Configure Connectivity Agent-Based, mTLS Communication with the REST Adapter

You can configure connectivity agent-based, mutual transport layer security (mTLS) to access on-premises endpoints with the REST Adapter. This feature provides two-way, SSL communication when using the connectivity agent to make REST calls.

mTLS enhances standard TLS security by requiring the client and server to both authenticate each other with digital certificates before establishing a connection. mTLS provides two-way authentication to ensure that both parties in communication are legitimate and trusted, creating a more secure, encrypted connection.
  1. Open the InstallerProfile.cfg file in the oic_conn_agent_installer directory.

    You downloaded and updated the InstallerProfile.cfg file during connectivity agent installation and configuration. See Download and Install the Connectivity Agent in Using Integrations in Oracle Integration 3.

  2. Add the following line.
    enable_mtls=true
  3. Stop and restart the connectivity agent.
    java -jar connectivity-agent.jar

    See Restart the Connectivity Agent in Using Integrations in Oracle Integration 3.

  4. Enter the complete path to the identity certificate and password when prompted. For example:
    mTLS is enabled in the InstallerProfile.cfg file. Please provide the identity repo details. 
Enter Identity Certificate absolute path (.pk12) : /Volumes/WORK/identity_keystore.p12
Enter Identity certificate password : certificate_password

    An identity_repo.conf file is created in the cert directory. If you restart the connectivity agent, the identity certificate directory path and encrypted password are automatically retrieved from this file.

  5. Create and configure a REST Adapter invoke connection. See Create a REST Adapter Connection.
    1. When configuring the Properties section, ensure that you expand the Optional parameters section and select Yes from the Enable two-way SSL for outbound connections (Optional) list.
    2. Configure the security policy to use.
    3. In the Access type section, select the agent group associated with the connectivity agent.
  6. Complete integration design and activation.
    When you run the integration, the REST Adapter invoke connection successfully accesses the on-premises endpoint.
  7. If you stop and restart the connectivity agent, the following message appears.
    mTLS is enabled and the identity repo details are already available. If you want to load a different keystore, delete the agenthome/agent/cert/identity_repo.conf file and restart the agent.