Enabling TLS in EBS R12.1.3 using wild card certificate

Hi Erman,

We are planning to implement TLS in our EBS R12.1.1.

Our current architecture is 1 Internal node, 1 External node and 1 Database node.

In our external node, TLS has been already implemented at load balancer as TLS Termination Point.

Now planning to do in our Internal node as well by following metalink note-Enabling TLS in Oracle E-Business Suite Release 12.1 (Doc ID 376700.1).

Already we have wild card certificate with our domain name. Do we still need to generate CSR and submit to our CA for server certificate or skip this section 5.2.1 step 1, step 2 and step 3 mentioned in document and proceed from step 4 use existing wild card certificate with our domain name.

Please provide your inputs.

Thanks,
Karthik

Yes.. It is already documented in that document you sent.
It says : "If you use wildcard certificate to protect multiple servers, specify the server name as an asterisk (*) plus the domain in Common Name. For example: *.domain.com ."

So this means, even if you have a wilcard certificate, still you should follow the "CSR creation, certificate importing etc" process.

Hi Erman,

Thanks for the update.

So after CSR creation, I can proceed with certificate import no need to submit CSR to CA for signing as already I have wild card certificate with domain name. Please confirm.

Thanks,
Karthik

Ofcourse your CSR and the certificate that you gonna import should be aligned in terms of all the attributes.
In other words, you need to create your CSR according to that present/ready certificate.

Hi Erman,

Using existing wildcard certificates didn't work. While starting services, we faced issue with server.key mismatch.

So we submitted csr request to CA and got new wildcard certificates. We have completed our TLS setup and its working fine. Since its wildcard cerficate, we have migrated sever.key and certificates to other instance and configured TLS. Its also working fine.

Thanks,
Karthik

Good for you Karthik.