OAM11gR2: Enabling SSL in the Data Store
- by Ekta Malik
Normal
0
false
false
false
EN-US
X-NONE
X-NONE
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Enabling SSL in the Data Store of
OAM11gR2 comprises of the below mentioned steps.
Import the certificate/s required for establishing the
trust with the Store(backend) in the keystore(cacerts) on the machine
hosting OAM's Weblogic Admin server
Restart the Weblogic Admin server
Specify the <Hostname>:<SSL port> in the
"Location" field of the Data Store and select the "Enable
SSL" checkbox
Pre-requisite:-
Certificate/s to be imported are available for import
Data Store has already been created using OAM admin
console and the connection to the store is successful on non-SSL port( though one can always create a Data Store with SSL settings on the first go)
Steps for importing the
certificate/s:-
One can use the keytool utility that
comes bundled with JDK to import the certificate. The step for importing the
certificate would be same for self-signed and third party certificates (like VeriSign)
$JAVA_HOME/bin/keytool -import -v
-noprompt -trustcacerts -alias <aliasname> -file <Path to the
certificate file> -keystore $JAVA_HOME/jre/lib/security/cacerts
Here $JAVA_HOME refers to the path
of JDK install directory
Note: In case multiple certificates are required for establishing the trust, import all those certificates using the same keytool command mentioned above
One can verify the import of the
certificate/s by using the below mentioned command
$JAVA_HOME/bin/keytool -list -alias <aliasname>-v -keystore $JAVA_HOME/jre/lib/security/cacerts When the trust gets established for the SSL
communication, specifying the SSL specific settings in the Data Store (via OAM
admin console) wouldn't result into the previously seen error (when
Certificates are yet to be imported) and the "Test Connection" would
be successful.