PKI Root Certificate Import For VBCS (Doc ID 2951141.1)

Last updated on MAY 30, 2023

Applies to:

Goal

Customers may receive notification to import new PKI root certificate (Digicert Global Root G2). As mentioned in notification, any client applications built by customers that call Oracle Integration Cloud APIs (OIC factory APIs as well as OIC Flow endpoints) should ensure the new certificate bundle is added to the trust store that is used by their client applications. For your information, the mail template/content can be seen like below:

Oracle Cloud Integration - Introduction of new PKI Root Certification

Oracle Cloud Infrastructure Customer,
As part of regular maintenance the Oracle Integration DevOps team is rotating the root certificate and is in the process of introducing the new PKI root certificate (Digicert Global Root G2). This exercise is scheduled to be finished by a date (example : May 20th) and no action is required by most customers, unless you fall into the 2 categories below and only if you are getting SSL certificate validation errors. This is part of our regular maintenance cycle as specified by OCI security and certificate management policies. Please note that root certificates are a best practice on the security side and have been in rotation since 2020.
The following sets of use cases would call for customers to take immediate actions:
Any client applications built by customers that call Oracle Integration Cloud APIs (OIC factory APIs as well as OIC Flow endpoints) should ensure the new certificate bundle is added to the trust store that is used by their client applications (this is usually done automatically for operating systems receiving regular security patches).
A few examples are:
• Using client applications used to call OIC SOAP / REST endpoints stood up using SOAP / REST adapters as triggers – please make sure your root certificates are updated for your client applications·
• On premise applications such as Siebel, JDE, and Fusion may not have up to date certificates – please update the certificates for their client applications
Any customer using an OCI load balancer sending to an Oracle Integration Cloud backend, and enabling verify peer certificates, update them manually as they will not be updated automatically.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.