How to Section

Create and Configure Keystore

1. This OIPA keystore is shipped with the product.

2. Store it in the shared or conf directory.

3. Set file permissions: chmod 600

4. Set password using:

   export OIPA_KEYSTORE_PWD=XXXX

   Note: For default password please refer to deployment or set up document.

5. Configure properties: application.keyStorePath=/path/to/shared/conf/oipakeystore.p12

   application.keyStoreAlias=OIPAALIASDEFAULT

   application.hmacKeyStoreAlias=OIPAALIASHMACKEY

   Note: In 12.2, application.keyStorePath refers to the PKCS12 keystore file itself. The default alias remains unchanged, and new aliases can be added to the same keystore file as separate entries.
   

Example from current 12.2 configuration:

application.keyStorePath=/scratch/oipa/Oracle/oipa/conf/oipakeystore.p12

application.keyStoreAlias=OIPAALIASDEFAULT

application.hmacKeyStoreAlias=OIPAALIASHMACKEY

Supported Operations

• Change keystore password.

• Move or rename keystore file.

• Access keystore using configured path.

• Add new secret-key aliases to an existing keystore without modifying the existing default alias.