My Oracle Support Banner

Complete Sample Of Two-Way SSL Using WLS Client => Oracle API Gateway => WLS Web Service Provider (Doc ID 1684815.1)

Last updated on OCTOBER 14, 2022

Applies to:

Oracle API Gateway - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Goal

This document illustrates how to configure two-way SSL among a WLS Web Service Proxy Client => OAG => WLS Web Service Provider.
In this document, the certificates will be generated using openssl. This is recommended for a test environment, but for a production system it is recommended to have the certificates signed by a recognized CA.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
 system image

                                        
1] Create the directories to contain the certificates
 2] Create the CAs for testing using openssl
 3] Create the Server1 (<server1>.jks) keystore for the SSL configuration on the web service side
 4] Create the <server2> keystore for the SSL Configuration on the OAG instance (<server2>)
 5] Create the <Client> keystore for the SSL Configuration on the WLS <Client-Domain> installation
 6] Import the "<server1 ca>" from the OAG  <Server2> to the <Client>.jks keystore on the client side
 7] Import the "<client ca>" from the <Client-Domain> Server to the <Server1>.jks keystore on the <Server2> (OAG) side
 8] Configure the WLS on the <Server1> side to use the <Server2>.jks keystore created in step 4
 9] In order to be able to access the HTTPS port from the browser, we need not to import the certificates as follows:
 10] Deploy the CreditCheckService, CreditCheckPort, isCredited(String ssn):boolean on the <Server1> side (<Server1-Domain>)
 11] Import the Certificates from the <Server2>.jks keystore to the OAG instance
 12] Configure Policy Studio to use the client keystore to be able to communicate with the WLS using two-way SSL
 13] Register the https web service interface on OAG
 14] Set the Routing to use the trusted certificate and also the client SSL authentication certificate, otherwise it will fail during testing as this will not be able to connect as this is not using two-way SSL yet
 15] Test the web service call from the Gateway Explorer. This test is using the HTTP interface between the OAG and the client (OAG Gateway Explorer). Not using the two-way SSL yet on this side of the system
 16] Create the HTTPS port in the OAG instance and set the SSL certificate and two-way ssl
 17] Test the OAG HTTPS Interface created in the previous step
 18] Configure WLS on the <Client-Domain> side (<HOSTNAME>) to use the <Client>.jks keystore created in step 5
 19] Create the Web Service Proxy to be used on the Client side
 20] Call the servlet created in the previous point
 21] Check data in traffic monitor
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.