Configuring SSL in Oracle Fusion Middleware 6-19 1. The JVM needs to know where to find the trust store that it uses to trust certificates from LDAP. You do this by setting: -Djavax.net.ssl.trustStore=path_to_jks_file This property is added either to the JavaSE program, or to the server start-up properties in a JavaEE environment. 2. In your jps-config.xml file, you must set the protocol to ldaps and specify the appropriate port for the property ldap.url. This information needs to be updated for policy store, credential store, key store and any other service instances that use ldap.url. 3. Using keytool, import the LDAP servers certificate into the trust store specified in step 1.

6.5.1.2.2 Outbound SSL from Oracle Platform Security Services to Oracle Database You can

set up a one-way or two-way SSL connection to a database-based OPSS security store. For details about configuring the database server and clients, see Oracle Fusion Middleware Application Security Guide.

6.5.1.2.3 Outbound SSL from LDAP Authenticator to LDAP When you configure an LDAP

authenticator in Oracle WebLogic Server, you can specify that connections to the LDAP store should use SSL. Take these steps to configure the authenticator: 1. Log in to the Oracle WebLogic Server Administration Console. 2. In the left pane, select Security Realms and click the name of the realm you are configuring. 3. Select Providers, then Authentication and click New. 4. In the Name field, enter a name for the authentication provider. 5. From the Type drop-down list, select the type of the Authentication provider and click OK. For example, if using Oracle Internet Directory, choose OracleInternetDirectoryAuthenticator. 6. Select Providers, then Authentication and click the name of the new authentication provider to complete its configuration. 7. On the Configuration page for the authentication provider, set the desired values on the Common and Provider-Specific tabs. a. Common Tab Set the Control Flag to SUFFICIENT for all authenticators, including the DefaultAuthenticator b. Provider-Specific Tab host: host-name port: port-number principal: cn=orcladmin credentialconfirm: password user base dn: cn=Users,dc=us,dc=oracle,dc=com 6-20 Oracle Fusion Middleware Administrators Guide group base dn: cn=Groups,dc=us,dc=oracle,dc=com 8. Save your changes and restart the server.

6.5.1.2.4 Outbound SSL to Database Configuring SSL between Oracle WebLogic Server

and the database requires two sets of steps: ■ Configuring SSL Listener for the Database ■ Configuring SSL for the Data Source on Oracle WebLogic Server Configure an SSL Listener on Oracle Database To configure the database with an SSL listener, you must specify the servers distinguished name DN and TCPS as the protocol in the client network configuration files to enable server DN matching and TCPIP with SSL connections. Server DN matching prevents the database server from faking its identity to the client during connections by matching the servers global database name against the DN from the server certificate. You must manually edit the client network configuration files, tnsnames.ora and listener.ora, to specify the servers DN and the TCPIP with SSL protocol. For details, see Section 6.6.3.1, SSL-Enable Oracle Database. SSL-Enable the Data Source On Oracle WebLogic Server See Section 6.6.3.2, SSL-Enable a Data Source.

6.5.2 Configuring SSL for Oracle SOA Suite

SSL configuration for Oracle SOA Suite varies with the type of connection being secured. SSL in Oracle WebLogic Server SSL features in Oracle WebLogic Server include: ■ How to set up SSL at the core server ■ How to enable SSL for a Web service For these and related topics, see Oracle Fusion Middleware Securing Oracle WebLogic Server. SSL for SOA Composites The following tasks are also needed to secure Oracle SOA Suite applications: ■ SSL-protecting SOA composites ■ Accessing SSL-protected Web services from within SOA composites For these and related topics, see the Oracle Fusion Middleware Administrators Guide for Oracle SOA Suite and Oracle Business Process Management Suite. See Also: Configuring Secure Sockets Layer Authentication in the Oracle Database Advanced Security Administrators Guide for more information about configuring SSL for the database listener