Setting Up and Managing Disaster Recovery Sites 4-53 For example, enter these commands: java utils.ImportPrivateKey appIdentityKeyStore.jks welcome1 appIdentity1 welcome1 MW_HOMEuser_projectsdomainsSOADomaincertssoahost1_cert.pem MW_HOME user_projectsdomainsSOADomaincertssoahost1_key.pem java utils.ImportPrivateKey appIdentityKeyStore.jks welcome1 appIdentity2 welcome1 MW_HOMEuser_projectsdomainsSOADomaincertssoahost2_cert.pem MW_HOME user_projectsdomainsSOADomaincertssoahost2_key.pem

4.1.4.3 Create Trust KeyStore

Follow these steps to create a trust keystore:

1. Create a new trust keystore called appTrustKeyStore using the keytool

utility.

2. Use the standard java keystore to create the new trust keystore since it already

contains most of the root CA certificates needed. It is recommended not to modify the standard Java trust key store directly.

3. Copy the standard Java keystore cacerts located under the WL_

HOME serverlib directory to the same directory as the certificates. For example: cp WL_HOMEserverlibcacerts MW_HOME user_projectsdomainsSOADomaincertsappTrustKeyStore.jks

4. The default password for the standard Java keystore is changeit and it is always

recommended to change the default password. Use the keytool utility to do this. The syntax is: keytool -storepasswd -new NewPassword -keystore TrustKeyStore -storepass Original Password For example, enter this command: keytool -storepasswd -new welcome1 -keystore appTrustKeyStore.jks -storepass changeit 5. The CA certificate CertGenCA.der is used to sign all certificates generated by utils.CertGen tool and is located at WL_HOMEserverlib directory. This CA certificate must be imported into the appTrustKeyStore using the keytool utility. The syntax is: keytool -import -v -noprompt -trustcacerts -alias AliasName -file CAFileLocation -keystore KeyStoreLocation -storepass KeyStore Password For example, enter this command: keytool -import -v -noprompt -trustcacerts -alias clientCACert -file WL_HOME serverlibCertGenCA.der -keystore appTrust.jks -storepass welcome1

4.1.4.4 Configure Node Manager for Custom KeyStores

Configure Node Manager on each of the nodes to use the newly-created custom keystores by editing the following lines at the end of the nodemanager.properties file located under the WL_HOMEcommonnodemanager directory. These lines and their meanings are shown below: 4-54 Oracle Fusion Middleware Disaster Recovery Guide KeyStores=CustomIdentityAndCustomTrust CustomIdentityKeyStoreFileName=Identity KeyStore CustomIdentityKeyStorePassPhrase=Identity KeyStore Password CustomIdentityAlias=Identity Key Store Alias CustomIdentityPrivateKeyPassPhrase=Private Key used when creating Certificate CustomTrustKeyStoreFileName=Trust KeyStore CustomTrustKeyStorePassPhrase=Trust KeyStore Password For example, make these edits in the nodemanager.properties file on SOAHOST1: KeyStores=CustomIdentityAndCustomTrust CustomIdentityKeyStoreFileName=MW_HOMEuser_projectsdomainsSOADomaincerts appIdentityKeyStore.jks CustomIdentityKeyStorePassPhrase=welcome1 CustomIdentityAlias=appIdentity1 CustomIdentityPrivateKeyPassPhrase=welcome1 CustomTrustKeyStoreFileName=MW_HOMEuser_projectsdomainsSOADomaincerts appTrust.jks CustomTrustKeyStorePassPhrase=welcome1 For example, make these edits in the nodemanager.properties file on SOAHOST2: KeyStores=CustomIdentityAndCustomTrust CustomIdentityKeyStoreFileName=MW_HOMEuser_projectsdomainsSOADomaincerts appIdentityKeyStore.jks CustomIdentityKeyStorePassPhrase=welcome1 CustomIdentityAlias=appIdentity2 CustomIdentityPrivateKeyPassPhrase=welcome1 CustomTrustKeyStoreFileName=MW_HOMEuser_projectsdomainsSOADomaincerts appTrust.jks CustomTrustKeyStorePassPhrase=welcome1

4.2 Creating a Production Site

This section provides the steps to create the production site. The Oracle SOA enterprise deployment topology and the Oracle Identity Management Enterprise deployment topology are used as examples. Ensure that you have performed the following prerequisites before you start creating the production site: ■ Set up the host name aliases for the middle tier hosts, which was described in Section 3.1.1, Planning Host Names. ■ Create the required volumes on the shared storage on the production site, which was described in Section 4.1.1, Directory Structure and Volume Design. ■ Create the mount points and the symbolic links if required. Refer to Section 3.2.3, Storage Replication to determine whether you must create symbolic links for the production site. For more information, see the following: ■ Creating the Production Site for the Oracle SOA Suite Topology ■ Creating the Production Site for the Oracle Identity Management Topology ■ Creating the Production Site for the Oracle WebCenter Topology ■ Creating the Production Site for the Oracle Enterprise Content Management Topology