Secure Transactions

Note: Refer to the Security Guide of the product for an in-depth discussion on the implementing of SSL.

The product supports HTTP and HTTPS protocols for transmission of data from the browser client and within the architecture. Customers must choose either HTTP (unsecured) or HTTPS (secured) for protocol. Use of both protocols simultaneously is not supported. The default protocol is HTTP.

If you wish to implement HTTPS protocol, then the following process must be used:

• The value for WEB_WLSSLPORT - Oracle WebLogic SSL HTTP Port must be specified for the SSL port to use. When this is specified then HTTP is disabled automatically.

The product ships with the demonstration certificate shipped with the Web Application Server software. It is not recommended to use this certificate for your site. It is highly recommended that you obtain a certificate for your site from a trusted source and install the certificate in accordance with the Web Application Server documentation.

For all traffic directly to the product please use the https protocol on the URL's used for direct interaction (through the browser or Web Services interfaces).

Note: For Oracle WebLogic customers, refer to the Configuring Identity And Trust section of the Oracle WebLogic Installation Guide.

Note: For both protocols, the PUT, DELETE, TRACE and OPTIONS methods not permitted in the security constraints for the product by default.