Friday, 29 April 2022

Home / OIC-Config / Certificate in OIC

Certificate in OIC

in

There are three types of certificates in OIC  and these certificates are used to validate outbound SSL connections and it enables OIC to connect external systems.

  • X.509 (SSL transport)
  • SAML (Authentication & Authorization)
  • PGP (Encryption & Decryption)

X.509 (SSL transport): 

Secure Socket Layer (SSL) and its successor, Transport Layer Security (TLS) are the protocols and it is used to establish the authenticated and encrypted connection within the network while communicating to each other.


SSL uses public key encryption technology for authentication which is based on X.509 standard format.

Using public key encryption, a public key and a private keys are generated for the server.


  • Public key is embedded in the digital certificate with additional information like owner of the public key, name, street address and email address.
  • A private key and digital certificate provides the identity of the server.


Public key embedded in the digital certificate is verified by a Certificate Authority (CA) and these certificates are know as trusted certificate because these are issued by trusted certificate authorities like DigiCert, IdenTrust, Sectigo etc.

Oracle recommends to store Identity and Trust to store in different keystores. Identity keystore contains the private key/digital certificate pairs whereas Trust keystore contains trusted CA certificates.

 In OIC Certificate can be manage by navigating Home >> Setting >>  Certificates

Note: You should have admin access to manage certificates

All the certificates (means certificate installed by user, system or anyone) will be visible under certificate section



In OIC X.509 certificates can be categories as Trust and Identity.

Trust : Use this option to upload trust certificate

Certificate issued by CA with Public key

Having extension .cer/.cert

Provide the alias name

Identity : Use this option to upload a certificate for two way SSL-communication

Private and digital certificate

having extension .jks (Java keystore)

Provide keysotore password

Note: When identity certificate file contains more than one private key, all the private key must have the same password


SAML (Authentication and Authorization)

SAML provides a way to authenticate and authorize the resources. Its XML base and its protect the message by uploading the keystore certificate with SAML token. Certificate file extension will be .cer or cert


PFP (Encryption and Decryption)

Pretty Good Privacy (PGP) provides cryptographic privacy and authentication for the commutation.

PGP is used for signing, encrypting and decrypting the files.

This PGP file will be used with Stage file action


References

https://www.ssl.com/faqs/faq-what-is-ssl/

https://docs.oracle.com/cd/E11035_01/wls100/secmanage/identity_trust.html

https://docs.oracle.com/en/cloud/paas/integration-cloud/oracle-integration-oci/upload-ssl-certificate.html




About Vivek Kumar
I am a technology enthusiast and love to explore, write and share new technologies and tools

Related Posts:
Tags

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)