Tuesday, February 7, 2017

Enabling SSL for Oracle SOA Managed Server

SSL or TLS is a transport level security, a de-facto standard for secured communication over web ( HTTPS) or file systems( sFTP/secure File transfers). It secures communication by providing message encryption, integrity, and authentication.

  • Authentication enables the server and client to check that the other party is who it claims to be.
  • Integrity ensures that a message sent by a client is received intact by the server, untampered.
  • Encryption provides confidentiality by allowing only the intended recipient to read the message.

For more details about this refer to http://docs.oracle.com/cd/E25054_01/core.1111/e10105/sslconfig.htm#autoId1

The below picture depicts succintly and clearly how SSL session is conducted:

Two kinds of SSL options exist -

  • One Way  
  • Two way. 

This is often misleading term with out mentioning the source and destination. One-Way usually refers to the source trying to be able to call a secured service at the destination. Two Way refers to destination also being able to consume the  secured services at the source in addition to one -way, better represented using pictures below. Source: ibm.com

To configure 2 way SSL on on Oracle SOA 11g Managed server the below are high level steps:

  1. Generate public key/ private key pair in a java identity key store.
  2. Generate either  
  3. Copy the self signed certificate to trust keystore.
  4. Add the third party certificates ( root/intermediate) into the trust storeModify the setDomainEnv.sh to refer to correct trust store.
  5. Refer to the above custom identity and trust stores from SOA managed server in weblogic.
  6. Enable SSL on a port.

The detailed steps for the same are clearly mentioned in the below posts: