OAM11gR2: Enabling SSL in the Data Store
By Ekta Malik on Dec 03, 2012
Enabling SSL in the Data Store of OAM11gR2 comprises of the below mentioned steps.
- Import the certificate/s required for establishing the trust with the Store(backend) in the keystore(cacerts) on the machine hosting OAM's Weblogic Admin server
- Restart the Weblogic Admin server
- Specify the <Hostname>:<SSL port> in the "Location" field of the Data Store and select the "Enable SSL" checkbox
- Certificate/s to be imported are available for import
- Data Store has already been created using OAM admin console and the connection to the store is successful on non-SSL port( though one can always create a Data Store with SSL settings on the first go)
Steps for importing the certificate/s:-
One can use the keytool utility that comes bundled with JDK to import the certificate. The step for importing the certificate would be same for self-signed and third party certificates (like VeriSign)
$JAVA_HOME/bin/keytool -import -v -noprompt -trustcacerts -alias <aliasname> -file <Path to the certificate file> -keystore $JAVA_HOME/jre/lib/security/cacerts
Here $JAVA_HOME refers to the path of JDK install directory
Note: In case multiple certificates are required for establishing the trust, import all those certificates using the same keytool command mentioned above
One can verify the import of the certificate/s by using the below mentioned command
$JAVA_HOME/bin/keytool -list -alias <aliasname>-v -keystore $JAVA_HOME/jre/lib/security/cacertsWhen the trust gets established for the SSL communication, specifying the SSL specific settings in the Data Store (via OAM admin console) wouldn't result into the previously seen error (when Certificates are yet to be imported) and the "Test Connection" would be successful.