1. Using Integrations in Oracle Integration Generation 2
  2. Create Connections
  3. Manage Security Certificates

Manage Security Certificates

You can manage security certificates in Oracle Integration.

Topics:

Upload an SSL Certificate

Certificates are used to validate outbound SSL connections. If you make an SSL connection in which the root certificate does not exist in Oracle Integration, an exception is thrown. In that case, you must upload the appropriate certificate. A certificate enables Oracle Integration to connect with external services. If the external endpoint requires a specific certificate, request the certificate and then upload it into Oracle Integration.

To upload an SSL certificate:

  1. In the left navigation pane, click Home > Settings > Certificates.

    All certificates currently uploaded to the trust store are displayed in the Certificates dialog. The Filter icon link enables you to filter by name, certificate expiration date, status, type, category, and installation method (user-installed or system-installed). Certificates installed by the system cannot be deleted.
    Description of certificates.png follows
    Description of the illustration certificates.png

  2. Click Upload at the top of the page.

    The Upload Certificate dialog box is displayed.

  3. Enter an alias name and optional description.
  4. In the Type field, select the certificate type. Each certificate type enables Oracle Integration to connect with external services.
    • X.509 (SSL transport)
    • SAML (Authentication & Authorization)
    • PGP (Encryption & Decryption)

X.509 (SSL transport)

  1. Select a certificate category.
    1. Trust: Use this option to upload a trust certificate.
      1. Click Browse, then select the trust file (for example, .cer or .crt) to upload.
    2. Identity: Use this option to upload a certificate for two-way SSL communication.
      1. Click Browse, then select the keystore file (.jks) to upload.
      2. Enter the comma-separated list of passwords corresponding to key aliases.

        Note:

        When an identity certificate file (JKS) contains more than one private key, all the private keys must have the same password. If the private keys are protected with different passwords, the private keys cannot be extracted from the keystore.
      3. Enter the password of the keystore being imported.
    3. Click Upload.

SAML (Authentication & Authorization)

  1. Note that Message Protection is automatically selected as the only available certificate category and cannot be deselected. Use this option to upload a keystore certificate with SAML token support. Create, read, update, and delete (CRUD) operations are supported with this type of certificate.
  2. Click Browse, then select the certificate file (.cer or .crt) to upload.
  3. Click Upload.

PGP (Encryption & Decryption)

  1. Select a certificate category. Pretty Good Privacy (PGP) provides cryptographic privacy and authentication for communication. PGP is used for signing, encrypting, and decrypting files. You can select the private key to use for encryption or decryption when configuring the stage file action.

    See Configure a Stage File Action.

    1. Private: Uses a private key of the target location to decrypt the file.
      1. Click Browse, then select the PGP file to upload.
      2. Enter the PGP private key password.
    2. Public: Uses a public key of the target location to encrypt the file.
      1. Click Browse, then select the PGP file to upload.
      2. In the ASCII-Armor Encryption Format field, select Yes or No. Yes shows the format of the encrypted message in ASCII armor. ASCII armor is a binary-to-textual encoding converter. ASCII armor formats encrypted messaging in ASCII. This enables messages to be sent in a standard messaging format. This selection impacts the visibility of message content. No causes the message to be sent in binary format.
      3. From the Cipher Algorithm list, select the algorithm to use. Symmetric-key algorithms for cryptography use the same cryptographic keys for both encryption of plain text and decryption of cipher text.
    3. Click Upload.

Update or Delete an SSL Certificate

You can update or delete certificates you uploaded into Oracle Integration. You cannot update or delete system certificates automatically included in Oracle Integration.

To update or delete a certificate:
  1. Click Home > Settings > Certificates.
  2. Identify the certificate you want to update or delete through either of the following methods:
    1. Scroll through the complete list or filter the display of system-provided or user-uploaded certifications by selecting Filter icon > Installed By.
    2. Search by entering a partial or complete certificate name in the Search icon field. To remove search or filter criteria, click the x icon below the Search icon field.
  3. At the far right of the certificate name, click the Actions menu menu.
  4. To update the certificate, click Update.
    1. Update the certificate as required, such as uploading a new certificate. See Upload an SSL Certificate.

      Note:

      You cannot update an identity certificate. To change an identity certificate, you must first delete and then reupload it.
  5. To delete the certificate, click Delete.
    1. Click Yes when prompted to confirm your selection.