Complete Sample Of Two-Way SSL Using WLS Client => Oracle API Gateway => WLS Web Service Provider
(Doc ID 1684815.1)
Last updated on MAY 06, 2019
Applies to:Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.
This document illustrates how to configure two-way SSL among a WLS Web Service Proxy Client => OAG => WLS Web Service Provider.
In this document, the certificates will be generated using openssl. This is recommended for a test environment, but for a production system it is recommended to have the certificates signed by a recognized CA.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
1] Create the directories to contain the certificates
|2] Create the CAs for testing using openssl|
|3] Create the Credit Authority Server (CreditAuthority/CreditAuthorityServer.jks) keystore for the SSL configuration on the web service side|
|4] Create the CreditProvider keystore for the SSL Configuration on the OAG instance (Credit Provider)|
|5] Create the InsuranceBrokerClient keystore for the SSL Configuration on the WLS InsBrokerDomain installation|
|6] Import the "creditauthority ca" from the OAG Credit Provider Server to the InsuranceBrokerClient.jks keystore on the client side|
|7] Import the "insbroker ca" from the InsBrokerDomain Server to the CreditAuthority/CreditAuthorityServer.jks keystore on the Service Provider Server (OAG) side|
|8] Configure the WLS on the Credit Authority Server side to use the CreditProvider/CreditProviderServer.jks keystore created in step 4|
|9] In order to be able to access the HTTPS port from the browser, we need not to import the certificates as follows:|
|10] Deploy the CreditCheckService, CreditCheckPort, isCredited(String ssn):boolean on the Credit Authority Server side (CRDSRVDomain)|
|11] Import the Certificates from the CreditProviderServer.jks keystore to the OAG instance|
|12] Configure Policy Studio to use the client keystore to be able to communicate with the WLS using two-way SSL|
|13] Register the https web service interface on OAG|
|14] Set the Routing to use the trusted certificate and also the client SSL authentication certificate, otherwise it will fail during testing as this will not be able to connect as this is not using two-way SSL yet|
|15] Test the web service call from the Gateway Explorer. This test is using the HTTP interface between the OAG and the client (OAG Gateway Explorer). Not using the two-way SSL yet on this side of the system|
|16] Create the HTTPS port in the OAG instance and set the SSL certificate and two-way ssl|
|17] Test the OAG HTTPS Interface created in the previous step|
|18] Configure WLS on the InsBrokerDomain side (mhernand-us.us.oracle.com) to use the InsuranceBroker/InsuranceBrokerClient.jks keystore created in step 5|
|19] Create the Web Service Proxy to be used on the Insurance Broker Client side|
|20] Call the servlet created in the previous point|
|21] Check data in traffic monitor|