2.6.1 Secure Transformation of Data (SSL)

This topic describes about Secure Transformation of Data (SSL).

The Oracle Banking Accounts allows a deployer to configure the application such that all HTTP connections to the application are over SSL/TLS. In other words, all HTTP traffic in the clear will be prohibited; only HTTPS traffic will be allowed. It is mandatory to enable this option in a production environment, especially when WebLogic Server acts as the SSL terminator.

A two-way SSL is used when the server needs to authenticate the client. In a two-way SSL connection, the client verifies the identity of the server and then passes its identity certificate to the server. The server then validates the identity certificate of the client before completing the SSL handshake.

To establish a two-way SSL connection, need to have two certificates, one for the server and the other for client. This is required for de-centralized setup of application.