About SSL in Oracle Java Cloud Service
By default, SSL is already enabled within the software components of a service instance, including Oracle WebLogic Server and the load balancer.
Oracle Traffic Director and Oracle WebLogic Server are configured to use a self-signed SSL certificate that was generated by Oracle Java Cloud Service. Clients will typically receive a message indicating that the signing certificate authority (CA) for this certificate is unknown and not trusted. You can update the load balancers and/or the WebLogic Servers to use a custom SSL certificate, or a certificate that you’ve obtained from a CA. For production Oracle Java Cloud Service environments, Oracle recommends that you use a CA-issued SSL certificate, which reduces the chances of experiencing a man-in-the-middle attack.
If your service instance includes an Oracle-managed load balancer instead of Oracle Traffic Director, the load balancer is already configured with a CA-issued SSL certificate.
There are multiple CA vendors in the marketplace today, each offering different levels of service at varying price points. Research and choose a CA vendor that meets your service-level and budget requirements. For a CA vendor to issue you a CA-issued SSL certificate, you typically need to provide the following information:
-
The host name of the node or a custom domain name.
-
Public information associated with the domain confirming you as the owner.
-
Email address associated with the domain for verification.
This information is found in a Certificate Signing Request (CSR) file. Your CA vendor uses the CSR to validate the domain and then provides you with a valid SSL certificate, typically via email. For more information about submitting the CSR, refer to your CA vendor documentation.