2 Getting Started Administering Oracle WebCenter Content

This chapter provides information on Oracle WebCenter Content system administration responsibilities, interfaces, applets, utilities, and other tools.

This document is written with the assumption that WebCenter Content software is already installed and ready for use. For information on installing WebCenter Content software with a Content Server instance and setting initial installation configuration options, see Installing the Oracle WebCenter Content Software in Installing and Configuring Oracle WebCenter Content.

This chapter includes the following topics:

2.1 Understanding System Administrator Roles and Responsibilities

The Oracle WebCenter Content system administrator must be assigned two administrator roles to be able to perform administrative tasks: the first role in the Oracle WebLogic Server domain through whatever authentication/authorization software is used for a site, and the second role in Oracle WebCenter Content through the Oracle WebLogic Server. Both roles are required for a user to have full administrative privileges for Enterprise Management Fusion Middleware Control, the Oracle WebLogic Server domain where WebCenter Content is deployed, and the WebCenter Content system and Content Server instance.

An administrator is typically specified during WebCenter Content software installation. More than one system administrator can be assigned for WebCenter Content, such as an administrator with limited permissions to manage certain applications, or an administrator for each WebCenter Content instance. See Configuring the Administrator Account in Installing and Configuring Oracle WebCenter Content.

WebCenter Content administrators can use the Oracle Enterprise Manager Fusion Middleware Control interface, the Oracle WebLogic Server Administration Console, and Content Server applications and utilities to perform administrative tasks including:

Starting and stopping Content Server instances
Configuring WebCenter Content system settings
Configuring WebCenter Content security configuration, both internal and integrated with Fusion Middleware components
Creating and assigning WebCenter Content user accounts, roles, permissions, user groups, and group accounts (this may be shared with the administrator of whichever authentication/authorization and database software is used for a site)
Configuring and implementing WebCenter Content search tools
Managing WebCenter Content system and custom components
Managing WebCenter Content system migration and archiving
Monitoring and troubleshooting WebCenter Content instances

Additional administration tasks include configuring and managing Content Server features such as the repository, workflow, content conversion, imaging, and records. See Introduction to Oracle WebCenter Content Features in Managing Oracle WebCenter Content.

2.2 Understanding System Administrator Interfaces

Oracle WebCenter Content system administrators have several browser interfaces in which to perform certain tasks.

2.2.1 About the WebCenter Content Server Administration Interface

The Administration tray is the default layout for the WebCenter Content Server browser interface to provide access to Content Server administration log files and to pages for configuring and managing Content Server applications and tools.

To access the Administration tray, log in as a Content Server administrator, then choose Administration to view available administration options. If your Content Server instance is configured to use Menus, choose Administration to view the same options in a menu layout. Figure 2-1 shows a sample Oracle WebCenter Content tray layout with the Administration selection expanded to show options.

Figure 2-1 Sample Oracle WebCenter Content Administration Tray

Description of "Figure 2-1 Sample Oracle WebCenter Content Administration Tray"

Note:

WebCenter Content administrators use the native interface to perform administrative tasks using management pages and applications. The Oracle WebCenter Content application is configured by default to use the native interface for both administrators and users. If WebCenter Content is configured to use the WebCenter Content user interface (new as of 11.1.1.8), administrators must still use the native interface. For more information, see Installing and Configuring Oracle WebCenter Content, and Getting Started with the WebCenter Content User Interface in Using Oracle WebCenter Content.

The Admin Applets page provides access to Content Server administration applets and configuration tools. To access this page, log in as a WebCenter Content administrator and choose Administration, then Admin Applets.

Administration applets accessed using a web browser are displayed and can be used only in the native interface.

Figure 2-2 Admin Applets Page

Description of "Figure 2-2 Admin Applets Page"

Note:

The Apple Safari browser is incompatible with Content Server administration applets and tools accessed using the Admin Applets page.

Note:

You may experience problems if you start any Java applets (such as a Content Server administration applet or the multiple-file upload applet) from a browser that is using the Sun JDK 1.3/1.4 Java plug-in. These issues are related to authentication when launching an applet for the first time and applets closing when the parent window is changed.

2.2.2 About Oracle Enterprise Manager Fusion Middleware Control

Fusion Middleware Control is a Web-based interface that you use to monitor and administer a farm, domains, and WebCenter Content instances.

A farm is a collection of components managed by Fusion Middleware Control. It can contain an Oracle WebLogic Server domain, one Administration Server, one or more Managed Servers, clusters, one or more Oracle instances, and the Oracle Fusion Middleware components that are installed, configured, and running in the domain or Oracle instances, including Oracle WebCenter Content.

Fusion Middleware Control organizes a wide variety of performance data and administrative functions into distinct, Web-based home pages for the farm, domain, servers, components, and applications. These home pages make it easy to locate the most important monitoring data and the most commonly used administrative functions for a component from your web browser.

Fusion Middleware Control can be used to:

Start and stop Oracle WebLogic Server
Start and stop components
Start and stop applications
Access log files and manage log configuration
Modify Oracle BPEL Process Manager MBean properties
Debug applications such as Oracle BPEL Process Manager applications
Deploy ADF applications
Deploy Java EE applications
Configure and manage auditing
Configure SSL
Manage Oracle HTTP Server
Manage Oracle Web Cache

For more information about accessing Fusion Middleware Control to administer WebCenter Content, see Accessing WebCenter Content Using Fusion Middleware Control. For more information about accessing and using Fusion Middleware Control, see Getting Started with Oracle Enterprise Manager Fusion Middleware Control in Administering Oracle Fusion Middleware.

For detailed information while using the Fusion Middleware Control Console, you can click Help at the top of the page. In most cases, the Help window displays a help topic about the current page. Click Contents in the Help window to browse the list of help topics, or click Search to search for a particular word or phrase.

2.2.3 About the Oracle WebLogic Server Administration Console

Oracle WebLogic Server Administration Console is a Web-based interface that you use to manage a WebLogic Server domain. It is accessible from any supported Web browser with network access to the Administration Server. A WebLogic Server domain includes one or more WebLogic Servers. You manage your applications as part of a domain.

One instance of WebLogic Server in each domain is configured as an Administration Server. The Administration Server provides a central point for managing a WebLogic Server domain. All other WebLogic Server instances in a domain are called Managed Servers. In a domain with only a single WebLogic Server instance, that server functions both as Administration Server and Managed Server. The Administration Server hosts the Administration Console, which is a Web application accessible from any supported Web browser with network access to the Administration Server. Managed Servers host applications.

The Administration Console can be used to:

Configure, start, and stop WebLogic Server domains
Configure WebLogic Server clusters
Configure WebLogic Server services, such as database connectivity (JDBC) and messaging (JMS)
Configure security parameters, including creating and managing users, groups, and roles
Configure and deploy applications
Monitor server and application performance
View server and domain log files
View application deployment descriptors

Note:

When configuring a production environment, the Administration Console's Change Center requires that before making configuration changes the administrator must lock configuration settings for a domain by clicking Lock & Edit.

For detailed information on using the Oracle WebLogic Server Administration Console, click Help from any Administration Console page, or see Getting Started Using Oracle WebLogic Server Administration Console in Administering Oracle Fusion Middleware.

2.3 Understanding WebCenter Content System Administration Tools

Oracle provides software tools for managing a WebCenter Content system with a Content Server instance. The WebCenter Content administrator should use these tools instead of directly editing configuration files to perform Content Server administrative tasks unless a specific procedure requires that a file be edited. Editing a file may cause the settings to be inconsistent and generate problems.

The WebCenter Content system includes specific administration utilities and applications for managing processes, providers, archives, user, and so forth.

See the browser considerations section in your installation and deployment guide for information about Java browser plug-ins and applet display issues.

2.3.1 About Content Server Tools

Content Server provides the following administration software tools to configure and maintain system operation:

2.3.1.1 Management Pages

Management pages can be accessed by using a web browser and choosing Administration, then choosing the management option in the Content Server interface. Some of the typical management pages are listed here.

Note:

WebCenter Content administrators use the native interface to perform administrative tasks using management pages and applications. The Oracle WebCenter Content application is configured by default to use the native interface for both administrators and users. If WebCenter Content is configured to use the WebCenter Content user interface (new as of 11.1.1.8), administrators must still use the native interface. For more information on the WebCenter Content user interface, see Installing and Configuring Oracle WebCenter Content, and Getting Started with the WebCenter Content User Interface in Using Oracle WebCenter Content.

Admin Server: Configure certain Content Server settings. A Content Server instance has its own Admin Server instance, which manages the Content Server instance on the WebCenter Content domain. Functions provided by the Admin Server for a Content Server instance also can be performed using Fusion Middleware Control.
- Component Manager: View, enable or disable, install or uninstall, and download components which provide additional functionality to Content Server.
- General Configuration: Specify a variety of settings used to configure WebCenter Content Server, including enabling accounts and adding configuration variables specific to your unique Content Server deployment.
- Content Security: Set or modify select Content Server content security options.
- Internet Configuration: View or modify Content Server Internet options.
Localization: View and modify enabled and disabled locales for your Content Server instance.
Providers: Add providers, configure provider information, and test providers.

2.3.1.2 Applications

The following Content Server applications can be started as standalone applications from the Admin Applets page, as applets through a web browser, or by choosing the Apps menu in each of the tool interfaces.

Note:

A WebCenter Content administrators use the native interface to perform administrative tasks using management pages and applications. The Oracle WebCenter Content application is configured by default to use the native interface for both administrators and users. If WebCenter Content is configured to use the WebCenter Content user interface (new as of 11.1.1.8), administrators must still use the native interface. For more information on the WebCenter Content user interface, see Installing and Configuring Oracle WebCenter Content, and Getting Started with the WebCenter Content User Interface in Using Oracle WebCenter Content.

For more information on Configuration Manager, Repository Manager, Weblayout Editor, and Workflow Admin applications, see Understanding Management Tools in Managing Oracle WebCenter Content.

Archiver: Export, import, transfer, and replicate content server files and information. For details, see the chapter on managing system archiving and migration.
Configuration Manager: Manage content types, file formats, and custom metadata fields.
Repository Manager: Perform file diagnostics, file management functions, search data re-indexing, and subscription management functions.
User Admin: Manage the local user base, set up security (by assigning roles and permissions to users), define aliases, and manage security groups.
Weblayout Editor: Build a website, work with reports, write queries.
Workflow Admin: Set up workflows to route content to specific people for action.

2.3.1.3 Utilities

The following utilities can be started only as standalone applications from the computer where the Content Server instance is installed. For instructions on how to run standalone applications, see Running Administration Applications in Standalone Mode.

Batch Loader: Update or check in a large number of content items simultaneously.
Component Tool: Install and enable or disable Content Server components using the command line.
Component Wizard: Create and install custom components to modify Content Server behavior.
Content Analyzer: Confirm the integrity of Content Server repository components, including the file system, database, and search index.
System Properties: Configure the system options and functionality of a Content Server instance.

2.3.1.4 IdcShell Command-Line Tool

The IdcShell tool enables administrators to run Idoc Script from a command line. Idoc Script is a proprietary server-side scripting language for WebCenter Content. For more information, see Using the IdcShell Command-Line Tool to Run Idoc Script and Introduction to the Idoc Script Custom Scripting Language in Developing with Oracle WebCenter Content.

2.3.2 About Oracle WebLogic Scripting Tool (WLST)

The Oracle WebLogic Scripting Tool (WLST) can be used to manage Fusion Middleware components, such as Oracle WebCenter Content with a Content Server instance, from the command line.

The WebLogic Scripting Tool is a command-line scripting environment for creating, managing, and monitoring Oracle WebLogic Server domains. It is based on the Java scripting interpreter, Jython. In addition to supporting standard Jython features such as local variables, conditional variables, and flow control statements, the WebLogic Scripting Tool provides a set of scripting functions (commands) that are specific to Oracle WebLogic Server instances. Administrators can extend the WebLogic scripting language to suit site-specific needs by following the Jython language syntax.

Oracle WebCenter Content is supported by custom WLST commands for managing Content Server application connections (to the repository, portlet producers, external applications, and other back-end services) and for configuring the WebCenter Content user interface (based on the Oracle Development Application Framework). All the WLST commands specific to Oracle WebCenter Content Server are described in Oracle WebCenter Content Custom WLST Commands in WLST Command Reference for WebLogic Server.

2.4 Accessing Oracle WebCenter Content

Oracle WebCenter Content administrators can use several interfaces for managing WebCenter Content instances and related software for databases and security. The two primary interfaces for administering day-to-day tasks for WebCenter Content instances are Fusion Middleware Control and the Oracle WebCenter Content user interface with administration functionality. These interfaces are described with instructions how to use them in:

2.4.1 Accessing WebCenter Content Using Fusion Middleware Control

The Oracle Enterprise Manager Fusion Middleware Control interface can be used to access WebCenter Content and Content Server related screens for performing basic administration tasks. This section explains the following tasks.

Note:

You can also use Oracle Fusion Middleware with IBM WebSphere. For information about using administration tools for IBM WebSphere, see Summary of the Oracle Fusion Middleware Management Tools on IBM WebSphere in Oracle Fusion Middleware Third-Party Application Server Guide.

2.4.1.1 Logging In to Fusion Middleware Control

Oracle Fusion Middleware administrators can use Fusion Middleware Control to access and manage a Content Server instance. Fusion Middleware Control is configured for a domain and it is automatically started when you start the Oracle WebLogic Server Administration Server.

Enter the Fusion Middleware Control URL in your web browser. The URL must include the name of the host and the port number assigned during the installation.
```
http://adminServerHost:adminServerPort/em
```
For adminServerHost, specify the name of the computer that hosts the WebLogic Server Administration Server for your domain. For adminServerPort, specify the listen port number for the Administration Server. The default number is 7001. For example:
```
http://myHost.example.com:7001/em
```
You can find the exact URL, including the administration port number, in the config.xml file:
- Windows: DOMAIN_HOME\config\config.xml
- UNIX: ORACLE_INSTANCE/config/config.xml
Enter a valid Fusion Middleware administrator user name and password, and click Login.

A default user name for the administrator user is provided with the software. This is the account you can use to log in to Fusion Middleware Control for the first time. The password is the one supplied during the installation of Fusion Middleware.

The first page Fusion Middleware Control displays is the Farm domain home page. You can also view this page at any time by selecting the name of the farm in the navigation pane.

From the navigation pane, you can expand the tree and select a target to view and manage components in your farm.

2.4.1.2 Navigating to the Content Server Home Page

The Content Server home page in the Fusion Middleware Control interface is your starting place for managing a Content Server instance.

From the Content Server home page you can:

Check the current status of an instance
View overall response time for services
View resource information on concepts and tasks

The Content Server home page displays the Content Server menu. From the Content Server menu you can:

Start and shut down an instance
Configure instance parameters and email settings
Monitor instance performance metrics
Analyze diagnostic information and log files
Modify attributes using the system MBean browser
View general information about the system configuration

Figure 2-3 Content Server Menu in Fusion Middleware Control

Description of "Figure 2-3 Content Server Menu in Fusion Middleware Control"

To navigate to the Content Server home page:

Log in to Fusion Middleware Control. See Logging In to Fusion Middleware Control.
In the navigation pane, expand the tree to select the appropriate target domain name (for example, Farm_base_domain).
Expand WebCenter, then Content, then Content Server.
Select the Content Server instance to navigate to the home page.

Figure 2-4 shows an example of navigation on a WebLogic Server to the instance: Oracle WebCenter Content - Content Server (UCM_server1).

Figure 2-5 shows an example of navigation on an IBM WebSphere Application Server to the instance: Oracle WebCenter Content - Content Server.

Figure 2-4 Navigation on WebLogic Server to Content Server

Description of "Figure 2-4 Navigation on WebLogic Server to Content Server"

Figure 2-5 Navigation on WebSphere to Content Server

Description of "Figure 2-5 Navigation on WebSphere to Content Server "

2.4.2 Accessing WebCenter Content Instances Using a Web Browser

To access a running WebCenter Content instance as an administrator, start a web browser and enter the URL for the specific WebCenter Content configuration.

2.4.2.1 Accessing a Content Server Instance

To access a Content Server instance:

Enter the URL:

http://managedServerHost:managedServerPort/cs

Log in with the administrator user name and password for the WebLogic Server.
- For managedServerHost, specify the name of the computer that hosts the WebLogic Server Managed Server for the WebCenter Content domain where the Content Server instance is installed.
- For managedServerPort, specify the listen port number for the WebLogic Server Managed Server for the WebCenter Content domain where the Content Server instance is installed.
The default port number for a Content Server instance is 16200. For example:
```
http://myHost.example.com:16200/cs
```

Note:

If you need to access a Content Server instance as a non-administrator user, and the instance is configured to use the WebCenter Content user interface instead of the native interface, be aware that the WebCenter Content user interface resides in a separate domain from Content Server and runs on a different port, 16225 by default.

2.4.2.2 Accessing a WebCenter Content: Inbound Refinery Instance

To access a WebCenter Content: Inbound Refinery instance:

Enter the URL:

http://managedServerHost:managedServerPort/ibr

Log in with the administrator user name and password for WebLogic Server.
- For managedServerHost, specify the name of the computer that hosts the WebLogic Server Managed Server for the WebCenter Content domain where the Inbound Refinery instance is installed.
- For managedServerPort, specify the listen port number for the WebLogic Server Managed Server for the WebCenter Content domain where the Inbound Refinery instance is installed.
The default port number for Inbound Refinery is 16250. For example:
```
http://myHost.example.com:16250/ibr
```

2.4.2.3 Accessing a WebCenter Content: Imaging Instance

To access a WebCenter Content: Imaging instance:

Enter the URL:

http://managedServerHost:managedServerPort/imaging

Log in with the administrator user name and password for WebLogic Server.
- For managedServerHost, specify the name of the computer that hosts the WebLogic Server Managed Server for the WebCenter Content domain where the Imaging instance is installed.
- For managedServerPort, specify the listen port number for the WebLogic Server Managed Server for the WebCenter Content domain where the Imaging instance is installed.
The default port number for Imaging is 16000. For example:
```
http://myHost.example.com:16000/imaging
```

2.4.2.4 Accessing a WebCenter: Records Instance

To access a WebCenter Content: Records instance:

Enter the URL:

http://managedServerHost:managedServerPort/urm

Log in with the administrator user name and password for WebLogic Server.
- For managedServerHost, specify the name of the computer that hosts the WebLogic Server Managed Server for the WebCenter Content domain where the Records instance is installed.
- For managedServerPort, specify the listen port number for the WebLogic Server Managed Server for the WebCenter Content domain where the Records instance is installed.
The default port number for Records is 16300.
```
http://myHost.example.com:16300/urm
```

2.5 Configuring WebCenter Content User Interface

You can configure Content Server with the WebCenter Content user interface in addition to the native user interface, which Content Server uses by default.

Before you start using the WebCenter Content user interface, set up the Remote Intradoc Client (RIDC), optionally set up additional configuration variables and the search engine for Content Server, set up full-text search, set up document conversions through Digital Asset Management (DAM) and Inbound Refinery, and also enable additional features to enhance the WebCenter Content user interface experience.

This section contains the following topics:

2.5.1 Setting up the Remote Intradoc Client (RIDC)

The WebCenter Content user interface uses the IDC socket protocol to communicate with Content Server. To enable this communication, you must set the IntradocServerPort and SocketHostAddressSecurityFilter values in the WCC_domain/ucm/cs/config/config.cfg configuration file for Content Server, in the Oracle WebCenter Content domain.

The following syntax shows how to set these values:

IntradocServerPort=port_number
SocketHostAddressSecurityFilter=IP addresses of permitted UI hosts separated by a bar symbol (|)
 
For example:
IntradocServerPort=4444
SocketHostAddressSecurityFilter=123.456.789.0
 
If you want to open this up to all hosts in the network, use this setting:
SocketHostAddressSecurityFilter=*.*.*.*

For more information about the config.cfg file, see The config Directory in Developing with Oracle WebCenter Content.

2.5.2 Setting Additional Content Server Parameters

For the WebCenter Content user interface, you can also set Content Server parameters for folders and searching.

To set additional Content Server parameters:

From the Content Server Administration menu or tray, choose Admin Server and then General Configuration.
Select the Enable Accounts checkbox.
In the Additional Configuration Variables area, add the following parameters, if not set already, to go in the config.cfg file:
- FoldersIndexParentFolderValues=true
  
  This parameter enables you to search for content within folders, including subfolders.
- FldEnforceFolderFileNameUniqueness=true
  
  This parameter prevents folders from having a child folder with the same name as a child document.
- FldEnforceCaseInsensitiveNameUniqueness=true
  
  This parameter makes name-uniqueness checks for folder and file names case-insensitive. It also makes path resolution case-insensitive.
- SearchIndexerEngineName=OracleTextSearch or SearchIndexerEngineName=DATABASE.METADATA
  
  This parameter enables OracleTextSearch full-text searching or database metadata searching, instead of the default database full-text searching.
Restart the WebCenter Content Managed Server.

2.5.3 Configuring Application Parameters

When using the WebCenter Content user interface instead of the native interface, set the following properties using either MBean or WebLogic Scripting Tool.

temporaryDirectory

Set this application configuration property to a safe location that does not automatically get cleaned up by the operating system or other scheduled jobs.

For example, on the Linux operating system, the default temporaryDirectory is /tmp. Many Linux distributions include cron jobs that automatically clean up the /tmp directory. If this happens, the application cannot recover from this unexpected error and it needs to be restarted.
maximumWindowsPerSession

This configuration parameter limits the number of active Doc Properties windows. The default is 7.

If the WebCenter Content instance has a higher than desired memory consumption, set the parameter to 4 to reduce the required heap size.

For more information, see updateWccAdfConfig in WebCenter Content Command Reference.

2.5.4 Enabling Full-Text Searching

For full-text searching, you need to rebuild the Content Server index using OracleTextSearch (SearchIndexerEngineName=ORACLETEXTSEARCH parameter).

To enable full-text searching in the WebCenter Content user interface:

Access Content Server with the native user interface:
```
http://WCCHOST1:16200/cs
```
From the Administration menu or tray, choose Admin Applets and then Repository Manager.
Click the Indexer tab.
Under Collection Rebuild Cycle, click the Start button.
Deselect Use Fast Rebuild.
Click the OK button.

2.5.5 Generating Thumbnails and Web-Viewable Renditions

If you want to obtain thumbnail images and web-viewable renditions of files from the WebCenter Content user interface, you can configure Inbound Refinery to provide them. You can set up an Inbound Refinery provider for thumbnails and file conversions, such as PDF Export, through the native user interface.

To configure thumbnails in Content Server:

Access Content Server with the native user interface:
```
http://WCCHOST1:16200/cs
```
From the Administration menu or tray, choose Configure Thumbnail Options.
Select Enable this server to create the thumbnail images box.
Click the Update button.

For more information about generating thumbnails and web-viewable renditions, see Configuring Inbound Refinery in Managing Oracle WebCenter Content.

2.5.6 Configuring Digital Asset Management in Content Server

Digital Asset Management (DAM) is available through the WebCenter Content user interface. To enable the DAM user interface in Content Server, you need to enable the DigitalAssetManager, DAMConverterSupport, ContentBasket, and ZipRenditionManagement components and set up document conversion for DAM documents in Inbound Refinery.

To configure DAM in Content Server:

Log in to Content Server (http://WCCHOST1:16200/cs) as a WebCenter Content administrator.
Enable these components, or verify that they are enabled:
- DigitalAssetManager
- DAMConverterSupport
- ContentBasket
- ZipRenditionManagement (enabled by default)
Restart Content Server.
Log in to the Inbound Refinery Managed Server (http://WCCHOST1:16250/ibr) by default, as an administrator, and enable the DAMConverter component for DAM.
Restart the Inbound Refinery Managed Server.
Log in to Content Server again as an administrator to choose file formats for conversion:
1. From the Administration menu or tray, choose Admin Applets and then Configuration Manager.
2. From the Options menu, choose File Formats.
3. For image asset formats that you want to convert to digital assets (such as image/gif and image/png, change the conversion to Digital Media Graphics.
For more information about configuring DAM in Content Server and the Inbound Refinery Managed Server, see Configuring Digital Asset Manager in Managing Oracle WebCenter Content.

2.5.7 Configuring Extended Features in Content Server

Some Content Server features are supported but not necessarily required by the WebCenter Content user interface. For example, Access Control Lists (ACLs) and Accounts are not configured out of the box. If these features are enabled on Content Server, however, the WebCenter Content user interface provides access to the additional functionality.

For information about enabling ACLs in Content Server, see Managing Access Control List Security.

For information about enabling Accounts in Content Server, see Managing Accounts.

You can set up one of the three indexing configurations for Content Server: Oracle Text Search, Database metadata, or Database full text. For more information about how to do this, see Configuring the Search Index.

These standard Content Server settings are not specific to the WebCenter Content user interface.

2.5.8 Completing the Workflow Configuration

To complete the workflow configuration for the WebCenter Content user interface, you need to restart the Managed Servers and verify the configuration. The UseDatabaseWfInQueue configuration variable enables the WebCenter Content user interface to filter workflows assigned to a user. The EmailNotificationType configuration variable specifies where the links in notification emails point for workflows and subscriptions in different Content Server user interfaces, and its default value is NativeWebUI.

To complete the workflow configuration:

Set UseDatabaseWfInQueue=1 in config.cfg.
Make sure that the WCC_DOMAIN/ucm/cs/config/config.cfg file contains the EmailNotificationType variable with either of the following settings:
- To generate emails with links that point only to the WebCenter Content user interface, set EmailNotificationType=ContentUI in config.cfg.
- To generate emails with links that point to both the WebCenter Content user interface and the native user interface, set EmailNotificationType=ContentUI,NativeWebUI in config.cfg.
Restart the Content Server Managed Server.
Click the alert that appears on the Content Server home page after restart: Click to complete workflow setup.

Ensure that Content Server returns a success message: Workflow setup is now complete.
Restart the WebCenter Content user interface Managed Server.

For more information about workflows, see Managing Workflows in Managing Oracle WebCenter Content.

2.6 Associating the WebCenter Content User Interface with Content Server

You can configure a JAX-WS, IDCS, IDC, HTTP, or HTTPS connection between the WebCenter Content user interface Managed Server and Content Server, to associate the WebCenter Content user interface with Content Server.

The following topics describe how to configure these connections:

2.6.1 Configuring a JAX-WS Connection from the WebCenter Content User Interface Server to Content Server

Complete the steps described in this section to configure a JAX-WS connection from the WebCenter Content user interface to Content Server.

To configure a JAX-WS connection to Content Server:

Ensure that Metadata Services (MDS) schemas have been created in Oracle Database by the Repository Creation Utility (RCU).

Create an MDS schema for the common Oracle WebCenter Content and WebCenter Content user interface domains.
Apply the WSM Policy Manager Template to the common Oracle WebCenter Content domain and the WebCenter Content user interface domain, if the domain does not already have this template. The template is in this file:
```
MW_HOME/oracle_common/common/templates/applications/oracle.wsmpm_template_11.1.1.jar
```
If the file is not in the MW_HOME/oracle_common/common/templates/applications directory, you can extend the domain with the template.

To extend a domain with the WSM Policy Manager Template:
1. If a Managed Server in the domain that you are planning to extend is running, stop it through the Administration Console.
2. Launch an Oracle WebLogic Scripting Tool (WLST) shell in offline mode.
3. Run the following commands in sequence:
```
wls:/offline> readDomain(r'${DOMAIN_HOME}')

addTemplate(r'${MW_HOME}/oracle_common/common/templates/applications /oracle.wsmpm_template_11.1.1.jar')

updateDomain()

closeDomain()

exit()
```
  The addTemplate.cmd command creates a dummy schema.
Restart the Administration Servers in the common domain.
For the common domain, update the mds-owsm JDBC connection pool to point to the MDS schema for the domain. The targets should be the Administration Server and all Oracle ADF servers. The update can be done from Services > Data sources > mds-owsm in the Administration Console.

After updating a domain, restart the corresponding Administration Server. Confirm that Monitoring > Testing > Check data source is giving zero errors. A success message is expected, like "Test of mds-owsm on server AdminServer was successful."

Note:

Use separate schemas for ADF UI connection architecture and ADF UI OWSM.
Restart both the Managed Servers for UCM and Web user interface.
Create a policy set for the WebCenter Content user interface domain:
1. In Oracle Enterprise Manager Fusion Middleware Control, expand WebLogic Domain in the navigation tree on the left, and then click the name of the domain.
2. From the WebLogic Domain drop-down menu at the top of the domain page, choose Web Services, then Policy Sets.
3. From the Type of Resources menu under Policy Set Summary, choose Web Service Client, enter a name for the policy set in the Name field, and click Create.
4. Make sure the policy set is enabled.
5. Under the scope, enable the policy set, enter the name of the domain in the Domain Name field, and then attach a policy, such as oracle/wss10_saml_token_client_policy.
Create a policy set for the Oracle WebCenter Content domain:
1. In Fusion Middleware Control, expand WebLogic Domain in the navigation tree on the left, and then click the name of the domain.
2. From the WebLogic Domain drop-down menu at the top of the domain page, choose Web Services, then Policy Sets.
3. From the Type of Resources menu under Policy Set Summary, choose Web Service Endpoint, enter a name for the policy set in the Name field, and click Create.
4. Make sure the policy set is enabled.
5. Under the scope, enter the name of the domain in the Domain Name field, and then attach a policy, such as oracle/wss_saml_or_username_token_service_policy.
To expedite applying the policy changes, restart the servers.

Confirm that the WebCenter Content web service has the GPA policy applied by inspecting the WSDL, at the following URL:

http://WCC_HOST:WCC_PORT/idcnativews/IdcWebLoginPort?WSDL

For example:

http://slc05amp.example.com:16200/idcnativews/IdcWebLoginPort?WSDL

In the WSDL, check for this code:

wsp:PolicyReference xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
URI="#wss_saml_or_username_token_service_policy" wsdl:required="false"/>

To do an identity switch over the top of a standard SAML identity propagation policy, you need to be able to override subject precedence from its default value of true, to be false instead.
This instructs the server not to automatically send the connected subject, but rather allow it to explicitly set the identity that should be sent across.

The connection architecture has a Boolean property that you can set to activate an RIDC filter that results in requestContext.put(ClientConstants.WSM_SUBJECT_PRECEDENCE, "false") being set.

Note:

If a Credential map exists, ensure that the password property (oracle.wcc.ridc.credential.password) is cleared from the Credential map before executing the following command. To check this property in Fusion Middleware Control, go to the WebCenter Content user interface page, and from the WebLogic Server drop-down menu, choose Security, then Credentials, then WccAdf.oracle.wcc.adf, and then anonymous#WccAdfServerConnection. To clear the property, click Edit, remove oracle.wcc.ridc.credential.password, and save the change.

To activate the RIDC filter, run the following command:
```
updateRIDCConnection('Oracle WebCenter Content - Web UI', 
'WccAdfServerConnection', 
connUrl="http://slc05elc.example.com:16200/idcnativews", 
jaxwsRegisteridentityswitchfilter="true",credImpersonationAllowed='false')
```
Run the following Connection Architecture command:
```
displayRIDCConnection('Oracle WebCenter Content - Web UI', 'WccAdfServerConnection')
```
Now the Connection Architecture attributes should look as follows:
```
PropConnectionUrl = http://WCCUI_HOST:16200/idcnativews
PropConnectionSocketTimeout = null
PropConnectionPoolMethod = null
PropConnectionPoolSize = null
PropConnectionWaitTime = null
PropCredentialUsername = weblogic
PropCredentialAppIdKey = null
PropCredentialImpersonationAllowed = null
PropProtocolJaxWSStack = null
PropProtocolJaxWSPolicy = null
PropProtocolJaxWSJpsConfigFile = null
PropProtocolJaxWSSkipStackOptimize = null
PropProtocolJaxWSServerInsName = null
PropProtocolJaxWSRegisterIdentitySwitchFilter = true
PropProtocolHttpLibrary = null
PropProtocolIdcsAlgorithm = null
PropProtocolIdcsKeystoreFile = null
PropProtocolIdcsKeystoreAlias = null
PropProtocolIdcsTrustManagerFile = null
```
Note:

Make sure PropCredentialImpersonationAllowed is set to null or false, not to true.

For an application to switch identity, grant it a special policy-code grant in the system-jazn-data.xml file, under WCCUI_MW_HOME/user_projects/domains/WCCUI_domain/config/fmwconfig. Change the name, as in the following code:

<grant>
   <grantee>
     <codesource>
       <url>file:${common.components.home}/modules/oracle.wsm.agent.
       common_11.1.1/wsm-agent-core.jar</url>
     </codesource>
   </grantee>
   <permissions>
     <permission>
       <class>oracle.wsm.security.WSIdentityPermission</class>
       <name>resource=Oracle WebCenter Content - Web UI</name>
       <actions>assert</actions>
     </permission>
   </permissions>
</grant>

Restart the WebCenter Content user interface Managed Server.

2.6.2 Configuring a Secured Connection from the WebCenter Content User Interface Server to Content Server

An SSL Incoming Provider is leveraged and instantiated to create an SSL server socket to which Intradoc clients can connect, and whereby traffic is encrypted. The provider can be configured with or without requiring client authentication (the WebCenter Content user interface Managed Server is a client of Content Server). When client authentication is not required, the JAVA RIDC client making the connection to the SSL server socket (Intradoc secure-socket port) does not need to present a valid certificate. This mode is not very different from a normal, non-SSL Intradoc connection. The main difference, however, is that traffic is encrypted and cannot be viewed by packet capture, and so on, in the clear. Client authentication means that the client must supply a valid SSL certificate signed by an authority that is in the server's trust store. In this context, client authentication is not tied to any particular end user, but rather to the Java client program. When the Require Client Authentication option is selected for the provider, and a secure Intradoc connection is made by the Java RIDC client to Content Server, a client that does not present a valid certificate will receive an exception, such as this one:

javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate oracle.stellent.ridc.protocol.ProtocolException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate at oracle.stellent.ridc.protocol.intradoc.HdaProtocol.readResponse(HdaProtocol.java:257) at oracle.stellent.ridc.IdcClient.sendRequest(IdcClient.java:184) at Ping.ping(Ping.java:42) at Ping.main(Ping.java:20) Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:753) at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75) at java.io.BufferedInputStream.fill(BufferedInputStream.java:218) at java.io.BufferedInputStream.read(BufferedInputStream.java:237) at oracle.stellent.ridc.common.util.StreamUtil.readRawLine(StreamUtil.java:227) at oracle.stellent.ridc.common.util.StreamUtil.readLine(StreamUtil.java:254) at oracle.stellent.ridc.protocol.intradoc.HdaProtocol.readHeaders(HdaProtocol.java:459) at oracle.stellent.ridc.protocol.intradoc.HdaProtocol.readResponse(HdaProtocol.java:215)

If your client (the WebCenter Content user interface Managed Server) receives such an exception, first make sure that the WCC_domain/ucm/cs/config/config.cfgfile has SocketHostAddressSecurityFilter correctly set. The SocketHostAddressSecurityFilter value includes the IP address of the client machine; for example:

#hostname -i :- 10.229.187.227

SocketHostAddressSecurityFilter=10.229.187.227|127.0.0.1|0:0:0:0:0:0:0:1

Failure to set SocketHostAddressSecurityFilter correctly will result in an exception such as StatusMessage: Unable to establish connection to the server. Permission denied. Address '10.187.109.243' is not an allowable remote socket address.

Setting IntradocServerPort=XXXX is not required. Setting this property allows for non- SSL/nonencrypted Intradoc connections to this particular port from machines in the preceding trusted IP address list.

Caution:

If you want only SSL Intradoc connections with client-certificate authentication, but you inadvertently set IntradocServerPort, the client could go through this back door (assuming its IP address is in the trusted list).

2.6.3 Configuring an IDCS Connection from the WebCenter Content User Interface Server to Content Server

You can configure an IDC secured (IDCS) connection with or without Require Client Authentication. The WebCenter Content user interface Managed Server is a client of Content Server.

This section contains the following topics:

2.6.3.1 Configuring an IDCS Connection from the WebCenter Content User Interface Server to Content Server With Require Client Authentication

You can configure an IDC secured (IDCS) connection with or without Require Client Authentication. The WebCenter Content user interface Managed Server is a client of Content Server.

To configure an IDC secured connection with Require Client Authentication:

In the Oracle WebCenter Content domain, make the following changes, in a bash environment:
1. Enter the following command to set the domain environment:
```
source WCCUI_DOMAIN_HOME/bin/setDomainEnv.sh
```
2. Create a directory named sslkeepaliveincomingprovider:
```
mkdir -p $WCC_DOMAIN_HOME/ucm/cs/data/providers/sslkeepaliveincomingprovider  
cd $WCC_DOMAIN_HOME/ucm/cs/data/providers/sslkeepaliveincomingprovider
```
  You can use a different name, as long as the directory name matches the provider name specified in Step 2d.
3. Use the CertGen utility to create a server key-certificate pair signed by the demo CA cert CertGenCA, as follows:
```
java utils.CertGen -certfile ServerPublicCert -keyfile ServerPrivKey -keyfilepass password -cn "`hostname -f`"
```
4. Create a server keystore with the server key-certificate pair.
```
java utils.ImportPrivateKey -keystore keystore.jks -storepass password -certfile ServerPublicCert.der -keyfile ServerPrivKey.der -keyfilepass password -alias serverkey -keypass password 
```
5. Add the root CA to the server keystore, using the keytool utility:
```
keytool -importcert -file $WL_HOME/server/lib/CertGenCA.der -keystore keystore.jks -storepass password -noprompt
```
  The alias is not provided in the preceding command because it will be imported under the alias name mykey.
6. Add the root CA to the trust keystore:
```
keytool -importcert -file $WL_HOME/server/lib/CertGenCA.der -keystore truststore.jks -storepass welcome1 -noprompt
```
  The alias is not provided in the preceding command because it will be imported under the alias name mykey.
In Oracle WebCenter Content Server, add a provider:
1. Log in to the WebLogic Content user interface for Content Server, using the administrator user name and password.
2. From the Administration tray or menu, choose Providers.
3. On the Providers page, in Provider Type column of the Create a New Provider table, click sslincoming and then Add in the Action column of the same row.
4. On the Add Incoming Provider page, enter or keep the following field values:
  - Provider Name: sslkeepaliveincomingprovider (or the name of the directory created in Step 1b.)
  - Provider Description: For testing RIDC over SSL
  - Provider Class: idc.provider.ssl.SSLSocketIncomingProvider
  - Connection Class: idc.provider.KeepaliveSocketIncomingConnection
  - Server Thread Class: idc.server.KeepaliveIdcServerThread
  - Server Port: 9995
  - Require Client Authentication: Select.
  - Keystore File Path: Select Use Default (This value specifies $WCC_DOMAIN_HOME/ucm/cs/data/providers/sslkeepaliveincomingprovider/keystore.jks)
  - Keystore Password: password
  - Alias: serverkey
  - Alias Password: password
  - Truststore File Path: Select Use Default (This value specifies $WCC_DOMAIN_HOME/ucm/cs/data/providers /sslkeepaliveincomingprovider/truststore.jks)
  - Truststore Password: password
5. Click the Add button at the bottom of the page.
6. Restart the WebCenter Content Managed Server.

Verify the WCC_DOMAIN_HOME/ucm/cs/data/providers/sslkeepaliveincomingprovider/provider.hda file that gets generated. It should contain the following text:

- note passwords in clear!!
cat provider.hda
<?hda version="11gR1-11.1.1.7.0-idcprod1-120807T112220" jcharset="UTF8" encoding="utf-8"?>
@Properties LocalData
=I
ncomingThread=idc.server.KeepaliveIdcServerThread
IntradocServerHostName=
KeystoreAlias=serverkey
KeystoreAliasPassword=password
KeystoreFile=/u01/app/oracle/product/Middleware/user_projects/domains/base_dom
ain/ucm/cs/data/providers/sslkeepaliveincomingprovider/keystore.jks
KeystorePassword=password
NeedClientAuth=
PasswordScope=sslkeepaliveincomingprovider
ProviderClass=idc.provider.ssl.SSLSocketIncomingProvider
ProviderConfig=
ProviderConnection=idc.provider.KeepaliveSocketIncomingConnection
ProviderType=sslincoming
ServerPort=9995
TruststoreFile=/u01/app/oracle/product/Middleware/user_projects/domains/base_do
main/ucm/cs/data/providers/sslkeepaliveincomingprovider/truststore.jks
TruststorePassword=password
UseDefaultKeystoreFile=1
UseDefaultTruststoreFile=1
WantClientAuth=
blDateFormat=M/d{/yy}{ h:mm[:ss]{ a}}!mAM,PM!tPST8PDT
@end

From the WebCenter Content user interface Managed Server machine, make the following changes (if you are requiring client authentication).
1. Enter the following command to set the domain environment:
```
source WCCUI_DOMAIN_HOME/bin/setDomainEnv.sh
```
2. Go to the user home directory:
```
cd /home/user
```
3. Use the CertGen utility to create a client key-certificate pair signed by the demo CA cert CertGenCA, as follows:
```
java utils.CertGen -certfile ClientPublicCert -keyfile ClientPrivKey -keyfilepass password [-cn "`hostname -f`"]
```
  Note:
  
  The optional -cn argument determines the common name to which the certificate is issued. If this argument is skipped, the certificate is issued to the host name of the machine from which the certificate is generated.
4. Create a client keystore for the WebCenter Content user interface Managed Server, with the client key-certificate pair:
```
java utils.ImportPrivateKey -keystore keystore.jks -storepass password
-certfile ClientPublicCert.der -keyfile ClientPrivKey.der -keyfilepass password -alias clientkey -keypass password
```
5. Add the root CA to the client keystore, using the keytool utility:
```
keytool -importcert -file WCCUI_WL_HOME/server/lib/CertGenCA.der -keystore keystore.jks -storepass password -nopromp
```
Connect to the WebCenter Content user interface Managed Server.

Run the following updateRIDCConnection() command, on one line:

updateRIDCConnection('Oracle WebCenter Content – WebUI',
'WccAdfServerConnection',connUrl='idcs://adc2120610.example.com:9995',
credUsername='weblogic',idcsKeystoreFile='/home/user/keystore.jks',
idcsKeystorePassword='password',idcsKeystoreAlias='clientkey',idcsKeystoreAliasPassword='password'

After the preceding command is run, the cwallet.sso file is updated under /users/username/AppData/Roaming/JDeveloper/system11.1.2.2.39.61.83.1/DefaultDomain/config/fmwconfig. The cwallet.sso file contains the password, as follows (decrypted content):

### Map: WccAdf.oracle.wcc.adf
1. + Key: anonymous#WccAdfServerConnection
class = oracle.security.jps.internal.credstore.GenericCredentialImpl
desc = null
type = java.util.Hashtable
cred = (oracle.wcc.ridc.protocol.idcs.keystore.alias.password, password)
cred = (oracle.wcc.ridc.protocol.idcs.keystore.password, password)
expires = null

Restart the WebCenter Content user interface Managed Server.

2.6.3.2 Configuring an IDCS Connection from the WebCenter Content User Interface Server to Content Server Without Require Client Authentication

You can configure an IDC secured (IDCS) connection with or without Require Client Authentication. The WebCenter Content user interface Managed Server is a client of Content Server.

To configure an IDC secured connection without Require Client Authentication (only Content Server changes required):

Make the preceding changes to Content Server.
Connect to the WebCenter Content user interface Managed Server.

Run the following updateRIDCConnection() command, on one line

updateRIDCConnection('Oracle WebCenter Content – Web UI',
'WccAdfServerConnection',connUrl='idcs://adc2120610.example.com:9995',
credUsername='weblogic')

Ensure all other parameters are unset by running the displayRIDCConnection('Oracle WebCenter Content – Web UI','WccAdfServerConnection')cmd .
Restart the WebCenter Content user interface Managed Server.
If you encounter the following error message, you need to import a certificate from the Content domain into the Oracle WebCenter Content user interface domain:
```
Caused By: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
```
This error means the certificate present in the WebLogic Server trusted store for the WebCenter Content Managed Server does not match or contain the <cacerts> entry present in WebLogic Server trusted store for Content Server). To import this certificate and add it to the trusted keystore in the WebCenter Content user interface domain:
1. Export the Content Server certificate as root.cer:
```
keytool -export -file root.cer –keystore keystore_path
```
  In the preceding command, keystore_path is the keystore that was configured on the sslaliveincominprovider page in Content Server. For example:
```
/user/11.1.1.9.0/mw9977/user_projects/domains/wccucm_domain/ucm/cs/data/providers/sslkeepaliveincomingprovider/keystore.jks
```
2. Enter the corresponding keystore password: password
3. Import root.cerinto the client:
```
Keytool –import –keystore <cacerts> -file root.cer
```
  In the preceding command, <cacerts>is the Java Standard Trust Keystore that was specified for the WebCenter Content user interface Managed Server in the Administration Console. For example:
```
keytool -import -keystore jdk_location/jre/lib/security/cacerts -file root.cer
```
4. If you are prompted for a password after running the preceding keytool command, you can enter the common password for a keystore.
5. Restart the Web Center Content user interface Managed Server.

2.6.4 Configuring an IDC Connection from the WebCenter Content User Interface Server to Content Server

For an IDC connection to Content Server, the WebCenter Content user interface application is authenticated based on an IP address. Therefore, you need to make sure the WCC_DOMAIN_HOME/ucm/cs/config/config.cfg file has SocketHostAddressSecurityFilter set correctly. SocketHostAddressSecurityFilter includes the IP address of the client machine (the WebCenter Content user interface machine); for example:#hostname - i :- 10.229.187.227 SocketHostAddressSecurityFilter=10.229.187.227|127.0.0.1|0:0:0:0:0:0:0:1.

To configure an IDC connection to Content Server:

Connect to the WebCenter Content user interface.

Run the following updateRIDCConnection() command, on one line:

updateRIDCConnection('Oracle WebCenter Content – Web UI',
'WccAdfServerConnection',connUrl='idc://adc2120610.example.com:4444',
credUsername='weblogic')

The port number 4444 is the IntradocServerPort value for Content Server.

Restart the WebCenter Content user interface Managed Server.

2.6.5 Configuring an HTTP Connection from the WebCenter Content User Interface Server to Content Server

The steps in this section describe how to configure an HTTP connection from the WebCenter Content UI to Content Server.

To configure an HTTP connection to Content Server:

Connect to the WebCenter Content user interface.

Run the following updateRIDCConnection() command, on one line:

updateRIDCConnection('Oracle WebCenter Content – Web UI', 'WccAdfServerConnection',connUrl='http://adc2120610.example.com:7777/cs /idcplg',credUsername='weblogic',credPassword='password', httpLibrary='oracle',credImpersonationAllowed='true')

Restart the WebCenter Content user interface Managed Server.

2.6.5.1 Importing the Certificate from the Oracle WebCenter Content Domain to the WebCenter Content User Interface Domain

Over any secured connection, you need to follow the Certificate Authorities required to access secure sites using the SSL protocol. These Certificate Authorities may comprise the Identity and Trusted store.

If you see the following error on the WebCenter Content user interface Managed Server as soon as you try accessing it, you need to import the certificate for Content Server from the Oracle WebCenter Content domain to the WebCenter Content user interface domain:

Caused By: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target

This error happens because the certificate present in the WebLogic Server trusted store for the WebCenter Content user interface domain does not match or contain the cacerts present in the Oracle WebCenter Content domain (which includes Content Server). Therefore, you need to import this certificate and install it in the trusted keystore for the WebCenter Content user interface domain.

To import the certificate from the Oracle WebCenter Content domain to the WebCenter Content user interface domain:

Export the Content Server certificate from a browser by opening the Content Server HTTPS URL and saving the certificate as, for example, contentservercertificate.cer.
Run the keytool utility from the same JDK location that is used by the WebLogic Server trusted keystore. You can find this location in the Administration Console, on the Keystores tab for the WebCenter Content user interface Managed Server. For example:
```
JAVA_HOME/bin/java/keytool -import -keystore
JAVA_HOME/jre/lib/security/cacerts -file contentservercertificate.cer
```
The output from this command is details about the certificate and a request for confirmation.
Confirm the certificate:
```
Trust this certificate? [no]: y

Certificate was added to keystore
```
If you are prompted for a password after running the preceding command, you can specify the common password for a keystore.

2.6.6 Configuring an HTTPS Connection to Content Server Without a Certificate

The steps in this section describe how to configure an HTTPS connection to Content Server without a certificate.

To configure an HTTPS connection to Content Server without a certificate:

Enable the SSL listen port in the WebLogic Server Administration Console. For example:
```
SSL listen port: 16201
```
Update the following two entries in the Content Server configuration file, config.cfg, under WCC_MW_HOME/user_projects/domains/cs_domain/ucm/cs/config:
```
HttpServerAddress=adc2120610.example.com:16201
UseSSL=Yes
```
Restart the Oracle WebCenter Content Managed Server.
Connect to the WebCenter Content user interface.
Run the following updateRIDCConnection() command, on one line, with the appropriate SSL port:
```
updateRIDCConnection('Oracle WebCenter Content – Web UI', 'WccAdfServerConnection',
connUrl='https://adc2120610.example.com:16201/cs/idcplg',
credUsername='weblogic',credPassword='password',httpLibrary='oracle', 
credImpersonationAllowed='true')
```
Note:

In case the httpLibrary attribute is not set to oracle in the preceding command, Apache 3/4 is used for HTTP or HTTPS communication, so it is necessary to explicitly add the httpclient/httpcodec JAR in the WebCenter Content user interface (Model) classpath.
Restart the WebCenter Content Managed Server.