ORDS 3.0.5 - How to create DER encoded private key
Okay, I will be running ORDS in standalone mode as front-end to APEX 5.0.3.00.03. I was able to successfully run ORDS using the self-signed certificate option. When I tried to use a real certificate, I did these steps:
- Created a certificate signing request (CSR)
- Obtained an SSL Certificate and then created a private key using the command
- openssl req -new -newkey rsa:2048 -nodes -out external_example_com.csr -keyout external_example_com.key -subj "/C=PL/ST=Warsaw/L=Warsaw/O=Example Company/OU=Servers/CN=external.example.com"
- Ran java -jar ords.jar and answered all the questions, and got an exception
- Then I read the manual for ORDS 3.0.5, and saw I needed a DER encoded private key.
- Tried this command to create a DER-encoded private key from the external_example_com.key with the output file name of external_example_com.der
- openssl rsa -outform DER -in external_example_com.key -out external_example_com.der
- removed the params directory and reran java -jar ords.jar and answered all the questions, specifying
- Enter the path for the SSL Certificates private key:/etc/ssl/external_example_com.der
- Got an exception.
2016-06-03 16:55:36.127:INFO::main: Logging initialized @444508ms Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty setupSSL INFO: Provided certificate. Removing old the keystore files Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty setupSSL INFO: Deleted ords keystore false Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty setupSSL INFO: Deleted priv key false Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty setupSSL INFO: Deleted passfile false Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty setupSSL INFO: User provided certificate. Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty readCertificate SEVERE: Error extracting private key Jun 03, 2016 4:55:36 PM oracle.dbtools.standalone.StandaloneJetty readCertificate SEVERE: java.security.InvalidKeyException: IOException : algid parse error, not a sequence java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(Unknown Source) at java.security.KeyFactory.generatePrivate(Unknown Source) at oracle.dbtools.standalone.StandaloneJetty.readCertificate(StandaloneJetty.java:343) at oracle.dbtools.standalone.StandaloneJetty.setupSSL(StandaloneJetty.java:511) at oracle.dbtools.standalone.StandaloneJetty.start(StandaloneJetty.java:216) at oracle.dbtools.standalone.Standalone.execute(Standalone.java:438) at oracle.dbtools.cmdline.DefaultCommand.execute(DefaultCommand.java:134) at oracle.dbtools.cmdline.Commands.execute(Commands.java:193) at oracle.dbtools.cmdline.Commands.main(Commands.java:154) at oracle.dbtools.cmdline.Commands.main(Commands.java:346) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at oracle.dbtools.jarcl.Entrypoint.main(Entrypoint.java:58) Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence at sun.security.pkcs.PKCS8Key.decode(Unknown Source) at sun.security.pkcs.PKCS8Key.decode(Unknown Source) at sun.security.rsa.RSAPrivateCrtKeyImpl.(Unknown Source) at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(Unknown Source) at sun.security.rsa.RSAKeyFactory.generatePrivate(Unknown Source) ... 15 more
I tried also encoding the public certificate too, and also got an exception.