Outbound Encryption involves connections from Oracle E-Business Suite to external site(s). For outbound connections, the SHA (can be SHA-1 or SHA-2) signed PKI certificate is requested from a CA by a site you are connecting to from Oracle E-Business Suite is certified.
For this case, Oracle E-Business Suite is acting as an HTTPS client. You must trust the root CA of the remote server’s certificate chain in your truststore. Example include, but are not limited to the following:
- Punchout in iProcurement.
- XML Gateway connection to a partner applications.
- Payments credit card processing.
- Dunn & Bradstreet (HZ).
- International Trade Management (ITM) for screening orders and deliveries.
- CIS Tax Module
Outbound encryption for iProcurement and XML gateway to use SSLv3 with TLS / SHA2 certificates:
- Release 12.1: Apply Patch 19835592:R12.ICX.B “Fix for Bug 19835592“
If the supplier punchout site supports both SSLv3 and TLS, or TLS only, then it will work after applying the patch.- Any punchout suppliers who are only using SSLv3 will need to migrate to (or add) TLS protocol. The SSL protocol (v2 or v3) is no longer supported for use with Oracle iProcurement. Supplier sites will need to use TLS protocol
- The fix also supports any TLS v1 version (TLS v1.0, v1.1 and v1.2)
- For XML gateway
- Follow the instructions in the patch README and apply the following patch: 19909850
SHA-2 signed PKI certificates are now certified for inbound connections to the Oracle HTTP Server (OHS) delivered with Oracle E-Business Suite 12.1.3
You must apply the minimum requirements when using SHA-2 signed PKI certificates. Minimum requirements include the following:
- Upgrade FMW 10.1.3 to 10.1.3.5
- Apply at least the October 2015 CPU to FMW 10.1.3.5
- Follow instructions from below document for requesting SSL certificates, and loading into Oracle Wallet:
- Enabling SSL or TLS in Oracle E-Business Suite Release 12 (Doc ID 376700.1)
Oracle Applications, OBIEE, EPM and FMW DBA 