Forum Stats

  • 3,783,024 Users
  • 2,254,721 Discussions
  • 7,880,247 Comments

Discussions

HTTPS ORDS

Dear sir

I need a step-by-step guide to install and execute HTTPS-enabled ORDS on TOMCAT. I have successfully installed and working fine in standalone HTTP.


Request you to suggest the required document to install and configuration of HTTPS enabled ords on TOMCAT and how to configure and execute RESTFUL APIs


Thanking you

Regards

Subbarao Dasari

Answers

  • Suresh-Sangaran-Oracle
    Suresh-Sangaran-Oracle Member Posts: 245 Employee

    HTTPS for ORDS is already answered in your last post.

    SSL for Tomcat you need to check the tomcat guide. I found below for Tomcat 9

    https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html

  • Billy Verreynne
    Billy Verreynne Software Engineer Member Posts: 28,655 Red Diamond

    You need to use the Java keytool program to generate a keystore file. I use the following basic approach - which may vary a bit depending Java version used.

    First you need to generate a keystore - my examples are for Linux bash:

    # keystore password
    PASS="secret_password"
    # name and location of keystore file
    KEYFILE="ords-keystore"
    # name and domain of web server
    ALIAS="my-tomcat.mydomain.com"
    # Subject Alternative Names: all hostnames and IPs of web server(s) to generate certificate for
    SAN="dns:my-tomcat.mydomain.com,ip:192.168.0.100"
    
    # generate keystore
    keytool -genkey -alias $ALIAS -keysize 2048 -keyalg RSA -sigalg SHA256withRSA -keystore $KEYFILE -ext "SAN=$SAN" -storepass $PASS
    

    Next you need to generate the certificate request:

    # name and location of cert request
    CERTREQ="ords-certreq.cer"
    # create request
    keytool -certreq -keyalg RSA -alias $ALIAS -file $CERTREQ -keystore $KEYFILE -storepass $PASS
    

    You send the certificate request file to be signed. The signer needs to provide you with their RA (Registration Authority) and CA (Certficate Authority) certificates, and your signed certificate - in base64 format.

    You now load the RA and CA certificates:

    # name and location of certificate file to load
    FILE="RA-Foo-b64.cer"
    # load it as a trusted certificate
    keytool -import -alias $ALIAS -keystore $KEYFILE -trustcacerts -file $FILE -storepass $PASS -noprompt
    

    Lastly, load your signed certificate

    # name and location of certificate file
    FILE="certnew.cer"
    # load your signed certificate
    keytool -importkeystore -srckeystore $FILE -srcstoretype pkcs12 -destkeystore $KEYFILE -deststoretype JKS -storepass $PASS -noprompt
    

    Now update your Tomcat's server.xml file with the name and location of your keystore file, and its password:

      <Connector
        protocol="org.apache.coyote.http11.Http11NioProtocol"
        port="4443" maxThreads="200"
        scheme="https" secure="true" SSLEnabled="true"
        keystoreFile="/..location../ords-keystore" keystorePass="secret_password"
        clientAuth="false" sslProtocol="TLS"/>
    


  • Subbarao Dasari
    Subbarao Dasari Member Posts: 17 Green Ribbon

    I have tried and installed standalone ORDS and enabled HTTPS with a self-generated certificate.

    But while creating restful data services from SQL developer, it shows the following error message during connection


    Cannot connect to con.

    sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  • Subbarao Dasari
    Subbarao Dasari Member Posts: 17 Green Ribbon

    where would the self-generated certificate be stored during ORDS installation as I have selected HTTPS and self-generated certification during ORDS installation


    Regards

    Subbarao Dasari

  • Billy Verreynne
    Billy Verreynne Software Engineer Member Posts: 28,655 Red Diamond

    I have never used ORDS standalone - all my web servers are running Tomcat with ORDS.

    On the internal (intranet) web servers, I sign our https certificates using our company's internal RA and CA certificates. So it is self-signed but using RA/CA certificates.

  • thatJeffSmith-Oracle
    thatJeffSmith-Oracle Distinguished Product Manager Posts: 8,262 Employee

    But while creating restful data services from SQL developer, it shows the following error message during connection

    Just use the REST dev feature in your connection tree. Connect to a db, right click to rest enable the schema, then use the REST item in your schema object type list.


    Or use SQL Developer Web to create your APIs.



  • Subbarao Dasari
    Subbarao Dasari Member Posts: 17 Green Ribbon

    Thank you for your immediate reply sir

    I tried to install ORDS on the tomcat server but it is working in HTTP only and could not configure HTTPS.

  • Subbarao Dasari
    Subbarao Dasari Member Posts: 17 Green Ribbon

    I am getting the following error message and unable to login ORDS page


    There is a problem with your environment because the Application Express files have not been loaded. Please verify that you have copied the images directory to your application server as instructed in the Installation Guide. In addition, please verify that your image prefix path is correct. Your current path is /i/ (it should contain both starting and ending forward slashes, such as the default /i/). Use the SQL script reset_image_prefix.sql if you need to change it.


    I created i but not /i/ since the window is not allowing me to create /i/ folder and copy all the images files into i directory.

    I also change the directory from i to images using change script but no vain.


    Regards

    Subbarao Dasari

  • thatJeffSmith-Oracle
    thatJeffSmith-Oracle Distinguished Product Manager Posts: 8,262 Employee

    "I tried to install ORDS on the tomcat server but it is working in HTTP only and could not configure HTTPS."


    That sounds like a Tomcat issue, not ORDS.