11 Replies Latest reply: Sep 9, 2012 5:06 AM by Udo RSS

    SSL on standalone mode

    Roger25
      Hi all,
      In the documentation i've read:

      Oracle highly recommends you configure and use Secure Sockets Layer (SSL) to ensure that passwords and other sensitive data are not transmitted in clear text in HTTP requests. Without the use of SSL, passwords could potentially be exposed, compromising security.


      So, is it possible to configure the new apex listener (1.1.4) with SSL in standalone mode? (i choosed to install in standalone mode) If so, how?
      Or do I need a WebLogic in front of to do this?

      thanks

      Edited by: Roger22 on 08.09.2012 00:01
        • 1. Re: SSL on standalone mode
          phaeus
          Hello,
          to use SSL you must Secure your Listening Port. So if you are Using Oracle OHS then you should use a Wallet. If you are using Glasfish then you must there install your Certificate.

          regards
          Peter
          • 2. Re: SSL on standalone mode
            Roger25
            And if i don't use OHS, nor Glassfish, but the "standalone" option? what should i use?



            Install Oracle Application Express Listener. Options include:

            Standalone Mode. See "Installing in Standalone Mode".

            Oracle WebLogic Server. See "Installing with Oracle WebLogic Server".

            Oracle GlassFish Server. See "Installing with Oracle GlassFish Server".

            Oracle Containers for J2EE (OC4J). See "Installing with Oracle Containers for J2EE (OC4J)".


            I choosed Standalone Mode

            Edited by: Roger22 on 08.09.2012 00:41
            • 3. Re: SSL on standalone mode
              Roger25
              I see i can use SSL with OC4J. Where can i download OC4J from, and which version? I have APEX 4.1.1
              • 4. Re: SSL on standalone mode
                Udo
                Hi Roger,

                APEX Listener doesn't support SSL in Standalone Mode directly. You either have to use a regular JEE container with SSL support or you can put an SSL-enabled proxy server (e.g. Apache HTTP Server) in front of it. The APEX version you use is not relevant for that aspect.
                Concerning OC4J, the [url http://docs.oracle.com/cd/E21611_01/doc.11/e21058/install.htm#CHDBABFF]APEX Listener Installation Guide states that
                Release 10.1.3.4 or higher
                is supported.
                If you don't have a server suite (like "good old" OAS/IAS), you can also use the OC4J standalone. Downloads are available at [url http://www.oracle.com/technetwork/middleware/ias/downloads/utilsoft-090603.html]OC4J's OTN page.
                Note that OC4J needs proper licensing if you deploy it to a scenario that is not covered by OTN License.

                -Udo
                • 5. Re: SSL on standalone mode
                  Roger25
                  It's just for personal use/development/testing, so i think i can download Version 10.1.3.5.0 from http://www.oracle.com/technetwork/middleware/ias/downloads/utilsoft-090603.html
                  However i'm not clear with the following: The APEX Listener is .. just a listener, and it needs a server to run? (Weblogic / OC4J / Glassfish)
                  So, for standalone mode, the listener runs on which server? I'm not sure i understand this, the listener and the server. Also, for personal development and use, what do you recommend? OC4J it's ok?

                  Edited by: Roger22 on 08.09.2012 13:29
                  • 6. Re: SSL on standalone mode
                    Udo
                    It's just for personal use/development/testing, so i think i can download Version 10.1.3.5.0 from http://www.oracle.com/technetwork/middleware/ias/downloads/utilsoft-090603.html
                    If "testing" just concerns the previous two scenarios, this should be fine.
                    However i'm not clear with the following: The APEX Listener is .. just a listener, and it needs a server to run? (Weblogic / OC4J / Glassfish)
                    It's a JEE application that needs a JEE container to serve it, right.
                    So, for standalone mode, the listener runs on which server?
                    APEX Listener ships with an embedded JEE container (grizzly). These two together with a few additional functions (like command line interface to configure some properties) make up the "Standalone Mode". The embedded grizzly lacks several features a "full-blown" JEE container, which is why it is not recommended to use it for production deployments. However, it can be very useful for some quick and lightweight deployment of APEX/APEX Listener.
                    Also, for personal development and use, what do you recommend? OC4J it's ok?
                    That depends on what you are actually planning to do. If you already have some other JEE container, you could use that one. If you just want access to an APEX instance, e.g. your local XE database, you might as well go on with "Standalone Mode". OC4J still has a very small footprint compared to the other officially supported JEE containers, so you can use it. If you want something with a better admin GUI for the container itself, you might want to consider the Open Source Edition of GlassFish.

                    -Udo
                    • 7. Re: SSL on standalone mode
                      Roger25
                      Ok, i will use Glassfish, even if it's just for personal use, not production, because even if i run all the applications on my localhost, i want a better admin GUI, and UI.
                      However, how can i configure SSL with glassfish?
                      I have Oracle Database 11gR2, not Oracle XE :)

                      Thanks!

                      Edited by: Roger22 on 08.09.2012 14:02
                      • 8. Re: SSL on standalone mode
                        Udo
                        Ok, i will use Glassfish, even if it's just for personal use, not production, because even if i run all the applications on my localhost, i want a better admin GUI, and UI.
                        If you need one, you can do that. However, if it's just for APEX Listener, time and memory usage will be much smaller in Standalone Mode.
                        However, how can i configure SSL with glassfish?
                        Is that really necessary when just working on your local machine?
                        Either way, this has nothing to do with APEX Listener itself, so please consider the [url http://glassfish.java.net/docs/index.html]GlassFish documentation for questions on GlassFish configuration. The "All-in-one Zip archive" for GlassFish OSE referenced there contains all you need (and probably more). SSL configuration is covered in the Administration Guide in chapter "Administering HTTP Network Listeners". Basically this is: Choose the HTTP Listener you want to secure or create a new one, take your SSL certificate and enable SSL for that HTTP Listener using your cert. Pretty straightforward.
                        I have Oracle Database 11gR2, not Oracle XE
                        ;) Well, I guess I know what you mean, though there exists an 11.2 release for XE as well. Just as a side note (and to make sure wording is used precisely in OTN forums): It's always Oracle Database <Edition> 11g Release 2, e. g. "Oracle Database Express Edition 11g Release 2", "Oracle Database Standard Edition (One) 11g Release 2" or "Oracle Database Enterprise Edition 11g Release 2".

                        -Udo
                        • 9. Re: SSL on standalone mode
                          Roger25
                          Ok, Oracle Database Enterprise Edition 11gR2 is mine.. ;)

                          However, one more question: In the doc i see:



                          You can install Oracle Application Express Listener with Oracle GlassFish Server. Oracle GlassFish Server is available for download from the Oracle Technology Network. See:

                          http://www.oracle.com/technetwork/java/javaee/downloads/index-jsp-140710.html


                          And you mentioned about a "All in one ZIP archive".. what archive do you refer to? And where can i download from?
                          I downloaded the executable file from here: http://www.oracle.com/technetwork/java/javaee/downloads/ogs-3-1-1-downloads-439803.html
                          This is not ok? or what Glassfish OSE should i download?


                          EDIT: Well, SSL is not really necessary when running on localhost, but i just want to see how can i configure it, and test it, with https://...... , for future reasons.
                          regards

                          Well, i found this: http://glassfish.java.net/downloads/3.1.2.2-final.html
                          This is the OSE that you reffered to?

                          Edited by: Roger22 on 08.09.2012 15:33
                          • 10. Re: SSL on standalone mode
                            Roger25
                            Ans regarding to SSL certificates... it seems i need to purchase something from Godaddy ? Can't i generate or obtain a free certificate, for personal use only?
                            • 11. Re: SSL on standalone mode
                              Udo
                              And you mentioned about a "All in one ZIP archive".. what archive do you refer to? And where can i download from?
                              I provided a link to the download page...
                              I downloaded the executable file from here: http://www.oracle.com/technetwork/java/javaee/downloads/ogs-3-1-1-downloads-439803.html
                              This is not ok? or what Glassfish OSE should i download?
                              That's the Oracle GlassFish Server. As long as you stay within the OTN license, you can use that one as well. It's the officially supported version. You'll find the corresponding documentation on the OTN site as well.
                              I referenced to the Open Source Edition in a previous post and used the short form (OSE) afterwards. The OSE is available for free and shares the same basis as the commercial Oracle GlassFish Server. The commercial version has additional features, especially for "enterprise management", and of course official support. If you don't need that (which doesn't seem to be the case), you'll be fine with OSE.
                              Well, i found this: http://glassfish.java.net/downloads/3.1.2.2-final.html
                              This is the OSE that you reffered to?
                              Yes. (See link in previous post.)
                              Ans regarding to SSL certificates... it seems i need to purchase something from Godaddy ? Can't i generate or obtain a free certificate, for personal use only?
                              This again is no APEX Listener specific question at all...
                              Anyway, you'll find comprehensive tutorials on how to create your non-official certificate [url http://lmgtfy.com/?q=create+ssl+certificate]here.

                              -Udo