1.

Prepare Certificates for Credit Bureau

OFSLL has two ways to pull the Credit Bureau details.
• Non-MDB flow: Here, Credit Bureau pull happens from DB server layer.
• MDB flow: Here Credit Bureau pull happens from App server layer.

System has two different types of MDB flow.

• Bureau specific MDBs (like OfsllTransUnionIntfcMDB, OfsllEquifaxIntfcMDB) to all the
Bureau
• Common MDB (i.e OfsllCreditBureauMDB) for all the Bureau.

1.1 Certificate file details for Bureau

Credit Bureau Flow Certificate File Bureau Name

Non-MDB(Message Driven default.txt Experian, Equifax and CSC

Bean)
transunion.jks TransUnion

Bureau specific MDB (Message OfsllTrust.jks Experian, Equifax and CSC

Driven Bean) flow
transunion.jks TransUnion

Common MDB (Message transunion.jks TransUnion (Only TransUnion adapter

Driven Bean) for all bureau is available)

1.2 Download Certificates

Save all the certificates or certificates chain from the vendor website.

Note to save the certificates in "Base-64 encoded X.509(.CER)" and with extn.cer, steps for
saving certificates from the vendor website.

Once all certificates are saved, add all the certificates or certificate chain in default.txt files.

Vendor URL to download the certificates.

Export the certificate in local env.
 Exported certificate need to paste in default.

1.3 Manage Certificates

1.3.1 Non-MDB flow

Paste the Experian, Equifax and CSC certificates or certificate chain in default.txt file as indicated
below.
1.3.2 MDB flow

Create the Key Store for Experian, Equifax and CSC

Commands
• Create the key store
keytool -genkey -keyalg RSA -keystore keystore <Key store Path> / file_name.jks -
keysize 2048
• Import the certificates
keytool -import -trustcacerts -file <file_path>/file_name.cer -alias alias_name -keystore
keystore <Key store Path> / file_name.jks

Note: for <file_path>/file_name.cer please find above section Download the certificates.
 • View the certificates
keytool -list -v -alias alias <alias as mentioned in config file> -keystore <Key store Path> /
file_name.jks

1.4 Convert PKCS#12 file to JKS file

For example, always from the TransUnion we will get the PKCS#12 because from the vendor
URL cannot download the certificate.

So after getting the certificates using below command can create the JKS file.

keytool -importkeystore -srckeystore <wallet path> -srcstoretype pkcs12 -destkeystore

<JKS file path with name> -deststoretype jks

Note: transunion JKS(KeyStore) file is common for non-mdb and mdb flow.

1.5 Adapter flow

With the new adapter based flow certificates are maintained in WebLogic Keystore.

If the certificate doesn’t have public key associated with it, then it can be directly imported in
WebLogic KeyStore as detailed below.

Perform the following steps:

1. Login to Weblogic Enterprise Manager and go to Security > KeyStore
2. Create a stripe called OFSLL_STRIPE and a keystore under this stripe as OFSLL_KSS
3. Select keystore OFSLL_KSS and click ‘Import’ button.

4. Select certificate type as Trusted Certificate and give the alias name same as channel name.

5. Upload the certificate. (To get the certificate, refer Download the certificate section).
6. Certificate imported successfully in WebLogic KeyStore.

• If the certificate has public key associated with it, then it can’t be directly imported in
WebLogic KeyStore, instead below steps has to be followed to import it into WebLogic
KeyStore.

Using WLST online mode, certificate can be imported in WebLogic KeyStore.

To do so, connect to the AdminServer and then execute the following commands:

Commands:
$ cd $MW_HOME/oracle_common/common/bin/
$ ./wlst.sh
wls:/offline> connect()
Please enter your username :USER_NAME
Please enter your password : XXXXXXXX
Please enter your server URL t3://<host name>:<port>
wls:/demo_domain/serverConfig/> svc = getOpssService(name='KeyStoreService')
wls:/mydomain/serverConfig> svc.importKeyStore(appStripe='OFSLL_STRIPE',
name='OFSLL_KSS', password='XXXXX',aliases=alias_ name',
keypasswords=',xxxxxxxx, type='JKS', permission=true,
filepath='$file_path/file_name.jks')

Note: to get the JKS file please refer to section 1.2 Download certificate and KeyStore creation
section.
Below screen indicates WebLogic KeyStore after importing the certificate.