About SSL in Oracle Java Cloud Service

By default, SSL is already enabled within the software components of a service instance, including Oracle WebLogic Server and the load balancer.

Oracle Traffic Director and Oracle WebLogic Server are configured to use a self-signed SSL certificate that was generated by Oracle Java Cloud Service. Clients will typically receive a message indicating that the signing certificate authority (CA) for this certificate is unknown and not trusted. You can update the load balancers and/or the WebLogic Servers to use a custom SSL certificate, or a certificate that you’ve obtained from a CA. For production Oracle Java Cloud Service environments, Oracle recommends that you use a CA-issued SSL certificate, which reduces the chances of experiencing a man-in-the-middle attack.

If your service instance includes an Oracle-managed load balancer instead of Oracle Traffic Director, the load balancer is already configured with a CA-issued SSL certificate.

There are multiple CA vendors in the marketplace today, each offering different levels of service at varying price points. Research and choose a CA vendor that meets your service-level and budget requirements. For a CA vendor to issue you a CA-issued SSL certificate, you typically need to provide the following information:

  • The host name of the node or a custom domain name.

  • Public information associated with the domain confirming you as the owner.

  • Email address associated with the domain for verification.

This information is found in a Certificate Signing Request (CSR) file. Your CA vendor uses the CSR to validate the domain and then provides you with a valid SSL certificate, typically via email. For more information about submitting the CSR, refer to your CA vendor documentation.