11SSL Certificates

View SSL Certificates

To view the SSL certificates:
  • From the Configuration Assistant homepage, click SSL Certificates.

The SSL certificate opens.

This image displays the SSL Certificates present on the Configuration Assistant home page.

The SSL Certificates window shows SSL entitlements, the status of installed certificates, and the selection menus to further manage individual certificates.

Note: As of now, Configuration Assistant supports only production instances. If you want to make any changes to your test or development sites, please contact the Oracle Service Cloud Technical Support for assistance.

You can view the SSL Certificate details for any of the listed SSL Certificates.

On the SSL Certificates window, click the menu icon for the appropriate site and select View Details.

Generate a Certificate Signing Request

It is important that the information provided when generating the CSR in Configuration Assistant is the same as that given to the third-party certificate vendor when requesting the certificate.

Note: A third-party certificate is needed from DigiCert with “Apache” specified as the server platform. Although the Configuration Assistant will not technically block the uploading of multiple certificate vendors, DigiCert is the only supported vendor from the Oracle Service Cloud product perspective.
  1. From the SSL Certificates page, click Generate CSR.

    The Generate Certificate Signing Request (CSR) window opens.
  2. Complete the following field information:

    Table Generate Certificate Signing Request

    Field Description

    Common Name

    Enter a fully qualified domain name (FQDN) or the web address for the area of your site customers will connect to using SSL.

    Vhost (Subject Alternative Names)

    Enter the list of your SANs..

    Organization
    Enter the legal name of your organization.
    Note: Do not use symbols & or @ or any other symbols that use the shift key.

    Organizational Unit

    Enter the certificate management division of your organization.

    City

    Enter the city where your organization is located.

    State

    Enter the state where your organization is located.

    Country

    Enter the two-letter ISO country code where your organization is located.

    This image contains the fields that you need to provide information to create a general certificate signing request.
  3. Click Create to generate the CSR.

    Once the CSR is generated, the certificate status changes to Cert Needed.

Download a Certificate Signing Request

You can manage SSL certificates, including downloading a CSR, from the Configuration Assistant.

You can download a CSR from the SSL Certificates page. You need to click the menu icon and select Download CSR.

This figure shows the Download CSR option.

Upload an SSL Certificate

You can manage your SSL certificates, which can include uploading an SSL certificate.

To upload a SSL certificate:
  1. From the SSL Certificates page, click the menu icon and then select Upload Certificate.

    The Upload SSL Certificate opens.
  2. On the Upload SSL Certificate window, click Browse and select the appropriate certificate.

  3. Click Upload.

    An Information window opens confirming the certificate was uploaded. Once the certificate is uploaded, the certificate status changes to Provisioned.
    Note: Once a certificate is provisioned, the menu icon changes to include both Activate and Delete options. Keep in mind you can’t delete activated certificates.

Activate an SSL Certificate

  • Prior to activation, the DNS Administrator must change the CNAME record. Contact your DNS Administrator to put a CNAME entry in your DNS server that points to the appropriate domain. For example, example_domain.com IN CNAME example.custhelp.com

  • The activation will not be allowed if DNS is not properly configured by your DNS Administrator.

  • You must use a CNAME and not an A record for redundancy and reliability. Oracle Cloud Operations recommends customers create CNAME records to link customer-owned, branded domains to the custhelp domain(s) provided within the default CX application.

  • The use of CNAME records is a powerful and flexible solution that allows the underlying Oracle IP address to change if necessary without requiring customers to update their DNS. Our customers report the best experience when using CNAME records over A records.

  1. From the SSL Certificates page, click the menu icon and then select Activate.

    The Activate SSL Certificate window opens.

    This figure shows the Activate SSL Certificate window, where you provide the required information and activate SSL certificate.

  2. From the SSL Requirement drop-down list, select the SSL type that has to be installed.

    Table

    Requirement Types Description

    Standard

    Requests to HTTP and HTTPS behave normally.

    SSL Only

    Requests to HTTPS are accepted but requests to HTTP are rejected.

    SSL Redirect Requests to HTTP are automatically redirected to HTTPS.
  3. Select the interface from which the certificate is to be activated from the Interface Configuration list.

  4. Type the domain name in the Vhost (Alternate Vhost Name) field, and then click Activate.

    An Information window confirms activation. The certificate status changes to Active.

Renew an Existing SSL Certificate

You can manage your SSL certificate using Configuration Assistant.

To renew an existing SSL certificate:
  1. From the SSL Certificates home page, click the menu icon for the service you wish to renew the certificate.

  2. If the certificate status for the service is still active, select Request Renew CSR.

    The request is processed instantly. A new CSR appears in the SSL certificates list with the same name. This is the CSR generated to renew the existing certificate. Once complete, the certificate status changes to Provisioned or Cert Needed.
  3. From the SSL Certificates home page, select Download Renewed Certificate option to download the renewed CSR. You can find this option on the renewed CSR’s menu icon.

    Note: You must purchase or renew the certificate from DigiCert or your preferred, publicly trusted Certificate Authority with this renewed CSR.
  4. From the service’s menu icon on the SSL Certificates home page, select Upload Renewed Certificate .

    An Upload SSL window appears.
    • Click Choose File and select the renewed .csr file.

    • Click Upload.

    Once the renewed certificate is uploaded, the certificate status changes to Provisioned.

  5. From the service’s menu icon on the SSL Certificates home page, select Activate Renewed Certificate .

    A Confirm Activate Renewed Certificate window appears.
  6. Click Activate. An Information window appears confirming the certificate was successfully activated.

View Subscription Details

The Subscriptions page displays customer subscriptions and details, including the start and end dates of the subscription and all components that are part of the respective subscription.

  • To view the subscription details, click Subscriptions from the Configuration Assistant Home Page.