1. Oracle GoldenGate Microservices Documentation
  2. Quickstarts
  3. Connecting Two Deployments Using External RootCA Certificate
  4. Create the Distribution Client and External RootCA Certificates
  5. Apply Certificates to Source and Target Deployments

Apply Certificates to Source and Target Deployments

Oracle GoldenGate provides two ways for applying certificates for deployments:

  • Applying Certificates When Creating a Secure Deployment Using OGGCA: Use this option if you have existing wallets and certificates on source and target deployments.

  • Applying Certificates Using the Service Manager Certificate Management page: Use this option when there are existing deployments, where certificates need to be applied on the source and target deployments.

In this quickstart, the Certificate Management method is used to apply certificates while setting up a secure deployment.

  1. Log in to the Service Manager and navigate to the Certificate Management page.

  2. At the source, add the target Server CA certificate (server_east).

    The Distribution service on the source system must trust the target server certificate, which is authorized by the server_east target server CA certificate. This is added to the source secure store.Target Server CA certificate is added to the Source deployment.

    See Manage Certificates for Deployments to know the steps for accessing the Certificate Management page where you can add CA, Server, and Client certificates.

  3. At the source, add a Distribution Path Client Certificate. The Distribution Path Client certificate is created in addition to the initial setup and is used connecting the Distribution Path to the target. This client certificate is signed by another trusted Root CA certificate (rootCA_extern), which is added to the target deployment. Both certificates are independent from the certificates from the initial deployment of the Oracle GoldenGate source and target instances.Client certificate generated using OpenSSL added to the source deployment.

  4. At the target, add the trusted Root certificate rootCA_extern for the client certificate client_west_to_east, which was added to the source deployment. The rootCA_extern certificate is added as the CA Certificate for client_west_to_east certificate. The Receiver Service on the target system must trust either the client certificate or the issuer of the client certificate. This needs to be added to the target secure store.rootCA_extern Root certificate generated using OpenSSL is added on the target deployment.

  5. Add the target certificate, server_east to the target deployment. This certificate is presented to the source deployment to make sure that the connected deployment is the correct target deployment. On the source side, the server_east certificate is verified by the server_east trusted CA certificate.

After the certificates are added on the source and target deployment, you can configure the distribution path on the source deployment to connect to the target.