The Subscriber channel sends information from the Identity Vault to the Web service. To establish a secure connection for the Subscriber channel, you need a trust store containing a certificate issued by the certificate authority that signed the server’s certificate.
Oracle Wallet Manager is an application used to manage and edit security credentials in Oracle wallets. A wallet is a password-protected container that stores authentication and signing credentials, including private keys, certificates, and trusted certificates, all of which are used by SSL for strong authentication. For more information, see Managing Wallets and Certificates.
If you are not using the default wallet.
Change the SSLWallet property in the ssl.conf file to point the path of the wallet. For example, if SSL wallet file is present in the /etc/ORACLE/WALLETS/pub location, enter this path in the ssl.conf file (for example, /u01/app/VIS/inst/apps/VIS_hostname/ora/10.1.3/conf/ssl.conf).
Add the path of the wallet in the sqlnet.ora file:
WALLET_LOCATION=
(SOURCE=
(METHOD=file)
(METHOD_DATA=
(DIRECTORY=/etc/ORACLE/WALLETS/pub)))
The sqlnet.ora file is present in the <ORACLE_HOME>/network/admin/<VIS_hostname> location.
Specify the HTTPS port as Listen in the ssl.conf file. For example, Listen 4443.
Start the Oracle Wallet Manager and create the certificate in the Oracle EBS system:
UNIX: At the command line, enter owm.
Windows: Select Start > Programs > Oracle-HOME_NAME > Network Administration > Wallet Manager.
Add a certificate request to an Oracle wallet. Click Operations > Add Certificate Request.
The Common Name must match with the hostname (don't include port). This is same as the Server Name entry in the httpd.conf file (for example, sles11sp164-ora.novell.com)
Export the certificate request created in 3a. Click Operations > Export Certificate Request, then save the exported file with a .csr extension (for example, subreq.csr).
(Conditional) Create a new Certificate Authority.
openssl req -new -x509 -keyout cakey.pem -out cacert.crt -days 365
Omit this step if you are using an existing Certificate Authority.
Create the user certificate.
openssl x509 -req -in subreq.csr -CA cacert.crt -CAkey cakey.pem -CAcreateserial -days 365 > server.crt
Add the cacert.crt certificate to the wallet. Click Operations > Import Trusted Certificate.
Add the server.crt certificate to the wallet. Click Operations > Import User Certificate.
Save the wallet, then restart the Oracle EBS system.
If you are not using default wallet location, copy the wallet files to the custom location.
Download the certificate created in Step 3 from the Oracle EBS system.
Export the certificate using the Oracle Wallet Manager.
Or
Type the URL in a Web browser and download the certificate.
For example, type https://sles11sp164-ora.novell.com:4443.
Copy the certificate to the Identity Vault machine.
Add the certificate to the trust store using the keytool.
keytool -import -file subscriber.cer -trustcacerts -noprompt -keystore dirxml.keystore -storepass novell
where subscriber.cer is the certificate downloaded in Step 4.
Configure the Subscriber channel to use the keystore name (dirxml.keystore) created in Step 6:
In iManager, in the Roles and Tasks view, click Identity Manager > Identity Manager Overview.
Locate the driver set containing the Oracle EBS driver, then click the driver’s icon to display the Identity Manager Driver Overview page.
On the Identity Manager Driver Overview page, click the driver’s icon again, then scroll to Subscriber Settings.
In the Truststore File setting, specify the path to the keystore created in Step 6.
Click Apply, then click OK.
NOTE:For setting up mutual authentication on the Subscriber channel, follow the instructions from Configuring the Publisher Channel Using the Keystore File and add the certificate to the keystore file in the Subscriber channel mutual authentication settings.