For this blog i partenerd with Ati and the following post is the fruit of this collaboration.
Oracle Integration cloud is a PaaS service part of Oracle Cloud Infrastructure.
By default, when you provision the service, your service console will be part of the domain integration.ocp.oraclecloud.com.
This blog is showing how to configure a custom endpoint for the service.

As a prerequisite, you need to have access to an OCI instance, have the required credentials to edit the service, create a vault, create a DNS records and access to a TLS certificate for the custom endpoint.

I will not cover the provisioning of the service and the acquisition of a public domain or a TLS certificate.

Upload the TLS certificate to OCI

The OIC service is not storing the TLS certificate, it is only accessing it from an OCI vault.
Before following the steps described in the official documentation found here, let's understand how the TLS certificate looks like.

Understand the TLS certificate chain structure

When you generate a TLS certificate, typically, you will have the following files: the certificate, the full chain and the private key.
The full chain contains the path between the certificate and the root CA. In my blog i am using a certificate issued by Let'sEncrypt. You can see bellow that if we open the certificate with an editor we can observe multiple individual certificate delimited by "BEGIN CERTIFICATE" and "END CERTIFICATE".

You can observe that this chain has three certificates.
I will decrypt bellow the content of the chain to see the order in which the certificates are stored.

openssl crl2pkcs7 -nocrl -certfile star.ateam-oracle.cloud.fullchain.crt | openssl pkcs7 -print_certs -noout

Catalin Andrei

Master Principal Cloud Architect

Atefeh (Ati) Yousefi-Attaei

Senior Cloud Engineer | North America Cloud Engineering