Why We need Certificates:
- Certificates are used to validate outbound SSL connections. If we make an SSL connection in which root certificates do not exist in OICS, an exception will be thrown. In such cases, we must upload the appropriate certificates.
- A certificate enables OICS to connect with external services. If the external endpoint requires a specific sertificate, request the certificate and then upload it into Oracle integration.
- PGP type certificates or keys are used to encrypt or decrypt the files.
Prerequisite
Enable following feature:
• oic.suite.settings.certificate (Suite level certificate landing page)
To enable feature flags - Refer to Blog on Enabling Feature Flags in Oracle Integration
The minimum Oracle Integration version required for the feature is 190924.1600.31522
Type of Certificates:
Type: X509 (SSL Transport) – An SSL/TLS X.509 certificate is a digital file that's usable for Secure Sockets Layer (SSL) or Transport Layer Security (TLS). The certificate can assist with authenticating and verifying the identity of a host or site thus enables Oracle Integration to connect with external service.
- Category: Identity (Ex. .jks):
- An identity certificate is a keystore which can contain various certificates with passwords.
- Use this option to upload certificate for two way SSL communication.
- Category: Trust (Ex. .crt or .cert):
- use this option to upload a trust certificate.
Type: SAML(Authentication & Authorization) - SAML refers to the XML variant language used to encode information.
- Category: Message Protection - Its a Message Protection certificate which has SAML token support.
Type: PGP (Encryption & Decryption) - Pretty Good Privacy (PGP) is used in Stage File for signing, encrypting, and decrypting texts.
- Category: Private - Content can be decrypted with private PGP key.
- Category: Public - Content can be encrypted with public PGP key.
Navigation To Certificate:
Settings >> Certificates
- Click on the upload on top-right corner.
- A drawer opens up with the details to fill up.
- Enter alias name which identifies the certificate.
- Give a brief description (optional) about the certificate you are uploading.
- Select the type of Certificate you want to upload. You can choose from the list: X.509, SAML, and PGP.
- Choose the category of certificate. For a X.509 → Trust, Identity, SAML → Message Protection, and PGP → Public, Private.
- Choose a file from your local system to upload.
The main difference between Identity and Trust stores:
Identity Store : Used to store Server Certificates , CA certificate Chain , Public private key pair. Whenever some client requests Server to communicate on SSL, server uses them to serve the SSL certificate to a client.
Trust Store: Used to store third party Root certificates or Third Party server certificates. It is used to validate the third party server certificates while communicating over SSL.
When you configure SSL, you must decide how identity and trust will be stored. Although one keystore can be used for both identity and trust, Oracle recommends using separate keystores for both identity and trust because the identity keystore ( contains private key/digital certificate pairs ) and the trust keystore (contains trusted CA certificates only) may have different security requirements.
No comments:
Post a Comment