Setting Up Your Environment for Policies 10-13 5. In the Access Attributes section of the page, provide the name and path of the keystore, and the passwords as follows: ■ In the Keystore Path field, enter the path and name for the keystore that you created as described in Generating Private Keys and Creating the Java Keystore on page 10-9. This field defaults to .default-keystore.jks, which represents the default Java keystore name, default-keystore.jks, located in the domain_nameconfigfmwconfig directory. If you used a different name or location for the keystore, enter that value instead. ■ In the Password and Confirm Password fields, enter the password for the keystore. This password must match the password you used when you created the keystore using the keytool utility, as described in Generating Private Keys and Creating the Java Keystore on page 10-9, for example welcome1. 6. In the Identity Certificates section of the page, enter the alias and passwords for the signature and encryption keys as follows: ■ For the Signature Key, enter the alias name in the Key Alias field, and the password for the alias in the Signature Password and Confirm Password fields. The values you specify here must match the values in the keystore. For example, orakey and welcome1. ■ For the Encryption Key, enter the alias name in the Crypt Alias field, and the password for the alias in the Crypt Password and Confirm Password fields. The values you specify here must match the values in the keystore. For example, orakey and welcome1. The alias and password for the signature and encryption keys define the string alias and password used to store and retrieve the keys. These values are created in the credential store as sign-csf-key and enc-csf-key.

7. Click OK to submit the changes.

Note that all fields on this page require a server restart to take effect. Using WLST Follow these steps to configure the credential store to access the Oracle WSM keystore using WLST commands. 1. Go to the Oracle Common home directory for your installation, for example homeOracleMiddlewareoracle_common. For information about the Oracle Common home directory and installing Oracle Fusion Middleware, see the Oracle Fusion Middleware Installation Planning Guide. 2. Start WLST using the WLST.shcmd command located in the oracle_ commoncommonbin directory. For example: Note: Hardware security modules HSM are also certified to operate with Oracle Advanced Security. For more information, see Using Hardware Security Modules With Oracle WSM on page 10-33 Note: The Oracle WSM agent caches the keystore name and object. If you make subsequent changes to the contents of the keystore or to its name, you must restart the server.