2 About Choosing the Identity and Trust Stores
Oracle Financial Services Software Limited recommends that the choice of identity and trust stores be made upfront.
Oracle WebLogic server supports the following combinations of identity and trust stores:
-
Custom Identity and Command Line Trust
-
Custom Identity and Custom Trust
-
Custom Identity and Java Standard Trust
-
Demo Identity and Demo Trust
Oracle Financial Services Software does not recommend choosing Demo Identity and Demo Trust for production environments.
It is recommended to separate the identity and trust stores since each WebLogic server tends to have its own identity but might have the same set of trust CA certificates. Trust stores are usually copied across Oracle WebLogic servers to standardize trust rules; it is acceptable to copy trust stores since they contain public keys and certificates of CAs. Unlike trust stores, identity stores contain private keys of the Oracle WebLogic server and hence should be protected against unauthorized access. For more information on choosing trust stores, refer to the table below:
Table 2-1 Trust Stores
| Trust Store | Description |
|---|---|
|
Command Line Trust |
If Command-Line Trust is chosen, it requires the trust store to be specified as a command-line argument in the WebLogic Server startup script. No additional configuration of the trust store is required in the WebLogic Server Administration Console. |
|
Java Standard Trust |
Java Standard Trust would rely on the cacerts files provided by the Java Runtime. This file contains the list of trust CA certificates that ship with the Java Runtime, and it is located in the |
|
Custom Trust |
One can also create custom trust stores containing the list of certificates of trusted CAs. For further details on identity and trust stores, refer to the Oracle WebLogic Server documentation on Securing Oracle WebLogic Server. |