Setting Up Node Manager 7-5 modifying the standard Java trust keystore directly. Copy the standard Java keystore CA certificates located under the WL_HOMEserverlib directory to the same directory as the certificates. For example: HOST cp WL_HOMEserverlibcacerts ORACLE_BASEadmindomain_ name aserverdomain_namecertsappTrustKeyStore.jks 2. The default password for the standard Java keystore is changeit. Oracle recommends always changing the default password. Use the keytool utility to do this. The syntax is all on a single line: APPHOST1 keytool -storepasswd -new New_Password -keystore Trust_Keystore -storepass Original_Password For example: HOST keytool -storepasswd -new welcome1 -keystore appTrustKeyStore.jks -storepass changeit 3. The CA certificate CertGenCA.der is used to sign all certificates generated by the utils.CertGen tool. It is located in the WL_HOMEserverlib directory. This CA certificate must be imported into the appTrustKeyStore using the keytool utility. The syntax is all on a single line: HOST keytool -import -v -noprompt -trustcacerts -alias Alias_Name -file CA_File_Location -keystore Keystore_Location -storepass Keystore_Password For example: HOST keytool -import -v -noprompt -trustcacerts -alias clientCACert -file WL_HOME serverlibCertGenCA.der -keystore appTrustKeyStore.jks -storepass welcome1

7.3.4 Configuring Node Manager to Use the Custom Keystores

To configure Node Manager to use the custom keystores, add the following lines to the end of the nodemanager.properties file located in the WL_HOMEcommon nodemanager directory: KeyStores=CustomIdentityAndCustomTrust CustomIdentityKeyStoreFileName=Identity_Keystore CustomIdentityKeyStorePassPhrase=Identity_Keystore_Password CustomIdentityAlias=Identity_Keystore_Alias CustomIdentityPrivateKeyPassPhrase=Private_Key_Used_When_Creating_Certificate Make sure to use the correct value for CustomIdentityAlias on each node. For example, on HOST2, use appIdentity2. For example: KeyStores=CustomIdentityAndCustomTrust CustomIdentityKeyStoreFileName=ORACLE_BASEadmindomain_nameaserverdomain_name certsappIdentityKeyStore.jks CustomIdentityKeyStorePassPhrase=welcome1 CustomIdentityAlias=appIdentity2 CustomIdentityPrivateKeyPassPhrase=welcome1 The passphrase entries in the nodemanager.properties file get encrypted when you start Node Manager as described in Section 7.4, Starting Node Manager. For security reasons, you want to minimize the time the entries in the nodemanager.properties file are left unencrypted. After you edit the file, you should start Node Manager as soon as possible so that the entries get encrypted. 7-6 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Business Intelligence

7.3.5 Configuring Managed Servers to Use the Custom Keystores

You must perform the steps in this section for the Administration Server and all Managed Servers. To configure the identity and trust keystores:

1. Log in to the Oracle WebLogic Server Administration Console.

2. In the Change Center, click Lock Edit.

3. Expand the Environment node in the Domain Structure window.

4. Click Servers. The Summary of Servers page is displayed.

5. Click the name of the server for which you want to configure the identity and trust

keystores WLS_SERVER. The settings page for the selected server is displayed.

6. Select Configuration, and then select Keystores.

7. In the Keystores field, change to the Custom Identity and Custom Trust method

for storing and managing private keysdigital certificate pairs and trusted CA certificates.

8. In the Identity section, define attributes for the identity keystore as follows:

a. Custom Identity Keystore: