Configure Internal WebLogic Server LDAP Trust Store

You must now provide a trust keystore.

Note:

This section only applies when using WebLogic Server LDAP and when virtualize=true is set, as you're explicitly pointing the Administration Server for the embedded WLS LDAP.

  1. In a terminal window set the ORACLE_HOME and WL_HOME environment variables.

    For example, on Linux:

    setenv ORACLE_HOME <OracleHome>

    setenv WL_HOME <OracleHome>/wlserver/

  2. Ensure that both your path and JAVA_HOME point to the JDK installation.

    setenv JAVA_HOME <path_to_your_jdk>

    setenv PATH $JAVA_HOME/bin

  3. Check the Java version by running:

    java -version

  4. Run (without the line breaks):

    <OracleHome>/oracle_common/bin/libovdconfig.sh

    -host <Host>

    -port <AdminServerNonSSLPort>

    -userName <AdminUserName>

    -domainPath <DomainHome>

    -createKeystore

    When prompted enter the existing password for<AdminUserName>.

    When prompted for the OVD Keystore password, choose a new password.

    For example:

    oracle_common/bin/libovdconfig.sh -host myhost -port 9500 -userName weblogic -domainPath /OracleHome/user_projects/domains/bi -createKeystore

Enter AdminServer password:
Enter OVD Keystore password:
OVD config files already exist for context: default
CSF credential creation successful
Permission grant already available for context: default
OVD MBeans already configured for context: default
Successfully created OVD keystore.

    The -port <AdminServerNonSSL> command doesn't work against the Admin server non-SSL port when it's been disabled. If you enable SSL and then configure LDAPs you would need to temporarily re-enable the non-SSL port on the Administration Server.

  5. Check the resultant keystore exists, and see its initial contents, by running:

    keytool -list -keystore <DomainHome>/config/fmwconfig/ovd/default/keystores/adapters.jks

  6. We now need to export the demo certificate in a suitable format to import into the above keystore.

    In Fusion Middleware Control:

    If using the demo WebLogic certificate you can get the required root CA from the system keystore using Fusion Middleware Control.

    1. Select WebLogicDomain, Security, Keystore.

    2. Expand System.

    3. Select Trust.

    4. Click Manage.

    5. Select democa, not olddemoca.

    6. Click Export.

    7. Select export certificate.

    8. Choose a file name.

      For example, demotrust.pem

      If not using the demo WebLogic certificate then you must obtain the root CA of the CA which singed your secure server certificate.

  7. Now import into the just created keystore:

    keytool -importcert -keystore <DomainHome>/config/fmwconfig/ovd/default/keystores/adapters.jks -alias localldap -file <DemoTrustFile>

  8. When prompted enter the keystore password you chose earlier, and confirm that the certificate is to be trusted.

  9. If you repeat the keystore -list command you should see a new entry under localldap, for example: 

    localldap, Jul 8, 2015, trustedCertEntry,

    Certificate fingerprint (SHA1):

    CA:61:71:5B:64:6B:02:63:C6:FB:83:B1:71:F0:99:D3:54:6A:F7:C8