Tuesday, October 11, 2011

Import Client Certificates in SOA 11g

This Article will teach you how to Import Client Certificates in SOA 11g 


Solution 1:


Steps:   
  • Download client certificate from Mozilla or IE,name it as gmail-smtp.cer   
  • Open command prompt and Import this Certificate into your JDK certs file using keytool
keytool -import  -file E:\gmailCert\gmail-smtp.cer -alias RootCA -keystore C:\Oracle\Middleware\jdk160_24\jre\lib\security\cacerts -storepass changeit

  • Create new keystore  and name it myykeystore.jks using blow command 
keytool -genkey -keystore C:\Oracle\Middleware\wlserver_10.3\server\lib\mykeystore.jks -storepass welcome1

  • Import your certificate into mykeystore.jks keystore.
keytool -import  -file E:\gmailCert\gmail-smtp.cer -alias RootCA -keystore C:\Oracle\Middleware\wlserver_10.3\server\lib\mykeystore.jks -storepass welcome1

  • Edit C:\Oracle\Middleware\user_projects\domains\base_domain\bin\setDomainEnv.cmd.search for -Djavax.net.ssl.trustStore text in the file and replace with
-Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/mykeystore.jks   
-Djavax.net.ssl.trustStorePassword=welcome1

  •  Open Admin Console and modify the keystore for SOA server.Click on Change button and select the custom Identity and java standard trust  from dropdown.
Custom Identity Keystore:C:\Oracle\Middleware\wlserver_10.3\server\lib\mykeystore.jks
Custom Identity Keystore Type: jks
Custom Identity Keystore Passphrase: welcome1
Confirm Custom Identity Keystore Passphrase: welcome1

Restart SOA server and then test.


Solution 2



  •     Obtain security certificate from SFDC to connect to SFDC services (e.g. sfdc-client.cert).
  •    Import certificate obtained from SFDC into keystore
  •       /xgsoadv4a/oracle/fmw/java/bin/keytool -import -alias proxy.salesforce.com -keystore     SFDCKeyStore.jks -file /home/soaadmin/temp/sfdc-client.cert
  •   Remove the following entry from domain's setDomainEnv.sh (<domain_home>/bin/setDomainEnv.sh) -  
  •           -Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks .
  •  Login to the Fusion Middleware Control console (i.e. "http://WLserver:port/em") . Navigate to Farm_<domain>/SOA/soa-infra". Right-click on "soa-infra" on the left pane. Select "SOA Administration --> Common Properties", click the hyperlink at the bottom for "More SOA Infra Advanced Configuration Properties".
  •  Find the entry for KeystoreLocation - and provide the path to the keystore that contains CA Certificates. Click on Apply.



6.       Add credential entry to allow BPEL to open the keystore file. Navigate to "WebLogic Domain/<domain name>". From pulldown menu, select "Security->Credentials". Add a new map called "iClickSFDC" and add two new keys inside that map (default password is changeit):
Key Name
Type
User Name
Password
KeyPassword
password
KeyPassword
<password>
KeystorePassword
password
KeystorePassword
<password>




7.       Restart webLogic domain servers.



Posted by at

3 comments:

  1. ManiDecember 22, 2011 at 4:11 AM

    Hi Sudhakar,
    Thanks for your blog.
    I have a requirement,One interface say Hello world.How can I get the number request’s (count) for this interface and also in that count how to know how many are completed and how many are faulted.

    .If is there any alternative please give directions and instruction how to achieve this task.
    Thanks in advance.

    Regards
    Mani

    ReplyDelete
  2. Nagendra ReddyDecember 17, 2016 at 11:51 PM

    Thank you for showing great solution for how to Import Client Certificates in SOA 11g.
    Regards,
    oracle soa training in hyderabad,
    weblogic online training in hyderabad.

    ReplyDelete
  3. rmouniakJune 6, 2018 at 3:27 AM

    Learned a lot of new things from your post ,It's amazing blog

    Oracle SOA Online Training Bangalore

    ReplyDelete

Subscribe to: Post Comments (Atom)