Professional Documents
Culture Documents
Categories
SSL in Oracle
Share
Workflow
Introduction
This
topic is created to give better understanding of how
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 2 of 12
Oracle Workflow
uses SSL in different modules and if in case of an issue
how to
troubleshoot it.
Secure
Sockets Layer (SSL)
SSL is a technology that defines the essential
functions of
mutual authentication, data encryption, and data
integrity for secure
transactions. Exchange of data between the client
and server in such
secure transactions is said to use the Secure
Sockets Layer (SSL).
SSL uses 2 types of Certificates:
Oracle Workflow as
SSL Client
Oracle Workflow modules act as a HTTP/SSL client
in different
scenarios connecting to the EBS or non-EBS SSL
servers. For SSL/TLS
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 3 of 12
Workflow
as SSL Client
When troubleshooting SSL issues with Workflow, it is
important to
understand in detail as to where exactly each
Workflow's HTTP client
process executes so the necessary setup can be
verified.
Workflow Manager UI
Workflow Notification Mailer is configured from
Oracle Applications Manager >> Workflow Manager
screens. When configuring IMAP and SMTP servers
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 4 of 12
Workflow Notification
Mailer
Mailer executes within the Concurrent Manager
process in the CM
tier. The Java run-time used to run Mailer Service is
configured as
$AF_JRE_TOP/bin/java. If SSL is enabled, Mailer
initiates SSL connection
for following three reasons.
Workflow
Status Monitor
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 5 of 12
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 6 of 12
Workflow Business
Event System
From R12.1, Business Event System supports
invoking web services.
This includes following steps.
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 7 of 12
When
there are issues...
In summary, Workflow's SSL client code executes in
following
run-time environments
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 8 of 12
1. GraphMonitorCO.java - Check
connectivity from $OA_JRE_TOP/bin/java by
using this JRE's trust-store
to the web-server.
2. Status Monitor Applet - Check connectivity from
client
machine based on appropriate run-time such
as Sun JRE or JInitiator. For
JInitiator, the certificates are stored under
<JInitiator Home>\lib\security\certdb.txt.
Java run-time is accessible using <JInitiator
Home>\bin\java.exe
1. openssl
utility available in Unix based platforms
2. This sample
SSLSocketClientTest.java
class can
be used to test a handshaking from the Java
run-time
1. Download
the Java class source code in a
directory. There is no
package name for this Java class.
2. Compile SSLSocketClientTest.java
as
javac -classpath $CLASSPATH
SSLSocketClientTest.java
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 9 of 12
How to update
the JDK Cacerts File?
These steps are mentioned as part of EBS SSL
setup MOS Doc Enabling
SSL in Oracle Applications Release 12.
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 10 of 12
Certificate Chains
A certificate chain establishes as chain of trust. The
certificate issued by a CA is not signed by their own
root certificate
but is signed by another CA's root certificate. For
example, VeriSign is the most
common CA whose user certificates that all the web
browsers trust. This
is because, the web browsers are pre-installed with
VeriSign's root
certificate. If another CA XyZ issues
a
certificate signed using VeriSign's
root
certificate, then the browser can trust the certificate
from XyZ simply because
the root certificate is issued by CA.
VeriSign's Root CA
Certificate >> XyZ's
Intermediate
CA Certificate >> Server Certificate
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 11 of 12
Conclusion
It is just a matter of establishing
trust between the client and
the server. Does the client have access to the
certificates to trust the
server?
Visit the Oracle Blog Contact Us
Learn more Learn more
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018
SSL in Oracle Workflow | Oracle E-Business Suite - Workflow Blog Page 12 of 12
https://blogs.oracle.com/oracleworkflow/ssl-in-oracle-workflow 1/19/2018