Tuesday, October 11, 2011

Import Client Certificates in SOA 11g

This Article will teach you how to Import Client Certificates in SOA 11g 


Solution 1:


Steps:   
  • Download client certificate from Mozilla or IE,name it as gmail-smtp.cer   
  • Open command prompt and Import this Certificate into your JDK certs file using keytool
keytool -import  -file E:\gmailCert\gmail-smtp.cer -alias RootCA -keystore C:\Oracle\Middleware\jdk160_24\jre\lib\security\cacerts -storepass changeit

  • Create new keystore  and name it myykeystore.jks using blow command 
keytool -genkey -keystore C:\Oracle\Middleware\wlserver_10.3\server\lib\mykeystore.jks -storepass welcome1

  • Import your certificate into mykeystore.jks keystore.
keytool -import  -file E:\gmailCert\gmail-smtp.cer -alias RootCA -keystore C:\Oracle\Middleware\wlserver_10.3\server\lib\mykeystore.jks -storepass welcome1

  • Edit C:\Oracle\Middleware\user_projects\domains\base_domain\bin\setDomainEnv.cmd.search for -Djavax.net.ssl.trustStore text in the file and replace with
-Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/mykeystore.jks   
-Djavax.net.ssl.trustStorePassword=welcome1

  •  Open Admin Console and modify the keystore for SOA server.Click on Change button and select the custom Identity and java standard trust  from dropdown.
Custom Identity Keystore:C:\Oracle\Middleware\wlserver_10.3\server\lib\mykeystore.jks
Custom Identity Keystore Type: jks
Custom Identity Keystore Passphrase: welcome1
Confirm Custom Identity Keystore Passphrase: welcome1

Restart SOA server and then test.


Solution 2



  •     Obtain security certificate from SFDC to connect to SFDC services (e.g. sfdc-client.cert).
  •    Import certificate obtained from SFDC into keystore
  •       /xgsoadv4a/oracle/fmw/java/bin/keytool -import -alias proxy.salesforce.com -keystore     SFDCKeyStore.jks -file /home/soaadmin/temp/sfdc-client.cert
  •   Remove the following entry from domain's setDomainEnv.sh (<domain_home>/bin/setDomainEnv.sh) -  
  •           -Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks .
  •  Login to the Fusion Middleware Control console (i.e. "http://WLserver:port/em") . Navigate to Farm_<domain>/SOA/soa-infra". Right-click on "soa-infra" on the left pane. Select "SOA Administration --> Common Properties", click the hyperlink at the bottom for "More SOA Infra Advanced Configuration Properties".
  •  Find the entry for KeystoreLocation - and provide the path to the keystore that contains CA Certificates. Click on Apply.



6.       Add credential entry to allow BPEL to open the keystore file. Navigate to "WebLogic Domain/<domain name>". From pulldown menu, select "Security->Credentials". Add a new map called "iClickSFDC" and add two new keys inside that map (default password is changeit):
Key Name
Type
User Name
Password
KeyPassword
password
KeyPassword
<password>
KeystorePassword
password
KeystorePassword
<password>




7.       Restart webLogic domain servers.



Posted by at 3 comments:
Subscribe to: Posts (Atom)