nShield Oracle Weblogic Server 11g R1 Windows - Thales e-Security
nShield Oracle Weblogic Server 11g R1 Windows - Thales e-Security
nShield Oracle Weblogic Server 11g R1 Windows - Thales e-Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>nShield</strong> Modules<br />
Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong><br />
<strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong><br />
www.thales-esecurity.com
Version: 2.0<br />
Date: 28 March 2012<br />
Copyright 2012 <strong>Thales</strong> e-<strong>Security</strong> Limited. All rights reserved.<br />
Copyright in this document is the property of <strong>Thales</strong> e-<strong>Security</strong> Limited. It is not to be reproduced, modified,<br />
adapted, published, translated in any material form (including storage in any medium by electronic means<br />
whether or not transiently or incidentally) in whole or in part nor disclosed to any third party without the prior<br />
written permission of <strong>Thales</strong> e-<strong>Security</strong> Limited neither shall it be used otherwise than for the purpose for which<br />
it is supplied.<br />
CodeSafe, KeySafe, nCipher, nFast, nForce, <strong>nShield</strong>, payShield, and Ultrasign are registered trademarks of<br />
<strong>Thales</strong> e-<strong>Security</strong> Limited.<br />
CipherTools, CryptoStor, CryptoStor Tape, keyAuthority, KeyVault, nCore, netHSM, nFast Ultra, nForce Ultra,<br />
<strong>nShield</strong> Connect, nToken, SafeBuilder, SEE, and Trust Appliance are trademarks of <strong>Thales</strong> e-<strong>Security</strong> Limited.<br />
All other trademarks are the property of the respective trademark holders.<br />
Information in this document is subject to change without notice.<br />
<strong>Thales</strong> e-<strong>Security</strong> Limited makes no warranty of any kind with regard to this information, including, but not limited<br />
to, the implied warranties of merchantability and fitness for a particular purpose. <strong>Thales</strong> e-<strong>Security</strong> Limited shall<br />
not be liable for errors contained herein or for incidental or consequential damages concerned with the<br />
furnishing, performance or use of this material.<br />
These installation instructions are intended to provide step-by-step instructions for installing <strong>Thales</strong> software<br />
with third-party software. These instructions do not cover all situations and are intended as a supplement to the<br />
documentation provided with <strong>Thales</strong> products. Disclaimer: <strong>Thales</strong> e-<strong>Security</strong> Limited disclaims all liabilities<br />
regarding third-party products and only provides warranties and liabilities with its own products as addressed<br />
in the Terms and Conditions for Sale.<br />
Version: 2.0<br />
Date: 28 March 2012<br />
2012<br />
Template: nShiMar12<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 2
Contents<br />
Chapter 1: Introduction 4<br />
Supported nCipher functionality 5<br />
Requirements 5<br />
Chapter 2: Procedures 6<br />
Installing <strong>nShield</strong> Hardware and Software 6<br />
Installing <strong>Oracle</strong> WebLogic <strong>Server</strong> and creating the WebLogic Domain 6<br />
Configuring the nCipher JCE provider for key management and acceleration 7<br />
Configuring <strong>Oracle</strong> WebLogic <strong>Server</strong> to use the stored trusted certificate 13<br />
Addresses 15<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 3
Chapter 1:<br />
Introduction<br />
This guide explains how to integrate <strong>Oracle</strong> WebLogic <strong>Server</strong> with a <strong>Thales</strong> <strong>nShield</strong> Hardware<br />
<strong>Security</strong> Module (HSM). The instructions in this document have been thoroughly tested and<br />
provide a straight-forward integration process. There may be other untested ways to achieve<br />
interoperability.<br />
This document may not cover every step in the process of setting up all the software. This<br />
document assumes that you have read your HSM documentation and that you are familiar with<br />
the documentation and setup process for <strong>Oracle</strong> WebLogic <strong>Server</strong>.<br />
The HSM can significantly enhance the performance of the <strong>Oracle</strong> WebLogic <strong>Server</strong> by<br />
offloading and accelerating the SSL RSA cryptography. Heavy SSL traffic load can drastically<br />
lower the performance of a web server. The HSM offloads the SSL cryptographic processing<br />
from the web server’s CPU, which frees the server to process other transactions. The <strong>Oracle</strong><br />
WebLogic <strong>Server</strong> integrates with the HSM using the JCECSP interface.<br />
The benefits of using an HSM with the <strong>Oracle</strong> WebLogic <strong>Server</strong> are as follows:<br />
• Centralized secure storage of the private key.<br />
• Full life-cycle management of the keys.<br />
• Improved server performance by offloading the cryptographic processing.<br />
• Highest level of security assurance, the keys never leave the HSM as plain text.<br />
• FIPS 140-2 level 3 validated hardware.<br />
• Failover support.<br />
The integration between the HSM and the <strong>Oracle</strong> WebLogic <strong>Server</strong> has been tested in the<br />
following combinations:<br />
Operating system<br />
<strong>Windows</strong> <strong>Server</strong> 2008<br />
R2<br />
<strong>Oracle</strong><br />
WebLogic<br />
<strong>Server</strong><br />
version<br />
<strong>Thales</strong><br />
<strong>nShield</strong><br />
software<br />
version<br />
<strong>nShield</strong><br />
Solo<br />
support<br />
netHSM<br />
support<br />
<strong>nShield</strong><br />
Connect<br />
support<br />
<strong>nShield</strong><br />
Edge<br />
support<br />
10.3.5.0 11.50 Yes — Yes Yes<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 4
Supported nCipher functionality<br />
Additional documentation produced to support your <strong>Thales</strong> <strong>nShield</strong> product can be found in the<br />
document directory of the CD-ROM or DVD-ROM for that product.<br />
Note<br />
Throughout this guide, the term HSM refers to <strong>nShield</strong> Solo modules, netHSM,<br />
and <strong>nShield</strong> Connect products. (<strong>nShield</strong> Solo products were formerly known as<br />
<strong>nShield</strong>.)<br />
Supported nCipher functionality<br />
Key Generation Yes 1-of-N Operator Card<br />
Set<br />
Yes Strict FIPS Support —<br />
Key Management Yes K-of-N Operator Card — Load Sharing Yes<br />
Set<br />
Key Import — Softcards Yes Fail Over Yes<br />
Key Recovery Yes Module-only Key —<br />
Requirements<br />
Before you begin the integration process:<br />
• Read the Quick Start Guide or User Guide for your HSM.<br />
• Familiarize yourself with the setup procedures for <strong>Oracle</strong> WebLogic <strong>Server</strong>.<br />
Before running the setup program, you need to know:<br />
• The number and quorum of Administrator Cards in the Administrator Card Set (ACS), and<br />
the policy for managing these cards.<br />
• The number and quorum of Operator Cards in the OCS (only 1-of-N is supported), and the<br />
policy for managing these cards.<br />
• Whether the application keys are to be protected by the module, softcard or Operator Card<br />
Set (OCS).<br />
• Whether the security world needs to be compliant with FIPS 140-2 level 3.<br />
• Key attributes, such as the key size, persistence, and time out.<br />
• Whether or not key usage requires auditing.<br />
Note K-of-N functionality is not currently supported, which means you must create a 1-<br />
of-N OCS.<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 5
Chapter 2:<br />
Procedures<br />
To integrate <strong>Oracle</strong> WebLogic server with an <strong>nShield</strong> HSM:<br />
1 Install <strong>nShield</strong> Hardware and Software.<br />
2 Install <strong>Oracle</strong> WebLogic <strong>Server</strong> and create the WebLogic Domain.<br />
3 Configure the nCipher JCE provider for key management and acceleration.<br />
4 Configure <strong>Oracle</strong> WebLogic to use the stored trusted certificate.<br />
All these procedures are described in the following sections.<br />
Installing <strong>nShield</strong> Hardware and Software<br />
Install the HSM using the instructions in the documentation for the HSM.<br />
After installing the HSM, install the latest version of the <strong>Thales</strong> nCipher support software and<br />
configure the HSM as described in the User Guide for the HSM.<br />
Note<br />
We recommend that you uninstall any existing <strong>Thales</strong> nCipher software before<br />
installing the new software.<br />
Installing <strong>Oracle</strong> WebLogic <strong>Server</strong> and creating the<br />
WebLogic Domain<br />
To install <strong>Oracle</strong> WebLogic <strong>Server</strong>:<br />
1 Start the WebLogic <strong>Server</strong> installation by running wls1035_oepe111172_win32.exe.<br />
2 In the <strong>Oracle</strong> WebLogic welcome window, click Next.<br />
3 Accept the license agreement and click Next.<br />
4 Select either the desired home directory for the <strong>Oracle</strong> WebLogic server or the default<br />
directory, and then click Next.<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 6
Configuring the nCipher JCE provider for key management and acceleration<br />
5 Select the desired installation type, then click Next.<br />
6 To complete the installation, click Done.<br />
To create a sample WebLogic Domain:<br />
1 Select Start > All Programs > <strong>Oracle</strong> WebLogic > Quick Start.<br />
2 Click Getting Started with WebLogic <strong>Server</strong> 10.3.5.0, select Create a new WebLogic domain,<br />
and then click Next.<br />
3 Select Generate a domain configured automatically to support the following <strong>Oracle</strong> products<br />
and then click Next.<br />
4 Specify the name and location for the Domain.<br />
5 In the Configure Administrator Username and Password window, specify a username and a<br />
password (which must have a minimum length of 8 characters), and then confirm the<br />
password.<br />
6 In the Configure <strong>Server</strong> Start Mode and JDK window, accept the defaults and click Next.<br />
7 In the Select optional configuration window, accept the defaults and click Next.<br />
8 In the Configuration summary window, click Create.<br />
9 To complete the creation of the WebLogic Domain, click Done.<br />
Configuring the nCipher JCE provider for key management<br />
and acceleration<br />
The nCipher JCA/JCE CSP (Cryptographic Service Provider) allows Java applications and<br />
services to access the secure cryptographic operations and key management provided by <strong>Thales</strong><br />
HSMs. The nCipher JCA/JCE CSP is used with the standard JCE (Java Cryptographic Extension)<br />
Programming interface.<br />
Before you configure the nCipher JCE provider for key management and acceleration, check that<br />
the files for the nCipher JCE provider are installed (the default directory is C:\nfast\java\classes).<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 7
Configuring the nCipher JCE provider for key management and acceleration<br />
To install and configure the nCipher JCE provider:<br />
1 Configure the files for use with the <strong>Oracle</strong> WebLogic <strong>Server</strong> using the following method:<br />
- Set<br />
jceclasspath=C:\<strong>Oracle</strong>\jdk160_xx\jre\lib;C:\<strong>Oracle</strong>\jdk160_xx\jre\lib\ext;C:\<strong>Oracle</strong>\jdk1<br />
60_xx\jre\lib\security<br />
- Set CLASSPATH= jceclasspath;C:\nfast\java\classes<br />
- Set PATH= C:\<strong>Oracle</strong>\jdk160_xx\bin<br />
2 Install the nCipher JCA/JCE CSP by copying the nCipherKM.jar file from the<br />
C:\nfast\java\classes directory to the C:\<strong>Oracle</strong>\jdk160_xx\jre\lib\ext directory.<br />
3 Install the unlimited strength JCE jurisdiction policy files:<br />
a<br />
b<br />
Download the archive containing the Java Cryptography Extension (JCE) Unlimited<br />
Strength Jurisdiction Policy Files from:<br />
http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archivedownloads-java-plat-419418.html#jce_policy-6-oth-JPR<br />
Extract the local_policy.jar and US_export_policy.jar files from the Java Cryptography<br />
Extension (JCE) Unlimited Strength Jurisdiction Policy File archive, and copy them into<br />
the security directory (C:\<strong>Oracle</strong>\jdk160_xx\jre\lib\security).<br />
Note<br />
When you copy these files into the appropriate folder, you must overwrite any<br />
existing files with the same names.<br />
4 Using a text editor, open the Java security file (java.security) for editing. The Java security<br />
file is typically located in C:\<strong>Oracle</strong>\jdk160_xx\jre\lib\security\java.security.<br />
5 Add the nCipher JCE provider to the list of approved JCE providers for the WebLogic <strong>Server</strong>,<br />
as shown below:<br />
security.provider.1=com.ncipher.provider.km.nCipherKM<br />
security.provider.2=sun.security.provider.Sun<br />
security.provider.3=sun.security.rsa.SunRsaSign<br />
security.provider.4=com.sun.net.ssl.internal.ssl.Provider<br />
security.provider.5=com.sun.crypto.provider.SunJCE<br />
security.provider.6=sun.security.jgss.SunProvider<br />
security.provider.7=com.sun.security.sasl.Provider<br />
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI<br />
security.provider.9=sun.security.smartcardio.SunPCSC<br />
security.provider.10=sun.security.mscapi.SunMSCAPI<br />
Note<br />
The order is numerical: 1 is the most preferred, followed by 2, and so on.<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 8
Configuring the nCipher JCE provider for key management and acceleration<br />
6 Save your changes to the java.security file.<br />
7 Check that the nCipher JCA/JCE CSP has installed successfully by running the following<br />
command from the C:\nfast\java\classes directory:<br />
java com.ncipher.provider.Installationtest<br />
If the nCipher JCA/JCE provider has been installed correctly, it is included in the command<br />
output, as shown in the following example:<br />
Installed providers:<br />
1: nCipherKM<br />
2: SunJSSE<br />
3: SUN<br />
4: nCipherRSAPrivateEncrypt<br />
5: SunJCE<br />
6: SunJGSS<br />
Unlimited strength jurisdiction files are installed.<br />
The nCipher provider is correctly installed.<br />
nCipher JCE services:<br />
Alg.Alias.Cipher.1.2.840.113549.1.1.1<br />
Alg.Alias.Cipher.1.2.840.113549.3.4<br />
Alg.Alias.Cipher.AES<br />
Alg.Alias.Cipher.DES3<br />
Note<br />
If the JCE installation test does not list the nCipher JCA/JCE CSP with <strong>nShield</strong>,<br />
check that the Java ports are open in the nfast config file.<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 9
Configuring the nCipher JCE provider for key management and acceleration<br />
8 Generate Keystore using Java keytool.<br />
To generate a trusted certificate using Java keytool:<br />
a<br />
b<br />
Open the command prompt and navigate to<br />
C:\<strong>Oracle</strong>\Middleware\user_projects\domains\base_domain.<br />
Generate a new keystore and key pair (set com.ncipher.provider.km.nCipherKM to 1 in<br />
the java.security file) for any of the following purposes:<br />
• Card set protection:<br />
keytool -genkey -keystore ncqa -storepass 123456 -alias ncqaalias -keypass 123456 -keyalg RSA<br />
-keysize 1024 -sigalg SHA1withRSA -storetype nCipher.sworld<br />
Example:<br />
C:\<strong>Oracle</strong>\Middleware\user_projects\domains\base_domain>keytool -genkey -keystore ncqa -storepass 123456<br />
-alias ncqaalias -keypass 123456 -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -storetype nCipher.sworld<br />
What is your first and last name?<br />
[Unknown]: Application Guide<br />
What is the name of your organizational unit?<br />
[Unknown]: nCipher Guide<br />
What is the name of your organization?<br />
[Unknown]: nCipher<br />
What is the name of your City or Locality?<br />
[Unknown]: Woburn<br />
What is the name of your State or Province?<br />
[Unknown]: Cambridge<br />
What is the two-letter country code for this unit?<br />
[Unknown]: UK<br />
Is CN= Application Guide, OU= nCipher Guide, O= nCipher, L= Woburn, ST=<br />
Cambridge, C= UK correct?<br />
[no]: yes<br />
• Module protection:<br />
java -Dprotect=module -DignorePassphrase=true -cp "$CLASSPATH;." sun.security.tools.KeyTool -genkey<br />
-keystore ncqa -storepass 123456 -alias ncqaalias -keypass 123456 -keyalg RSA -keysize 1024<br />
-sigalg SHA1withRSA -storetype nCipher.sworld<br />
• Softcard protection:<br />
java -Dprotect=softcard:IDENT -cp "$CLASSPATH;." sun.security.tools.KeyTool -genkey -keystore ncqa<br />
-storepass 123456 -alias ncqaalias -keypass 123456 -keyalg RSA -keysize 1024 -sigalg SHA1withRSA<br />
-storetype nCipher.sworld<br />
In this command, IDENT is the logical token hash of the softcard, which you can<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 10
Configuring the nCipher JCE provider for key management and acceleration<br />
obtain by running the nkminfo -softcard-list command.<br />
9 Generate a certificate request from a key in the keystore (set<br />
com.ncipher.provider.km.nCipherKM to 1 in the java.security file) for any of the following<br />
purposes:<br />
- Card set protection:<br />
keytool -certreq -alias ncqaalias -file certreq.txt -keypass 123456 -keystore ncqa -sigalg SHA1withRSA<br />
-storepass 123456 -storetype nCipher.sworld<br />
- Module protection:<br />
java -Dprotect=module -DignorePassphrase=true -cp "$CLASSPATH;." sun.security.tools.KeyTool -certreq<br />
-alias ncqaalias -file certreq.txt -keypass 123456 -keystore ncqa -sigalg SHA1withRSA -storepass 123456<br />
-storetype nCipher.sworld<br />
- Softcard protection:<br />
java -Dprotect=softcard:IDENT -cp "$CLASSPATH;." sun.security.tools.KeyTool -certreq -alias ncqaalias<br />
-file certreq.txt -keypass 123456 -keystore ncqa -sigalg SHA1withRSA -storepass 123456<br />
-storetype nCipher.sworld<br />
10 Set the com.ncipher.km.nCipherKM priority to 4 in the java.security file, as shown below:<br />
security.provider.1=sun.security.provider.Sun<br />
security.provider.2=sun.security.rsa.SunRsaSign<br />
security.provider.3=com.sun.net.ssl.internal.ssl.Provider<br />
security.provider.4=com.ncipher.provider.km.nCipherKM<br />
security.provider.5=com.sun.crypto.provider.SunJCE<br />
security.provider.6=sun.security.jgss.SunProvider<br />
security.provider.7=com.sun.security.sasl.Provider<br />
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI<br />
security.provider.9=sun.security.smartcardio.SunPCSC<br />
security.provider.10=sun.security.mscapi.SunMSCAPI<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 11
Configuring the nCipher JCE provider for key management and acceleration<br />
11 Submit the certificate request to the preferred Certificate Authority (CA) to receive a signed<br />
certificate for any of the following purposes:<br />
- Card set protection:<br />
keytool -import -trustcacerts -alias trustalias -file rootcert.cer -keystore ncqa -storepass 123456<br />
-storetype nCipher.sworld<br />
Example:<br />
C:\<strong>Oracle</strong>\Middleware\user_projects\domains\base_domain>keytool -import -trustcacerts -alias trustalias<br />
-file rootcert.cer -keystore ncqa -storepass 123456 -storetype nCipher.sworld<br />
Owner: CN=TestCA, DC=nCipher, DC=co, DC=in<br />
Issuer: CN= TestCA, DC= nCipher, DC=co, DC=in<br />
Serial number: 5f54cbda3324f9c4aff9f3ffd55b51b<br />
Valid from: Fri Nov 04 16:27:43 PDT 2011 until: Tue Nov 04 15:37:41 PST 2014<br />
Certificate fingerprints:<br />
MD5: B4:C2:29:A9:3E:A9:61:94:A5:84:34:EA:51:F6:B1:80<br />
SHA1: 2E:4B:0D:2A:3F:84:C7:D8:34:54:7E:4E:B8:A3:38:D0:28:C0:FE:4D<br />
Trust this certificate? [no]: yes<br />
Certificate was added to keystore<br />
- Module protection:<br />
java -Dprotect=module -DignorePassphrase=true -cp "$CLASSPATH;." sun.security.tools.KeyTool -import<br />
-trustcacerts -alias trustalias -file rootcert.cer -keystore ncqa -storepass 123456<br />
-storetype nCipher.sworld<br />
- Softcard protection:<br />
java -Dprotect=softcard:IDENT -cp "$CLASSPATH;." sun.security.tools.KeyTool -import -trustcacerts<br />
-alias trustalias -file rootcert.cer" -keystore ncqa -storepass 123456 -storetype nCipher.sworld<br />
12 Check that:<br />
- The certificate is signed and trusted.<br />
- The CA is referenced in the standard java trust.<br />
If the CA is not referenced, you must set up the CA as a trusted CA. To set a CA as a<br />
trusted CA, import the CA trust certificate into a local keystore. You can obtain this<br />
certificate from the CA manager or vendor.<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 12
Configuring <strong>Oracle</strong> WebLogic <strong>Server</strong> to use the stored trusted certificate<br />
13 Import the signed certificate for any of the following purposes:<br />
- Card set protection:<br />
keytool -import -alias ncqalias -keypass 123456 -file certnew.cer -keystore ncqa -storepass 123456<br />
-storetype nCipher.sworld<br />
Example:<br />
C:\<strong>Oracle</strong>\user_projects\domains\base_domain>keytool -import -alias ncqalias -keypass 123456<br />
-file certnew.cer -keystore ncqa -storepass 123456 -storetype nCipher.sworld<br />
Certificate reply was installed in keystore<br />
- Module protection:<br />
java -Dprotect=module -DignorePassphrase=true -cp "$CLASSPATH;." sun.security.tools.KeyTool -import<br />
-alias ncqaalias -keypass 123456 -file certnew.cer -keystore ncqa -storepass 123456<br />
-storetype nCipher.sworld<br />
- Softcard protection:<br />
java -Dprotect=softcard:IDENT -cp "$CLASSPATH;." sun.security.tools.KeyTool -import -alias ncqaalias<br />
-keypass 123456 -file certnew.cer -keystore ncqa -storepass 123456 -storetype nCipher.sworld<br />
Configuring <strong>Oracle</strong> WebLogic <strong>Server</strong> to use the stored<br />
trusted certificate<br />
To configure <strong>Oracle</strong> WebLogic <strong>Server</strong> to use the stored trusted certificate:<br />
1 Start <strong>Oracle</strong> WebLogic <strong>Server</strong>.<br />
2 Open the Administration console (http://localhost:7001/console).<br />
3 Select Domain Structure > Environment and do the following:<br />
a<br />
b<br />
c<br />
Click <strong>Server</strong>s and then click Admin<strong>Server</strong>.<br />
Select SSL Listen Port enabled.<br />
In SSL Listen Port, type 443, and then click Save.<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 13
Configuring <strong>Oracle</strong> WebLogic <strong>Server</strong> to use the stored trusted certificate<br />
4 Select the Keystores tab and do the following:<br />
a<br />
b<br />
c<br />
d<br />
e<br />
f<br />
g<br />
h<br />
From the drop down menu, select Custom Identity and Custom Trust.<br />
In Custom Identity Keystore, type ncqa.<br />
In Custom Identity Keystore Type, type nCipher.sworld.<br />
In Custom Identity Keystore Passphrase, type 123456. Confirm the passphrase.<br />
In Custom Trust Keystore, type trustalias.<br />
In Custom Trust Keystore Type, type nCipher.sworld.<br />
In Custom Trust Keystore Passphrase, type 123456. Confirm the passphrase.<br />
Click Save.<br />
5 Select the SSL tab and do the following:<br />
a<br />
b<br />
c<br />
In Private Key Alias, type ncqaalias.<br />
In Private Key Passphrase, type 123456. Confirm the passphrase.<br />
Click Save.<br />
6 Log out from the Administration console.<br />
7 Restart the WebLogic <strong>Server</strong>.<br />
8 Open the Administration console using https://localhost/console.<br />
<strong>nShield</strong> Modules: Integration Guide for <strong>Oracle</strong> WebLogic <strong>Server</strong> <strong>11g</strong> Release 1 (10.3.5.0) for <strong>Windows</strong> 14
Addresses<br />
Americas<br />
2200 North Commerce Parkway, Suite 200, Weston, Florida 33326, USA<br />
Tel: +1 888 744 4976 or + 1 954 888 6200<br />
sales@thalesesec.com<br />
Europe, Middle East, Africa<br />
Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ, UK<br />
Tel: + 44 (0)1844 201800<br />
emea.sales@thales-esecurity.com<br />
Asia Pacific<br />
Units 4101, 41/F. 248 Queen’s Road East, Wanchai, Hong Kong, PRC<br />
Tel: + 852 2815 8633<br />
asia.sales@thales-esecurity.com<br />
Internet addresses<br />
Web site:<br />
Support:<br />
Online documentation:<br />
International sales offices:<br />
www.thales-esecurity.com<br />
www.thales-esecurity.com/en/Support.aspx<br />
www.thales-esecurity.com/Resources.aspx<br />
www.thales-esecurity.com/en/Company/Contact%20Us.aspx