Upload an SSL Certificate

Certificates are used to validate outbound SSL connections.

If you make an SSL connection in which the root certificate does not exist in Oracle Integration, an exception error is thrown. In that case, you must upload the appropriate certificate. A certificate enables Oracle Integration to connect with external services. If the external endpoint requires a specific certificate, request the certificate and then upload it into Oracle Integration.
  1. Sign in to Oracle Integration.
  2. In the navigation pane, click Settings, then Certificates.

    All certificates currently uploaded to the trust store are displayed on the Certificates page.

  3. Click Filter Filter icon to filter by name, certificate expiration date, status, type, category, and installation method (user-installed or system-installed). Certificates installed by the system cannot be deleted.

    Description of oic3_certificates.png follows

  4. Click Upload at the top of the page.

    The Upload certificate panel is displayed.

  5. Enter an alias name and optional description.
  6. In the Type field, select the certificate type. Each certificate type enables Oracle Integration to connect with external services.

X.509 (SSL transport)

  1. Select a certificate category.
    1. Trust: Use this option to upload a trust certificate.
      1. Click Choose File, then select the trust file (for example, .cer or .crt) to upload.
    2. Identity: Use this option to upload a certificate for two-way SSL communication.
      1. Click Choose File, then select the keystore file (.jks) to upload.
      2. Enter the comma-separated list of passwords corresponding to key aliases.

        When an identity certificate file (.jks) contains more than one private key, all the private keys must have the same password. If the private keys are protected with different passwords, the private keys cannot be extracted from the keystore.
      3. Enter the password of the keystore being imported.
    3. Click Upload.

SAML (Authentication & Authorization)

  1. Note that Message Protection is automatically selected as the only available certificate category and cannot be deselected. Use this option to upload a keystore certificate with SAML token support. Create, read, update, and delete (CRUD) operations are supported with this type of certificate.
  2. Click Choose File, then select the certificate file (.cer or .crt) to upload.
  3. Click Upload.

PGP (Encryption & Decryption)

  1. Select a certificate category. Pretty Good Privacy (PGP) provides cryptographic privacy and authentication for communication. PGP is used for signing, encrypting, and decrypting files. You can select the private key to use for encryption or decryption when configuring the stage file action.
    1. Private: Uses a private key of the target location to decrypt the file.
      1. Click Choose File, then select the PGP file to upload.
      2. Enter the PGP private key password.
    2. Public: Uses a public key of the target location to encrypt the file.
      1. Click Choose File, then select the PGP file to upload.
      2. In the ASCII-Armor Encryption Format field, select Yes or No.
        • Yes shows the format of the encrypted message in ASCII armor. ASCII armor is a binary-to-textual encoding converter. ASCII armor formats encrypted messaging in ASCII. This enables messages to be sent in a standard messaging format. This selection impacts the visibility of message content.
        • No causes the message to be sent in binary format.
      3. From the Cipher Algorithm list, select the algorithm to use. Symmetric-key algorithms for cryptography use the same cryptographic keys for both encryption of plain text and decryption of cipher text. The following supported cipher algorithms are FIPS-compliant:
        • AES128
        • AES192
        • AES256
        • TDES
    3. Click Upload.

Signing key

A signing key is a secret key used to establish trust between applications. Signing keys are used to sign ID tokens, access tokens, SAML assertions, and more. Using a private signing key, the token is digitally signed and the server verifies the authenticity of the token by using a public signing key. You must upload a signing key to use the OAuth Client Credentials using JWT Client Assertion and OAuth using JWT User Assertion security policies in REST Adapter invoke connections. Only PKCS1- and PKCS8-formatted files are supported.

  1. Select Public or Private.
  2. Click Choose file to upload a key file.

    If you selected Private, and the private key is encrypted, a field for entering the private signing key password is displayed after key upload is complete.

  3. Enter the private signing key password. If the private signing key is not encrypted, you are not required to enter a password.