How to set a secure connection between Oracle Engagement Cloud and other integration application

SSL Certificates are tiny data files with digitally signed encryption keys to an organization. When installed on the server, it converts it from HTTP to a secure HTTPS platform.

SSL (Secure Socket Layer): This internet security protocol is encryption-based and formulated to use TCP (Transmission Control Protocol) to offer dependable end-to-end connectivity. SSL is a set of guidelines to manage the authenticated and encrypted data communication between the Client (The entity browsing the Internet) and the Server (Website).

This blog will discuss secure connection/communication between Oracle Engagement Cloud and other third-party applications via Oracle SOA.

SSL Certificate works in network layers. It rests between the Application Layer and the Transport layer and performs encryption-related activities:

img

SSL Certificate Renewal:

SSL renewal keeps encryption up to date, which makes everyone safer. SSL certificates have expiration dates hardcoded into them. When they expire, web browsers warn their users about the website. SSL certificates expire to keep connection encryption up to date with the latest encryption standards.

Renewing Oracle Cloud SSL Certificate:

User's/Admins get a notification about a certificate renewal if needed. Upon Oracle notification, if any external integration has old certificates, they should be replaced with new certificates as soon as Oracle installs the new one.

The network team confirms-the certificates they place on the load balancer should NOT be imported into the client certificate store. These are for the Oracle Load Balancers only. The client should use the proper CA (Certificate-Authority) in their store.

Some user has inbound connection set up to communicate with the Oracle Cloud Fusion environment from external sources (e.g., On-Premises or Oracle PaaS/SaaS Services) and have embedded Akamai Certificates. A notification will be sent to users for certificate renewal at the Akamai end. To avoid any interruption, plan to re-import certificates On or before the certificate renewal date.

Steps to log Service Request for Oracle Support to obtain certificates:

  • Log an SR via My Oracle Support
  • In-Service Type select any of the Fusion Applications Cloud Services
  • Select - Environment field value for which the SSL Certificates are needed (Please log separate SR for each Environment/POD)
  • In Problem Type drop-down, select - Cloud Hosting Services (Outage, P2T/T2T, Enable SSO, Resize, CloudPortal, MyServices, User/Password, Network, Schedule Maintenance)
  • Enter the Problem Summary, Description, Severity
  • Click Next to log the Service-Request
  • In the Guided Problem Definition, Select the Option - Fusion SaaS SSL Certificate Renewal
  • Continue with the flow to log the SR

How can we test the new Certificate before renewal?

Following are instructions that support can provide the customer with to test the Certificate before renewal:

  • If the customer plan to test via the Web browser:

    Steps that can be passed over to the customers,

    • Testing should be over an open internet connection.
    • To determine Akamai Staging IP, do the following:
    • Look up the app domain you want to test.

      Format as below
      pods-<APP>.<DC>.oraclecloud.com.edgekey-staging.net
      <APP> = fa
      <DC>= us2, ap5

    • Look up pods-fa.us2.oraclecloud.com.edgekey-staging.net
    • Take the IP address from the Address Section. In the above example, it is 23.34.9.240
    • Add the IP address to your local host's file or /etc/hosts for Linux-based systems:
      • Goto C:\Windows\System32\drivers\etc\hosts
      • Open the hosts file and add as below
      • <IP address from Step 1> < testing hostname> E.g., 23.201.228.127 edlq.fa.us2.oraclecloud.com
    • Turn off the Proxy in your Browser
      • In Firefox,
      • Tools -> Options -> Advanced -> Network
      • Under Connections -> Settings
    • Restart browser
    • Conduct a test against the environment. Users should now be seeing a new Certificate while accessing the respective Pods.
How can our Network/Application administrators and integration partners import the Fusion SSL Certificates?

The basic key tool commands below can be used to import the certificate provided. The generic command to import certs:

<JAVA_HOME>/bin/keytool -import -trustcacerts -alias <give name for rootCA> -keystore <Keystore name>-keystore.jks -file <rootCA file>

<JAVA_HOME>/bin/keytool -import -trustcacerts -alias <give name for intermediateCA> -keystore <Keystore name>-keystore.jks -file<intermediaCA file>

<JAVA_HOME>/bin/keytool -import -alias <name for server certificate> -keystore <Keystore name>-keystore.jks -file <server cert file>

Getting Certificate as per the Data Center (us2 for Lattice):

S.No Data centre DC CODE Certificate Zip Attachment
1 CA2 - Toronto ca2 _.fa.ca2.oraclecloud.com.zip
2 CA3 - Calgary ca3 _.fa.ca3.oraclecloud.com.zip
3 AP1 Sydney ap1 _.fa.ap1.oraclecloud.com.zip
4 AP2 - Singapore ap2 _.fa.ap2.oraclecloud.com.zip
5 AP4 - Melbourne ap4 _.fa.ap4.oraclecloud.com.zip
6 AP5 - Tokyo ap5 _.fa.ap5.oraclecloud.com.zip
7 EM2 - Amsterdam em2 _.fa.em2.oraclecloud.com.zip
8 EM3- Slough em3 _.fa.em3.oraclecloud.com.zip
9 EM4- Frankfurt em4 _.fa.em4.oraclecloud.com.zip
10 EM5 - Munich em5 _.fa.em5.oraclecloud.com.zip
11 US1- ADC us1 _.fa.us1.oraclecloud.com.zip
12 US2 - Chicago us2 _.fa.us2.oraclecloud.com.zip
13 US6- Ashburn us6 _.fa.us6.oraclecloud.com.zip
14 LA1-Saupaulo la1 _.fa.la1.oraclecloud.com.zip

Once the Certificate is downloaded, DBAs will import it into the server.

About the Author

profile image

Bala Subrahmanyam (Subbu) Thalluri

Sr. Solution Architect, ERP

Subbu has 17+ years’ experience in IT and around 13 years’ experience in CRM domain. He has implemented CRM solutions to all modules of CRM i.e., Sales, Service and Marketing for Banking, Insurance, Financial services and Semiconductor industry customers. He has versatile experience in end to end CRM solutions with ERP and Integration systems for Lead to Revenue sales process. He has successfully delivered solutions for Contract lifecycle management systems. He has experience with POS system as part of Managed services.

About the Author

profile image

Alok Rai

Senior Technical Analyst, ERP

Alok has 7+ years’ experience in IT and has delivered multiple end-to-end CRM implementations across domains including Telecom, Health Care, Consumer Goods, Automotive and Semiconductor Industry. As a hobby Alok likes mobile app development, reading books, writing tech articles and playing outdoor sports.

How Can We Help You?

Back to Top ↑