How to Enable SSL Authentication for Oracle XML Gateway OTA
Last updated on MAY 02, 2016
Applies to:Oracle XML Gateway - Version 220.127.116.11 to 12.2 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.
***Checked for relevance on 12-Aug-2013***
Implementing SSL for Oracle XML Gateway 'Oracle Transport Agent' OTA
The ca-bundle.crt is only used on the SENDER. The sending instance (ECX_OUTBOUND) does not have to be configured for SSL as it is simply performing as a client such as your web browser. The ca-bundle.crt contains all the recognized trusted CA issuers and that in order to for users who have configured for SSL to receive HTTPS-OXTA they need a valid CA certificate issued by an official CA that are listed in the ca-bundle.crt. For self signed certificates each trading partner will have to be provided with the recipientâs server.crt so it can be appended to ca-bundle.crt for Intranet transactions using Self Signed. The server.crt will complete the chain otherwise there will be a SSL handshake failed: X509CertChainIncompleteErr in the Apache logs on the SENDER. The -DOASSLCACertFile parameter in the:
$IAS_ORACLE_HOME/Apache/Jserv/etc/jserv.properties (11.5.9 default) or
$IAS_ORACLE_HOME/Apache/Jserv/etc/xmlsvcs.properties (11.5.10+) should point to the certificate
store such as ca-bundle.crt. The OTA XML Gateway parameters were migrated to $IAS_ORACLE_HOME/Apache/Jserv/etc/xmlsvcs.properties in later autoconfig, adclone, and technology template patches so that the OTA will have its own java pool to use.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms