How to Enable SSL Authentication for Oracle XML Gateway OTA (Doc ID 1228694.1)

Last updated on MAY 02, 2016

Applies to:

Oracle XML Gateway - Version 11.5.10.2 to 12.2 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.
***Checked for relevance on 12-Aug-2013***

Goal

Implementing SSL for Oracle XML Gateway 'Oracle Transport Agent' OTA

The ca-bundle.crt is only used on the SENDER. The sending instance (ECX_OUTBOUND) does not have to be configured for SSL as it is simply performing as a client such as your web browser. The ca-bundle.crt contains all the recognized trusted CA issuers and that in order to for users who have configured for SSL to receive HTTPS-OXTA they need a valid CA certificate issued by an official CA that are listed in the ca-bundle.crt. For self signed certificates each trading partner will have to be provided with the recipient’s server.crt so it can be appended to ca-bundle.crt for Intranet transactions using Self Signed. The server.crt will complete the chain otherwise there will be a SSL handshake failed: X509CertChainIncompleteErr in the Apache logs on the SENDER. The -DOASSLCACertFile parameter in the:

$IAS_ORACLE_HOME/Apache/Jserv/etc/jserv.properties (11.5.9 default) or
$IAS_ORACLE_HOME/Apache/Jserv/etc/xmlsvcs.properties (11.5.10+) should point to the certificate
store such as ca-bundle.crt. The OTA XML Gateway parameters were migrated to $IAS_ORACLE_HOME/Apache/Jserv/etc/xmlsvcs.properties in later autoconfig, adclone, and technology template patches so that the OTA will have its own java pool to use.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms