OHI Agent to OHI Gateway - SSL Secured Connection Prerequisite

The OHI Agent connects to the Oracle Insurance Gateway using the following protocols:

HTTP: for accessing the OHI Gateway’s REST API;
WebSockets: to receive signals from the Oracle Insurance Gateway that trigger actions by the OHI Agent.

Both HTTP and WebSocket connections need to be secured to use HTTPS and WSS respectively.

Configuring Truststores

It is assumed that the Oracle Insurance Gateway is set up to accept HTTPS traffic only and that the OHI Gateway’s certificate was imported into a truststore (a keystore that stores certificates of trusted entities) for use with the OHI Agent.

Currently, the OHI Agent supports one-way SSL for connecting to the OHI Gateway, i.e. the Oracle Insurance Gateway must be configured to use one-way SSL.

The OHI Agent being a Java application, it would set up an internal trust manager based on the value of the default javax.net.ssl.trustStore parameter. As the OHI Agent likely communicates to multiple services, use of a truststore file that this parameter points to may not have the desired effect. For example, using this parameter to denote the trust store could result in an exception like "unable to find valid certification path to requested target" if the configured truststore does not contain entries for one of the services the OHI Agent connects to.

Therefore, the OHI Agent allows configuration of a truststore on a per use case basis. Note that in case of a connection to the Oracle Insurance Gateway these settings will be used for securing both HTTPS as well as WSS connections. If a truststore is created for the Oracle Insurance Gateway, define values for the following system properties:

ohi.rest.client.agent.gateway.authentication.trust.store.file must point to the truststore file;
ohi.rest.client.agent.gateway.authentication.trust.store.password holds the value for the truststore password.