES_LOCATION/ccbcert.cer -alias RootCA -keystore /Oracle/Middleware/Oracle_Home/wlserver /server/lib/ UtilitiesIntegration.jks -storepass welcome1

4. Verify if the certificate is added to the store using the following command by listing the certificates.

Example:

keytool -list -v -keystore /Oracle/Middleware/Oracle_Home/wlserver/server/lib/UtilitiesIntegration.jks

Enter the password when prompted.

5. Edit the file setDomainEnv.sh for Linux or setDomainEnv.cmd for Windows and replace the existing javax.net.ssl.trustStore property.

This is located in ${WL_HOME}/ user_projects/domains/<domain_name>/bin.

6. Search for -Djavax.net.ssl.trustStore in the file and replace it with Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/UtilitiesIntegration.jks - Djavax.net.ssl.trustStorePassword=xxxxxxx.

7. In the WebLogic console, navigate to Home > Servers > soa_server1 > Keystores and configure the details.

8. Click Lock & Edit to change the keystore details.

9. Click Change and then select Custom Identity and Java Standard Trust from the drop-down list.

10. Enter the following values in the respective fields:

Custom Identity Keystore: /Oracle/Middleware/Oracle_Home/wlserver/server/lib/UtilitiesIntegration.jks

Custom Identity Keystore Type: jks

Custom Identity Keystore Passphrase: welcome1

Confirm Custom Identity Keystore Passphrase: welcome1

11. Click Activate Changes and bounce the managed server to bring the changes into effect.

Note: In a clustered environment, managed servers need to have their own keystore configured.