My Oracle Support Banner

Complete Sample Of Two-Way SSL Using WLS Client => Oracle API Gateway => WLS Web Service Provider (Doc ID 1684815.1)

Last updated on MAY 06, 2019

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.

Goal

This document illustrates how to configure two-way SSL among a WLS Web Service Proxy Client => OAG => WLS Web Service Provider.
In this document, the certificates will be generated using openssl. This is recommended for a test environment, but for a production system it is recommended to have the certificates signed by a recognized CA.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 system image

                                        
1] Create the directories to contain the certificates
 2] Create the CAs for testing using openssl
 3] Create the Credit Authority Server (CreditAuthority/CreditAuthorityServer.jks) keystore for the SSL configuration on the web service side
 4] Create the CreditProvider keystore for the SSL Configuration on the OAG instance (Credit Provider)
 5] Create the InsuranceBrokerClient keystore for the SSL Configuration on the WLS InsBrokerDomain installation
 6] Import the "creditauthority ca" from the OAG Credit Provider Server to the InsuranceBrokerClient.jks keystore on the client side
 7] Import the "insbroker ca" from the InsBrokerDomain Server to the CreditAuthority/CreditAuthorityServer.jks keystore on the Service Provider Server (OAG) side
 8] Configure the WLS on the Credit Authority Server side to use the CreditProvider/CreditProviderServer.jks keystore created in step 4
 9] In order to be able to access the HTTPS port from the browser, we need not to import the certificates as follows:
 10] Deploy the CreditCheckService, CreditCheckPort, isCredited(String ssn):boolean on the Credit Authority Server side (CRDSRVDomain)
 11] Import the Certificates from the CreditProviderServer.jks keystore to the OAG instance
 12] Configure Policy Studio to use the client keystore to be able to communicate with the WLS using two-way SSL
 13] Register the https web service interface on OAG
 14] Set the Routing to use the trusted certificate and also the client SSL authentication certificate, otherwise it will fail during testing as this will not be able to connect as this is not using two-way SSL yet
 15] Test the web service call from the Gateway Explorer. This test is using the HTTP interface between the OAG and the client (OAG Gateway Explorer). Not using the two-way SSL yet on this side of the system
 16] Create the HTTPS port in the OAG instance and set the SSL certificate and two-way ssl
 17] Test the OAG HTTPS Interface created in the previous step
 18] Configure WLS on the InsBrokerDomain side (mhernand-us.us.oracle.com) to use the InsuranceBroker/InsuranceBrokerClient.jks keystore created in step 5
 19] Create the Web Service Proxy to be used on the Insurance Broker Client side
 20] Call the servlet created in the previous point
 21] Check data in traffic monitor
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.