Friday, August 31, 2007

FAQ - OWSM 10.1.3 : Basic install Vs Advanced install

OWSM install has 2 options - Basic and Advanced
Basic install runs on oc4j_extended.zip, while Advanced install runs on production quality OC4J.
Basic install is targeted for usages such as developement, POC, and trainings.
If you have installed the product using Basic install, then you can't migrate it to Advanced install. You have to reinstall the product as Advanced install.

Monday, August 6, 2007

How To - 10.1.3 OWSM: Use PKCS12 certificates for signing, encryption

Oracle Web Services Manager (OWSM) uses certificates to sign/encrypt and decrypt/verify the SOAP messages. The certificate stores supported for certificate lookup are JKS and PKCS12.
OWSM supports PKCS12 only with BouncyCastle as the security provider. Sun security provider is not supported at this time. If Java keytool is used to create PKCS12 certificate store, then follow the instructions in this post to create the PKCS12 store that is compatible with OWSM.

How To - Creating PKCS12 certificate store with BouncyCastle provider

PKCS12 certificate store can be created using various tools such as Java keytool, Microsoft Certificate Authority Service, and OpenSSL.
When Java keytool is used to create PKCS12 store, it creates using the Sun provider.

The following instructions allow you to create a PKCS12 store with BouncyCastle provider.

  1. Modify java.security file under JRE_HOME/lib/security directory to include BouncyCastle as the security provider.
    Add the following entry under the section "List of providers and their preference orders", security.provider.x=org.bouncycastle.jce.provider.BouncyCastleProvider.
    Make sure the entry is added above security.provider.x+1=com.sun.net.ssl.internal.ssl.Provider
    (Here x is the index of the sequence of service providers.)

  2. Put BouncyCastle jar under JRE_HOME/lib/ext directory.
    Tip: If using OWSM, instead of downloading you can copy it from ORACLE_HOME/owsm/lib/extlib/bcprov-jdk14-119.jar

  3. Run keytool from JRE_HOME/bin directory.
    keytool -genkey -v -alias aprivatekey -keyalg RSA -keystore
    mykeystore.p12 -storepass changeit -storetype pkcs12 -provider org.bouncycastle.jce.provider.BouncyCastleProvider
Contributed by Rohit Soni