Security Setup:
Step1 : Create a self signed certificate for the host using the Oracle Certificate Authority, the tutorial for the same is as below.
http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/devapp06.htm
http://www.oracle.com/technology/products/oid/oidhtml/sec_idm_training/html_masters/ basics06.htm
Alternatively it is possible to obtain a certificate from the CA(certificate Authority like Verisign or Thwarte) . Certificate extension should not matter, as long as you use x.509 compliant certificate.
Step2: Import the host certificate into the Oracle Wallet along with the Root certificate.
Step 3: Make sure you have specify the wallet location properly (folder name) in the file <Oraclehome>/ip/configuration/tip.properties.
E.g. oracle.tip.adapter.b2b.WalletLocation = c:/tmp/soa/b2b
Step 3: Using Oracle Integration B2b, The following are the steps to configure for secured way of transferring messages between trading partners.
à Select Partners
à Select Trading Partner
à Select Acme<Host>
à Click on “Update”
Enter the following information
General Page: Enter the following information
Field Value
New Wallet Password <Password>
Confirm New Password <Password>
à Click Apply
step 4: Setting up the Host Delivery Channel:
For providing the Security Information for Host Trading Partner (Acme)
Create Communication Capability
à Select Trading Partners
àSelect Acme
à Select Capabilities
à Select <Business protocol>
àSelect Create Communication Capability
Delivery Channel Page
Prompts to define the following delivery channel details for the secure exchange of messages between trading partners:
· Delivery channel name
· Acknowledgment mode
· Global usage code
· If nonrepudiation of receipt and nonrepudiation of origin are
Required
· If encryption, transport security, and compression are enabled
· Time to acknowledgment value
· Retry count value
Note: The selections you make on this page for nonrepudiation of receipt, nonrepudiation of origin, encryption, and transport security determine the fields that display and the transport protocols that are selectable on subsequent pages of this wizard.
Document Exchange Page
Prompts to define the following document exchange characteristics for exchanging messages between trading partners
· Document exchange name
· Exchange protocol revision (for example, RosettaNet V02.00 or
01.10) and parameter values that can be overridden, if necessary
· Document exchange protocol parameters
· Digital signature, signing credential, and certificate file if you
Selected “Yes” for nonrepudiation of receipt and nonrepudiation
of origin on the Delivery Channel page.
· Digital envelope, encryption credential, and certificate file if
you selected “Yes” to enable encryption on the Delivery Channel
page.
In the Document Exchange window, enter the following information,
Encryption:
There is a need to select Digital Envelope algorithm depending on whether encryption is enabled.
New encryption credential can be created using create new or use the existing Encryption credentials. For new credentials use Browse button to locate Host certificate as it is used to decrypt the message. Make sure this certificate should be available in the e-wallet.
Non-Repudiation: If Non-Repudiation is enabled then select the Digital Signature and Signing credentials. Use Browse button to locate Host certificate for Digitally Signing the outbound Message. Make sure this certificate should be available in the e-wallet.
B2B engine uses the certificate from the repository for both signing and encryption and also a lookup to the wallet for Private key, hence there is a need to import the host certificate into the wallet as well.
Note: There is another way to specify the Certificates,
à Select Partners
à Select Trading Partner
à Select Acme<Host>
à Click on “Create” under Certificate
Enter the following information
Field Value
Name <Any valid Name>
Certificate File <Using browse to locate the certificate >
à Click Apply
Use this certificate while creating the Delivery Channel by selecting “Use Existing”.
Step 5: Setting up the Trading Partner Delivery Channel:
Providing the Security Information for Remote Trading Partner (GlobalChips)
Create Communication Capabilities
à Select Trading Partners
àSelect GlobalChips
à Select Capabilities
à Select <Business protocol>
àSelect Create Communication Capability
Delivery Channel Page
Prompts to define the following delivery channel details for the secure exchange of messages between trading partners:
· Delivery channel name
· Acknowledgment mode
· Global usage code
· If nonrepudiation of receipt and nonrepudiation of origin are
Required
· If encryption, transport security, and compression are enabled
· Time to acknowledgment value
· Retry count value
Note: The selections you make on this page for nonrepudiation of receipt, nonrepudiation of origin, encryption, and transport security determine the fields that display and the transport protocols that are selectable on subsequent pages of this wizard.
Document Exchange Page
Prompts to define the following document exchange characteristics for exchanging messages between trading partners
· Document exchange name
· Exchange protocol revision (for example, RosettaNet V02.00 or
01.10) and parameter values that can be overridden, if necessary
· Document exchange protocol parameters
· Digital signature, signing credential, and certificate file if you
Selected “Yes” for nonrepudiation of receipt and nonrepudiation
of origin on the Delivery Channel page
· Digital envelope, encryption credential, and certificate file if
You selected “Yes” to enable encryption on the Delivery Channel
Page
In the Document Exchange window, enter the following information,
Encryption:
There is a need to select Digital Envelope algorithm depending on whether encryption is enabled.
New encryption credential can be created using create new or use the existing Encryption credentials. For new credentials use Browse button to locate Trading Partner certificate as it is used to encrypt the outbound message.
Non-Repudiation: If Non-Repudiation is enabled then select the Digital Signature and Signing credentials. Use Browse button to locate Trading Partner certificate for Digital signature verification for the inbound message.