Setting Up Your Environment for Policies 10-11 Middleware Control, you can also use WebLogic Scripting Tool WLST commands, as described in Using WLST on page 10-13. Using Fusion Middleware Control When you use Fusion Middleware Control to configure the Oracle WSM keystore, entries are created in the credential store for the credential map oracle.wsm.security, and any keys that you define. Use the following procedure to configure the keystore:

1. In the Navigator pane, expand WebLogic Domain to show the domain for which

you need to configure the keystore. Select the domain.

2. From the WebLogic Domain menu, select Security then Security Provider

Configuration , as shown in Figure 10–1 . Figure 10–1 WebLogic Domain Security Provider Configuration Menu The Security Provider Configuration page is displayed, as shown in Figure 10–2 . 10-12 Oracle Fusion Middleware Security and Administrators Guide for Web Services Figure 10–2 Security Provider Configuration Page 3. Click the plus sign + to expand the Keystore control near the bottom of the page, then click Configure. The Web Services Manager Keystore Configuration page is displayed, as shown in Figure 10–3 . Figure 10–3 Web Services Manager Keystore Configuration

4. In the Keystore Type drop-down, select Java Key Store JKS, if it is not already

selected. Setting Up Your Environment for Policies 10-13 5. In the Access Attributes section of the page, provide the name and path of the keystore, and the passwords as follows: ■ In the Keystore Path field, enter the path and name for the keystore that you created as described in Generating Private Keys and Creating the Java Keystore on page 10-9. This field defaults to .default-keystore.jks, which represents the default Java keystore name, default-keystore.jks, located in the domain_nameconfigfmwconfig directory. If you used a different name or location for the keystore, enter that value instead. ■ In the Password and Confirm Password fields, enter the password for the keystore. This password must match the password you used when you created the keystore using the keytool utility, as described in Generating Private Keys and Creating the Java Keystore on page 10-9, for example welcome1. 6. In the Identity Certificates section of the page, enter the alias and passwords for the signature and encryption keys as follows: ■ For the Signature Key, enter the alias name in the Key Alias field, and the password for the alias in the Signature Password and Confirm Password fields. The values you specify here must match the values in the keystore. For example, orakey and welcome1. ■ For the Encryption Key, enter the alias name in the Crypt Alias field, and the password for the alias in the Crypt Password and Confirm Password fields. The values you specify here must match the values in the keystore. For example, orakey and welcome1. The alias and password for the signature and encryption keys define the string alias and password used to store and retrieve the keys. These values are created in the credential store as sign-csf-key and enc-csf-key.

7. Click OK to submit the changes.

Note that all fields on this page require a server restart to take effect. Using WLST Follow these steps to configure the credential store to access the Oracle WSM keystore using WLST commands. 1. Go to the Oracle Common home directory for your installation, for example homeOracleMiddlewareoracle_common. For information about the Oracle Common home directory and installing Oracle Fusion Middleware, see the Oracle Fusion Middleware Installation Planning Guide. 2. Start WLST using the WLST.shcmd command located in the oracle_ commoncommonbin directory. For example: Note: Hardware security modules HSM are also certified to operate with Oracle Advanced Security. For more information, see Using Hardware Security Modules With Oracle WSM on page 10-33 Note: The Oracle WSM agent caches the keystore name and object. If you make subsequent changes to the contents of the keystore or to its name, you must restart the server.