Upload a Certificate to Connect with External Services

Certificates allow Oracle Integration to connect with external services. If the external service/endpoint needs a specific certificate, request the certificate and then import it into Oracle Integration.

If you make an SSL connection in which the root certificate does not exist in Oracle Integration, an exception error is thrown. In that case, you must upload the appropriate certificate. A certificate enables Oracle Integration to connect with external services. If the external endpoint requires a specific certificate, request the certificate and then upload it into Oracle Integration.
  1. Sign in to Oracle Integration.
  2. In the navigation pane, click Settings, then Certificates.

    All certificates currently uploaded to the trust store are displayed on the Certificates page.

  3. Click Filter Filter icon to filter by name, certificate expiration date, status, type, category, and installation method (user-installed or system-installed). Certificates installed by the system cannot be deleted.


    Description of oic3_certificates.png follows

  4. Click Upload at the top of the page.

    The Upload certificate panel is displayed.

  5. Enter an alias name and optional description.
  6. In the Type field, select the certificate type. Each certificate type enables Oracle Integration to connect with external services.

Digital Signature

The digital signature security type is typically used with adapters created with the Rapid Adapter Builder. See Learn About the Rapid Adapter Builder in Oracle Integration in Using the Rapid Adapter Builder with Oracle Integration 3.

  1. Click Browse to select the digital certificate. The certificate must be an X509Certificate. This certificate provides inbound RSA signature validation. See RSA Signature Validation in Using the Rapid Adapter Builder with Oracle Integration 3.
  2. Click Upload.

X.509 (SSL transport)

  1. Select a certificate category.
    1. Trust: Use this option to upload a trust certificate.
      1. Click Browse, then select the trust file (for example, .cer or .crt) to upload.
    2. Identity: Use this option to upload a certificate for two-way SSL communication.
      1. Click Browse, then select the keystore file (.jks) to upload.
      2. Enter the comma-separated list of passwords corresponding to key aliases.
        Note

        When an identity certificate file (.jks) contains more than one private key, all the private keys must have the same password. If the private keys are protected with different passwords, the private keys cannot be extracted from the keystore.
      3. Enter the password of the keystore being imported.
    3. Click Upload.

SAML (Authentication & Authorization)

  1. Note that Message Protection is automatically selected as the only available certificate category and cannot be deselected. Use this option to upload a keystore certificate with SAML token support. Create, read, update, and delete (CRUD) operations are supported with this type of certificate.
  2. Click Browse, then select the certificate file (.cer or .crt) to upload.
  3. Click Upload.

PGP (Encryption & Decryption)

  1. Select a certificate category. Pretty Good Privacy (PGP) provides cryptographic privacy and authentication for communication. PGP is used for signing, encrypting, and decrypting files. You can select the private key to use for encryption or decryption when configuring the stage file action.
    1. Private: Uses a private key of the target location to decrypt the file.
      1. Click Browse, then select the PGP file to upload.
      2. Enter the PGP private key password.
    2. Public: Uses a public key of the target location to encrypt the file.
      1. Click Browse, then select the PGP file to upload.
      2. In the ASCII-Armor Encryption Format field, select Yes or No.
        • Yes shows the format of the encrypted message in ASCII armor. ASCII armor is a binary-to-textual encoding converter. ASCII armor formats encrypted messaging in ASCII. This enables messages to be sent in a standard messaging format. This selection impacts the visibility of message content.
        • No causes the message to be sent in binary format.
      3. From the Cipher Algorithm list, select the algorithm to use. Symmetric-key algorithms for cryptography use the same cryptographic keys for both encryption of plain text and decryption of cipher text. The following supported cipher algorithms are FIPS-compliant:
        • AES128
        • AES192
        • AES256
        • TDES
    3. Click Upload.

Signing key

A signing key is a secret key used to establish trust between applications. Signing keys are used to sign ID tokens, access tokens, SAML assertions, and more. Using a private signing key, the token is digitally signed and the server verifies the authenticity of the token by using a public signing key. You must upload a signing key to use the OAuth Client Credentials using JWT Client Assertion and OAuth using JWT User Assertion security policies in REST Adapter invoke connections. Only PKCS1- and PKCS8-formatted files are supported.

  1. Select Public or Private.
  2. Click Browse to upload a key file.

    If you selected Private, and the private key is encrypted, a field for entering the private signing key password is displayed after key upload is complete.

  3. Enter the private signing key password. If the private signing key is not encrypted, you are not required to enter a password.
  4. Click Upload.