Upload an SSL Certificate

Certificates are used to validate outbound SSL connections. If you make an SSL connection in which the root certificate does not exist in Oracle Integration, an exception is thrown. In that case, you must upload the appropriate certificate. A certificate enables Oracle Integration to connect with external services. If the external endpoint requires a specific certificate, request the certificate and then upload it into Oracle Integration.

For Process, use this page to manage runtime security certificates for message protection. Upload, update, or delete certificates as needed. In Process applications, certificates are used to validate external web service connections for an application when message security is applied. If an external endpoint requires a specific certificate, request the certificate and upload it into Oracle Integration. An expired certificate results in a process instance error.

To upload an SSL certificate:

  1. In the left navigation pane, click Home > Settings > Certificates.

    All certificates currently uploaded to the trust store are displayed in the Certificates dialog. The Filter icon link enables you to filter by name, certificate expiration date, status, type, category, and installation method (user-installed or system-installed). Certificates installed by the system cannot be deleted.
    Description of certificates.png follows

  2. Click Upload at the top of the page.

    The Upload Certificate dialog box is displayed.

  3. Enter an alias name and optional description.
  4. In the Type field, select the certificate type. Each certificate type enables Oracle Integration to connect with external services.
    • X.509 (SSL transport)
    • SAML (Authentication & Authorization)
    • PGP (Encryption & Decryption)

X.509 (SSL transport)

  1. Select a certificate category.
    1. Trust: Use this option to upload a trust certificate.
      1. Click Browse, then select the trust file (for example, .cer or .crt) to upload.
    2. Identity: Use this option to upload a certificate for two-way SSL communication.
      1. Click Browse, then select the keystore file (.jks) to upload.
      2. Enter the comma-separated list of passwords corresponding to key aliases.
        Note

        When an identity certificate file (JKS) contains more than one private key, all the private keys must have the same password. If the private keys are protected with different passwords, the private keys cannot be extracted from the keystore.
      3. Enter the password of the keystore being imported.
    3. Click Upload.

SAML (Authentication & Authorization)

  1. Note that Message Protection is automatically selected as the only available certificate category and cannot be deselected. Use this option to upload a keystore certificate with SAML token support. Create, read, update, and delete (CRUD) operations are supported with this type of certificate.
  2. Click Browse, then select the certificate file (.cer or .crt) to upload.
  3. Click Upload.

PGP (Encryption & Decryption)

  1. Select a certificate category. Pretty Good Privacy (PGP) provides cryptographic privacy and authentication for communication. PGP is used for signing, encrypting, and decrypting files. You can select the private key to use for encryption or decryption when configuring the stage file action.
    1. Private: Uses a private key of the target location to decrypt the file.
      1. Click Browse, then select the PGP file to upload.
      2. Enter the PGP private key password.
    2. Public: Uses a public key of the target location to encrypt the file.
      1. Click Browse, then select the PGP file to upload.
      2. In the ASCII-Armor Encryption Format field, select Yes or No. Yes shows the format of the encrypted message in ASCII armor. ASCII armor is a binary-to-textual encoding converter. ASCII armor formats encrypted messaging in ASCII. This enables messages to be sent in a standard messaging format. This selection impacts the visibility of message content. No causes the message to be sent in binary format.
      3. From the Cipher Algorithm list, select the algorithm to use. Symmetric-key algorithms for cryptography use the same cryptographic keys for both encryption of plain text and decryption of cipher text.
    3. Click Upload.