Setting Up Your Environment for Policies 10-13 5. In the Access Attributes section of the page, provide the name and path of the keystore, and the passwords as follows: ■ In the Keystore Path field, enter the path and name for the keystore that you created as described in Generating Private Keys and Creating the Java Keystore on page 10-9. This field defaults to .default-keystore.jks, which represents the default Java keystore name, default-keystore.jks, located in the domain_nameconfigfmwconfig directory. If you used a different name or location for the keystore, enter that value instead. ■ In the Password and Confirm Password fields, enter the password for the keystore. This password must match the password you used when you created the keystore using the keytool utility, as described in Generating Private Keys and Creating the Java Keystore on page 10-9, for example welcome1. 6. In the Identity Certificates section of the page, enter the alias and passwords for the signature and encryption keys as follows: ■ For the Signature Key, enter the alias name in the Key Alias field, and the password for the alias in the Signature Password and Confirm Password fields. The values you specify here must match the values in the keystore. For example, orakey and welcome1. ■ For the Encryption Key, enter the alias name in the Crypt Alias field, and the password for the alias in the Crypt Password and Confirm Password fields. The values you specify here must match the values in the keystore. For example, orakey and welcome1. The alias and password for the signature and encryption keys define the string alias and password used to store and retrieve the keys. These values are created in the credential store as sign-csf-key and enc-csf-key.

7. Click OK to submit the changes.

Note that all fields on this page require a server restart to take effect. Using WLST Follow these steps to configure the credential store to access the Oracle WSM keystore using WLST commands. 1. Go to the Oracle Common home directory for your installation, for example homeOracleMiddlewareoracle_common. For information about the Oracle Common home directory and installing Oracle Fusion Middleware, see the Oracle Fusion Middleware Installation Planning Guide. 2. Start WLST using the WLST.shcmd command located in the oracle_ commoncommonbin directory. For example: Note: Hardware security modules HSM are also certified to operate with Oracle Advanced Security. For more information, see Using Hardware Security Modules With Oracle WSM on page 10-33 Note: The Oracle WSM agent caches the keystore name and object. If you make subsequent changes to the contents of the keystore or to its name, you must restart the server. 10-14 Oracle Fusion Middleware Security and Administrators Guide for Web Services ■ homeOracleMiddlewareoracle_commoncommonbinwlst.sh UNIX ■ C:\Oracle\Middleware\oracle_common\common\bin\wlst.cmd Windows When executed, these commands start WLST in offline mode. To use the credential store WLST commands, you must use WLST in online mode. 3. Start Oracle WebLogic Server. For more information, see Start and stop servers in the Oracle WebLogic Server Administration Console Online Help. 4. Connect to the running WebLogic Server instance using the connect command. For example, the following command connects WLST to the Administration Server at the URL myAdminServer.oracle.com:7001 using the usernamepassword credentials weblogicwelcome1: connectweblogic,welcome1,t3:myAdminServer.oracle.com:7001 5. Enter the createCred command to create an entry in the credential store for the keystore name and password as follows: createCredmap=oracle.wsm.security, key=keystore-csf-key, user=owsm, password=welcome1, desc=Keystore key Note that you can enter any value for user. This field is ignored for the keystore-csf-key entry. The value of password must match the password that you specified when you created the keystore as described in Generating Private Keys and Creating the Java Keystore on page 10-9 in this example welcome1. 6. Enter the createCred command to create an entry in the credential store for the signature key alias and password as follows: createCredmap=oracle.wsm.security, key=sign-csf-key, user=orakey, password=welcome1, desc=Signing key The values of user and password must match the alias name and password for the signature key in the keystore that you specified when you created the keystore as described in Generating Private Keys and Creating the Java Keystore on page 10-9. In this example, the values are orakey and welcome1.. 7. Enter the createCred command to create an entry in the credential store for the encryption key alias and password as follows: createCredmap=oracle.wsm.security, key=enc-csf-key, user=orakey, password=welcome1, desc=Encryption key The values of user and password must match the alias name and password for the encryption key in the keystore that you specified when you created the keystore as described in Generating Private Keys and Creating the Java Keystore on page 10-9. In this example, the values are orakey and welcome1.. 8. View the details about a key in the credential store using the listCred command as shown in the following example: listCredmap=oracle.wsm.security, key=enc-csf-key