An administrator can configure the Integration Server to use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to provide secure inbound and outbound communications with the Integration Server. This chapter explains how SSL works with Integration Server, and the information that you need to configure SSL authentication for Integration Server.

It is useful to conceptualize an Integration Server SSL connection in terms of an SSL server and an SSL client. The request for an SSL connection originates from a client. The client can be one of the following:

During the SSL handshake process, the entity acting as the SSL server responds to the request for a connection by presenting its public key certificate, also known as digital certificate, which is in X.509 format to the requesting client. If those credentials are authenticated by the client, either:

During the SSL handshake, the SSL client and SSL server negotiate the SSL/TLS protocol version to use as well as the cipher suites to use. If the client and server cannot verify each other’s public certificates or cannot negotiate the protocol version or cipher suites, the SSL handshake fails. An SSL connection is not established.

When a client, such as another Integration Server or a partner application, submits a request to Integration Server via HTTPS or FTPS, and an SSL connection is established, the Integration Server acts as the SSL server and the client is the SSL client.

When an Integration Server service submits an HTTPS or FTPS request to an Internet resource, the Integration Server is the SSL client and the Internet resource with which it is communicating acts as the SSL server.