0 Replies Latest reply on Jun 9, 2016 3:17 PM by MarkStewart

    ORDS 3.0.5 - How to create DER encoded private key

    MarkStewart

      Okay, I will be running ORDS in standalone mode as front-end to APEX 5.0.3.00.03.  I was able to successfully run ORDS using the self-signed certificate option.  When I tried to use a real certificate, I did these steps:


      1. Created a certificate signing request (CSR)
      2. Obtained an SSL Certificate and then created a private key using the command
        • openssl req -new -newkey rsa:2048 -nodes -out external_example_com.csr -keyout external_example_com.key -subj "/C=PL/ST=Warsaw/L=Warsaw/O=Example Company/OU=Servers/CN=external.example.com"
      3. Ran java -jar ords.jar and answered all the questions, and got an exception
      4. Then I read the manual for ORDS 3.0.5, and saw I needed a DER encoded private key
      5. Tried this command to create a DER-encoded private key from the external_example_com.key with the output file name of  external_example_com.der
        • openssl rsa -outform DER -in external_example_com.key  -out external_example_com.der
      6. removed the params directory and reran java -jar ords.jar and answered all the questions, specifying
        • Enter the path for the SSL Certificates private key:/etc/ssl/external_example_com.der
      7. Got an exception.

       

      2016-06-03 16:55:36.127:INFO::main: Logging initialized @444508ms
      Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty setupSSL
      INFO: Provided certificate. Removing old the keystore files
      Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty setupSSL
      INFO: Deleted ords keystore false
      Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty setupSSL
      INFO: Deleted priv key false
      Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty setupSSL
      INFO: Deleted passfile false
      Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty setupSSL
      INFO: User provided certificate.
      Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty readCertificate
      SEVERE: Error extracting private key
      Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty readCertificate
      SEVERE: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
      java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
              at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(Unknown Source)
              at java.security.KeyFactory.generatePrivate(Unknown Source)
              at oracle.dbtools.standalone.StandaloneJetty.readCertificate(StandaloneJetty.java:343)
              at oracle.dbtools.standalone.StandaloneJetty.setupSSL(StandaloneJetty.java:511)
              at oracle.dbtools.standalone.StandaloneJetty.start(StandaloneJetty.java:216)
              at oracle.dbtools.standalone.Standalone.execute(Standalone.java:438)
              at oracle.dbtools.cmdline.DefaultCommand.execute(DefaultCommand.java:134)
              at oracle.dbtools.cmdline.Commands.execute(Commands.java:193)
              at oracle.dbtools.cmdline.Commands.main(Commands.java:154)
              at oracle.dbtools.cmdline.Commands.main(Commands.java:346)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
              at java.lang.reflect.Method.invoke(Unknown Source)
              at oracle.dbtools.jarcl.Entrypoint.main(Entrypoint.java:58)
      Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
              at sun.security.pkcs.PKCS8Key.decode(Unknown Source)
              at sun.security.pkcs.PKCS8Key.decode(Unknown Source)
              at sun.security.rsa.RSAPrivateCrtKeyImpl.(Unknown Source)
              at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(Unknown Source)
              at sun.security.rsa.RSAKeyFactory.generatePrivate(Unknown Source)
              ... 15 more
      
      

       

      I tried also encoding the public certificate too, and also got an exception.