How to Enable SSL Authentication for Oracle XML Gateway OTA

(Doc ID 1228694.1)

Last updated on MAY 02, 2016

Applies to:

Oracle XML Gateway - Version to 12.2 [Release 11.5.10 to 12.2]
Information in this document applies to any platform.
***Checked for relevance on 12-Aug-2013***


Implementing SSL for Oracle XML Gateway 'Oracle Transport Agent' OTA

The ca-bundle.crt is only used on the SENDER. The sending instance (ECX_OUTBOUND) does not have to be configured for SSL as it is simply performing as a client such as your web browser. The ca-bundle.crt contains all the recognized trusted CA issuers and that in order to for users who have configured for SSL to receive HTTPS-OXTA they need a valid CA certificate issued by an official CA that are listed in the ca-bundle.crt. For self signed certificates each trading partner will have to be provided with the recipient’s server.crt so it can be appended to ca-bundle.crt for Intranet transactions using Self Signed. The server.crt will complete the chain otherwise there will be a SSL handshake failed: X509CertChainIncompleteErr in the Apache logs on the SENDER. The -DOASSLCACertFile parameter in the:

$IAS_ORACLE_HOME/Apache/Jserv/etc/ (11.5.9 default) or
$IAS_ORACLE_HOME/Apache/Jserv/etc/ (11.5.10+) should point to the certificate
store such as ca-bundle.crt. The OTA XML Gateway parameters were migrated to $IAS_ORACLE_HOME/Apache/Jserv/etc/ in later autoconfig, adclone, and technology template patches so that the OTA will have its own java pool to use.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms