In my previous post Oracle API Gateway: Configure Inbound one way ssl in OAG I showed you how to enable one way ssl in oracle application gateway for the inbound communication. In this blog post I am going to configure one way ssl certificate for outbound communication for example suppose you want to call a http service which is secured by SSL certificates.
Note: I don't have the ssl service so that I can show as an example but I will list down all the basic steps require to configure outbound ssl communication
Steps to configure outbound one way SSL in OAG:
- Extract the Public Key cert
- Import Certificate in OAG
- Create Policy for SSL outbound connection in OAG
- Create HTTP listener to consume this policy
Extract the Public Key cert
- Go to Command Prompt or Putty --> run the command openssl s_client -connect HOSTNAME:PORT
- The Key is printed on the screen, copy the key and save it to the file e.g. testcert.cer
Import Certificate in OAG
- Go to Certificates and Keys --> certificates tab --> click on create/import
- Click import to import the finacle certificate created above, and give some alias name e.g. testcert.cer
Create Policy for SSL outbound connection in OAG
- Go to Policies --> Create container "Outbound" --> Add Policy "SSL"
- Drag and drop Connect to URL filter, configure as below
- Go to SSL Tab --> and select the finacle cert you have imported before like below
- Click OK and Finish wizard
Create HTTP listener to consume this policy
- Go to Listerners --> Oracle API Gateway --> Default Services --> Paths --> Add new Relative path and use the policy created above
- Click OK and deploy all the configurations.
Known Issues:
Issue:
hostname verification error
Solution
Hostname verification should be disable. If the issue persist try to make machine hostname and CN name in the certificate same.
No comments:
Post a Comment