reg ssl certificate

Dear Erman,

We are implementing the SSL for our new R12.2 instance.we have one hardware loadbalancer and 2 application nodes and 2 database nodes.Our concern was,where do we need to place the ssl/tls certificate?
1)do we need to place in both application nodes?
OR
2)do we need to place in load balancer?
OR
3)do we need place in both loadbalancer and application nodes?

Thank you

You can choose option 2 or option 3.. Your choice..
If you want full path SSL , then go with option 3.

Thanks erman for the update.

If we choose option 2,then the certificate generation should be done to the virtual host configured in loadbalancer right?
If yes,then loadbalancer team will be able to do that certificate generation from their end right?

Thanks for all the support

Yes.

Load balancer team will do it. But you should also do the required things on your side.

See -> Enabling SSL or TLS in Oracle E-Business Suite Release 12.2 (Doc ID 2143101.1), section : SSL Offloader Setup

sure,thank you erman.we will do that configuration.
so no need to generate any keys or certificates from our end if we go with option 2

No.

Thanks a lot.Our life became easy with option 2 :)


If client wants to go for End-to-End SSL,then from note id 2143101.1 which you have provided,we could see client side profile and server side profiles to be created


SSL Client:
Parent Profile = clientssl
Certificate & Key = Subject Alternative Name (SAN) based certificate installed on BIG-IP
Chain = Intermediate chain certificate specified

SSL Server:
Parent Profile = serverssl
Certificate & Key = Basic certificate issued to the EBS instance
Chain = Intermediate chain certificate specified


1)Certificate & Key for SSL Client(clientssl)  will be handled by loadbalancer team but for server ssl,how do we generate certificate and key.
I mean we have 2 application nodes-so for which host name we have to generate certificate and how about keys.I think we can extract the private/public keys from the certificate.please correct me if i am wrong

thanks for all the support

Dear erman,

Could you please update

Load Balancer team will do the Load Balancer-related SSL works (including clientssl)
serverssl is the Basic certificate issued to the EBS instance, and for that serverssl, you need to follow the actions documented in "Section 3: Application Tier Setup" of  "Enabling SSL or TLS in Oracle E-Business Suite Release 12.2 (Doc ID 2143101.1)".. I mean, the process starting with Creating a Wallet..

Thanks for the update erman.

Load Balancer team will do the Load Balancer-related SSL works (including clientssl)---its clear

we have a concern with "serverssl is the Basic certificate issued to the EBS instance"

we have 2 nodes.so to which hostname,we have to raise a certificate request to get the basic certificate?

Thanks for the support

for both of your nodes..

thanks erman.

once we get the certificates for both nodes from versign,then do we need to provide these certificates to loadbalancer team?do we need to provide any keys to them?

As documented -> "Certificate & Key"

These profiles are load-balancer related.

In short; "the SSL offloader needs to be aware of the SSL certificate information on the EBS side, and EBS in turn needs to be aware of the SSL certificate information of the SSL offloader"

So according to this, tell your Load Balancer admin to configure the Load Balancer properly.
He/or she should request these inputs from you anyways.