My Oracle Support Banner

How to Enable SSL Authentication for Oracle XML Gateway OTA (Doc ID 1228694.1)

Last updated on OCTOBER 09, 2019

Applies to:

Oracle XML Gateway - Version to 12.2 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.
***Checked for relevance on 12-Aug-2013***


Implementing SSL for Oracle XML Gateway 'Oracle Transport Agent' OTA

The ca-bundle.crt is only used on the SENDER. The sending instance (ECX_OUTBOUND) does not have to be configured for SSL as it is simply performing as a client such as your web browser. The ca-bundle.crt contains all the recognized trusted CA issuers and that in order to for users who have configured for SSL to receive HTTPS-OXTA they need a valid CA certificate issued by an official CA that are listed in the ca-bundle.crt. For self signed certificates each trading partner will have to be provided with the recipient’s server.crt so it can be appended to ca-bundle.crt for Intranet transactions using Self Signed. The server.crt will complete the chain otherwise there will be a SSL handshake failed: X509CertChainIncompleteErr in the Apache logs on the SENDER. The -DOASSLCACertFile parameter in the:

$IAS_ORACLE_HOME/Apache/Jserv/etc/ (11.5.9 default) or
$IAS_ORACLE_HOME/Apache/Jserv/etc/ (11.5.10+) should point to the certificate
store such as ca-bundle.crt. The OTA XML Gateway parameters were migrated to $IAS_ORACLE_HOME/Apache/Jserv/etc/ in later autoconfig, adclone, and technology template patches so that the OTA will have its own java pool to use.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.