Oracle Health Insurance Agent to Oracle Insurance Gateway - SSL Secured Connection Prerequisite

Oracle Health Insurance Agent connects to Oracle Insurance Gateway using the following protocols:

  • HTTP: for accessing the Oracle Insurance Gateway’s REST API;

  • WebSockets: to receive signals from Oracle Insurance Gateway that trigger actions by Oracle Health Insurance Agent.

Both HTTP and WebSocket connections need to be secured to use HTTPS and WSS respectively.

Configuring Truststore

It is assumed that Oracle Insurance Gateway is set up to accept HTTPS traffic only and that the Oracle Insurance Gateway’s certificate was imported into a truststore (a keystore that stores certificates of trusted entities) for use with Oracle Health Insurance Agent.

Currently, Oracle Health Insurance Agent supports one-way SSL for connecting to Oracle Insurance Gateway, i.e. the Oracle Insurance Gateway must be configured to use one-way SSL.

Oracle Health Insurance Agent being a Java application, it would set up an internal trust manager based on the value of the default javax.net.ssl.trustStore parameter. As Oracle Health Insurance Agent likely communicates to multiple services, use of a truststore file that this parameter points to may not have the desired effect. For example, using this parameter to denote the trust store could result in an exception like "unable to find valid certification path to requested target" if the configured truststore does not contain entries for one of the services Oracle Health Insurance Agent connects to.

Therefore, Oracle Health Insurance Agent allows configuration of a truststore on a per use case basis. Note that in case of a connection to the Oracle Insurance Gateway these settings will be used for securing both HTTPS as well as WSS connections. If a truststore is created for Oracle Insurance Gateway, define values for the following system properties:

  • ohi.rest.client.agent.gateway.authentication.trust.store.file must point to the truststore file;

  • ohi.rest.client.agent.gateway.authentication.trust.store.password holds the value for the truststore password.