Complete Sample Of Two-Way SSL Using WLS Client => Oracle API Gateway => WLS Web Service Provider
(Doc ID 1684815.1)
Last updated on SEPTEMBER 25, 2019
Applies to:Oracle API Gateway - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
This document illustrates how to configure two-way SSL among a WLS Web Service Proxy Client => OAG => WLS Web Service Provider.
In this document, the certificates will be generated using openssl. This is recommended for a test environment, but for a production system it is recommended to have the certificates signed by a recognized CA.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
1] Create the directories to contain the certificates
|2] Create the CAs for testing using openssl|
|3] Create the Server1 (<server1>.jks) keystore for the SSL configuration on the web service side|
|4] Create the <server2> keystore for the SSL Configuration on the OAG instance (<server2>)|
|5] Create the <Client> keystore for the SSL Configuration on the WLS <Client-Domain> installation|
|6] Import the "<server1 ca>" from the OAG <Server2> to the <Client>.jks keystore on the client side|
|7] Import the "<client ca>" from the <Client-Domain> Server to the <Server1>.jks keystore on the <Server2> (OAG) side|
|8] Configure the WLS on the <Server1> side to use the <Server2>.jks keystore created in step 4|
|9] In order to be able to access the HTTPS port from the browser, we need not to import the certificates as follows:|
|10] Deploy the CreditCheckService, CreditCheckPort, isCredited(String ssn):boolean on the <Server1> side (<Server1-Domain>)|
|11] Import the Certificates from the <Server2>.jks keystore to the OAG instance|
|12] Configure Policy Studio to use the client keystore to be able to communicate with the WLS using two-way SSL|
|13] Register the https web service interface on OAG|
|14] Set the Routing to use the trusted certificate and also the client SSL authentication certificate, otherwise it will fail during testing as this will not be able to connect as this is not using two-way SSL yet|
|15] Test the web service call from the Gateway Explorer. This test is using the HTTP interface between the OAG and the client (OAG Gateway Explorer). Not using the two-way SSL yet on this side of the system|
|16] Create the HTTPS port in the OAG instance and set the SSL certificate and two-way ssl|
|17] Test the OAG HTTPS Interface created in the previous step|
|18] Configure WLS on the <Client-Domain> side (<HOSTNAME>) to use the <Client>.jks keystore created in step 5|
|19] Create the Web Service Proxy to be used on the Client side|
|20] Call the servlet created in the previous point|
|21] Check data in traffic monitor|