Specifying a second private certificate in Oracle FMW

Normally, you will have in your Oracle FMW one keystore with one private certificate and several trusted certificates, like this:

Certificates in Keystore

But you might be interested in having a second private certificate, especially if you are using B2B and want to configure a different certificate for a channel encryption.

Digitale Signature

The certificates available for the digital signature are only the private ones from the corresponding B2B keystore. So, follow these steps to configure a new private certificate:

Adding Keypair

1- Generate a new Keypair

The first thing to do is generate a new keypair inside the already existing keystore. The “Generate Keypair” Button will open up a pop up where you can enter the new alias and the desired distinguished name.





2- Generate a CSR

Once the Keypair was created, you have to generate “Certificate Signing Request” in order to get the certificate signed by a certification authority. Select the previously created certificate and press “Generate CSR”. Copy the content into a text file or just download it.

Sign Certificate

3- Sign the certificate

Now you have to sign the certificate. You have two options: let it be signed by a certification authority or sign it yourself. Thee are many Blog entries that describe how to sign it by yourself. I can recommend this one:

Import certificate

4- Import the signed certificate

Finally go back to the Keystore Page in the FMWControl and press “Import”. Select the alias from step 1 and copy and paste the certificate or import the file. Just remember that the signed certificate has also some metadata that FMW don’t recognize. You just need to copy the information between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” including the placeholders.

And voila, there you have your second private certificate in your keystore:

Private Certificates



I tried first manually importing the two private certificates and then creating the keystore in FMW. I managed to create the keystore, but I could not define the two aliases when I was importing it in FMW. Maybe in newer versions this will be possible.