4-2 Oracle Fusion Middleware Security Overview – and samples management ■ Password management

4.2 Keystores

Objects necessary for SSL communication, including private keys, digital certificates, and trusted CA certificates are stored in keystores. Oracle Fusion Middleware provides two types of keystores for keys and certificates: ■ JKS-based keystore and truststore A JKS keystore is the default JDK implementation of Java keystores provided by Sun Microsystems. In 11gR1, all Java components and JavaEE applications use the JKS-based KeyStore and TrustStore. You use a JKS-based keystore for the following: – Oracle Virtual Directory – Applications deployed on Oracle WebLogic Server, including: Oracle SOA Suite Oracle WebCenter ■ Oracle wallet An Oracle wallet is a keystore for credentials, such as certificates, certificate requests, and private keys. You use an Oracle Wallet for the following components: – Oracle HTTP Server – Oracle Web Cache – Oracle Internet Directory For details, see Managing Keystores, Wallets, and Certificates in the Oracle Fusion Middleware Administrators Guide.

4.3 Enabling SSL

SSL management capabilities in 11g Release 1 11.1.1 are as follows: ■ Oracle WebLogic Server provides SSL capability for client and server communications ■ Oracle Fusion Middleware 11g offers an SSL configuration capability which supports SSL enablement for these Oracle Fusion Middleware system components: – Oracle Web Cache – Oracle HTTP Server – Oracle Internet Directory – Oracle Virtual Directory The SSL configuration feature: ■ abstracts the steps involved in configuring SSL from other management tasks Infrastructure Hardening 4-3 ■ makes SSL configuration consistent and uniform across all Oracle Fusion Middleware system components ■ validates SSL during configuration ■ provides default values for various SSL parameters to simplify configuration ■ includes the Oracle SSL Automation Tool, which enables you to configure multiple components in a domain using a domain-specific CA certificate. SSL Configuration Tools in Oracle Fusion Middleware Depending on the task, a range of configuration tools are available: ■ Oracle Enterprise Manager Fusion Middleware Control and the WLST command-line tool to SSL-enable listeners for system components and to manage Oracle wallets and JKS keystores for those components ■ Oracle Wallet Manager and the orapki command-line tool for Oracle wallets Refer to the following for details: ■ SSL Configuration in Oracle Fusion Middleware in the Oracle Fusion Middleware Administrators Guide ■ Managing Keystores, Wallets, and Certificates in the Oracle Fusion Middleware Administrators Guide SSL Configuration Tools in Oracle WebLogic Server Oracle Weblogic Server uses these tools to manage keystores and enable SSL on connections coming into the server: ■ the JDK keytool utility Oracle WebLogic Server supports the Java KeyStore JKS provided by the JDK. The keytool utility is used to manage keystores in addition to creating key pairs, and generating and reading self-signed certificates. ■ The WebLogic Server administrator console This console is used to manage the SSL configuration of WebLogic Server listeners. For example, Oracle SOA Suite and Oracle WebCenter running on Oracle WebLogic Server use these facilities to enable SSL. Refer to the following documents for details: ■ Getting Started with Oracle WebLogic Server Administration Console in the Oracle Fusion Middleware Administrators Guide ■ The Oracle Fusion Middleware WebLogic Scripting Tool Command Reference

4.4 Port and Environment Management