Preparing to Configure SSL in Integration Server
Configuring an Integration Server for SSL consists of some common tasks regardless of whether you are configuring Integration Server as an SSL server or an SSL client. Primarily, these common tasks are related to the preparation of certificates needed for SSL.
To prepare Integration Server for SSL configuration, complete the following high-level tasks:
1. Create public/private keys and certificates. This is required for one-way and two-way SSL authentication. Activities include:
Generating a public key/private key pair.
Generating a certificate signing request (CSR) and send to the certificate authority (CA) for signing.
Receiving validated certificate from the CA.
Importing signed certificate into a keystore.
For information about creating public/private keys and certificates, refer to the documentation for Java keytool or your certificate management tool.
2. Create keystore and truststore. This is required for one-way and two-way SSL authentication. Activities include:
Creating a keystore and import the signed certificate and private key.
Creating a truststore and import the certificate of the signing CA.
Storing the keystore and truststore in a secure IS certificates directory.
Important:
If you use Oracle keytool to create the keystore, you cannot import an existing private key. You can use other tools such as OpenSSL or Portecle.
For information about creating keystores and truststores, refer to the documentation for your certificate management tool.
3. Obtain certificates of partner application or resource and, if necessary, create certificate mappings. Obtaining certificates is required for both one-way and two-way SSL connections. Creating certificate mappings is required for two-way SSL authentication and when Integration Server is acting as an SSL server.
Activities include using Integration Server Administrator to save the following:
Signed certificate of the CA for the partner's SSL certificate.
Signed certificate of the partner application (for two-way SSL connections where is acting as an SSL server).
4. Specify SSL certificates and keys for Integration Server. This is required for one-way and two-way SSL authentication.
Activities include using Integration Server Administrator to set the following:
The SSL key used to identify
Integration Server.
The private key used to sign outgoing documents, messages, and data streams.
The private key used for decrypting inbound documents, messages, and data streams.
After you prepare the certificates and keys needed for SSL, you can proceed with configuration of Integration Server as an SSL server and/or SSL client.