Thursday, March 17, 2016

Oracle API Gateway: Configure Outbound one way ssl from OAG

In my previous post Oracle API Gateway: Configure Inbound one way ssl in OAG I showed you how to enable one way ssl in oracle application gateway for the inbound communication. In this blog post I am going to configure one way ssl certificate for outbound communication for example suppose you want to call a http service which is secured by SSL certificates.

Note: I don't have the ssl service so that I can show as an example but I will list down all the basic steps require to configure outbound ssl communication

Steps to configure outbound one way SSL in OAG:
  • Extract the Public Key cert
  • Import Certificate in OAG
  • Create Policy for SSL outbound connection in OAG
  • Create HTTP listener to consume this policy

Extract the Public Key cert
  • Go to Command Prompt or Putty --> run the command openssl s_client -connect HOSTNAME:PORT
  • The Key is printed on the screen, copy the key and save it to the file e.g. testcert.cer
Import Certificate in OAG
  • Go to Certificates and Keys --> certificates tab --> click on create/import
  • Click import to import the finacle certificate created above, and give some alias name e.g. testcert.cer

Create Policy for SSL outbound connection in OAG
  • Go to Policies --> Create container "Outbound" --> Add Policy "SSL"
  • Drag and drop Connect to URL filter, configure as below
  • Go to SSL Tab --> and select the finacle cert you have imported before like below
  • Click OK and Finish wizard
Create HTTP listener to consume this policy
  • Go to Listerners --> Oracle API Gateway --> Default Services --> Paths --> Add new Relative path and use the policy created above
  • Click OK and deploy all the configurations.

Known Issues:


Issue:

hostname verification error

Solution

Hostname verification should be disable. If the issue persist try to make machine hostname and CN name in the certificate same.

No comments:

Post a Comment