KSS is implemented from the latest version of 11gan alternative solution for JKS .
Steps to import certificates in KSS
- Download the certificate which has entire chain or root certificate.
- Log in to Fusion Middleware Control (EM).
- From the navigation pane, locate the domain i.e “SOA Domain”
- Navigate to Security, then Keystore. The Keystore page appears.
- Expand the stripe in which the keystore resides and Select the row corresponding to the keystore. For this case system -> trust
We will use Trustore to place the certificate to call the external SSL partner link.
- Click Manage.
- If the keystore is password-protected, you are prompted for a password. Enter the keystore password and click OK.
- The Manage Certificates page appears. Click Import.
- The Import Certificate dialog appears.
- Select the certificate type, either Certificate or Trusted Certificate, from the drop-down. For this case use “Trusted Certificate”
- Provide an alias i.e “testTrust”
- Specify the certificate source. If using the Paste option, copy and paste the certificate directly into the text box. If using the Select a file option, click Browse to select the file from the operating system.
- Click OK. The imported certificate or trusted certificate appears in the list of certificates.
- Click OK.
- Bounce the managed server (It is not mandatory).
Trust store is used to store the external services SSL certificates
Identity store is used to store our own SSL Private Certificate
Castore is a jdk/jre jks file to store the trusted SSL certificates