Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

ORDS : activate HTTPS - 400 Invalid SNI

BlueForest85May 31 2023 — edited May 31 2023

Hello everyone,

I've installed APEX and ORDS on a Windows Server 2022. Everything works well, the instance is configured, in HTTP.

I want to activate HTTPS. I have a pfx file, with it's password. I converted it into a crt file, and der file, using these commands :

openssl pkcs12 -in __mypfxfile.pfx -clcerts -nokeys -out __mycrtfile.crt 

openssl x509 -in __mycrtfile.crt -outform der -out __myderfile.der

Here is the content of my ords settings.xml config file :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<comment>Saved on Sat May 20 07:12:43 UTC 2023</comment>
<entry key="database.api.enabled">true</entry>
<entry key="standalone.context.path">/ords</entry>
<entry key="standalone.doc.root">D:\app\APEX\23.1\ords-23.1.2.115.1944\config\global\doc_root</entry>
<entry key="standalone.http.port">80</entry>
<entry key="standalone.static.context.path">/i</entry>
<entry key="standalone.static.path">/D:/app/APEX/23.1/ords-23.1.2.115.1944/images/</entry>

<entry key="org.eclipse.jetty.server.Request.maxFormContentSize">30000000</entry>
<entry key="security.requestValidationFunction">wwv_flow_epg_include_modules.authorize</entry>
<entry key="jdbc.InitialLimit">10</entry>
<entry key="jdbc.MinLimit">1</entry>
<entry key="jdbc.MaxLimit">100</entry>

<entry key="standalone.use.ssl.cert">true</entry>
<entry key="standalone.https.port">443</entry>
<entry key="standalone.ssl.cert.path">D:\app\__mycrtfile.crt</entry>
<entry key="standalone.ssl.key.path">D:\app\__myderfile.der</entry>
<entry key="standalone.ssl.host">localhost</entry>
<entry key="standalone.use.https">true</entry>
</properties>

When I launch ORDS (using the command ords --config D:\app\APEX\23.1\ords-23.1.2.115.1944\config serve), it listens on port 443 as expected.

However, when I get on APEX, I get a message (on Google Chrome), stating that the connection is not secured (at least I get a message, which is good !)

I notice that, in the same folder as settings.xml file, a standalone folder is created, with inside 2 files, a self-signed.key file, and self-signed.pem file. I don't know if it's normal, as I use a crt and der file. Maybe I use the wrong formats ?

When I choose continue, I get a 400 Invalid SNI error :

HTTP ERROR 400 Invalid SNI 
URI: /ords 
STATUS: 400 
MESSAGE: Invalid SNI 
SERVLET: - 
CAUSED BY: org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI 
Caused by: 
org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI 
at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:266) 
at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:207) 
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:501) 
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) 
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) 
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:457) 
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421) 
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390) 
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277) 
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:199) 
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:208) 
at org.eclipse.jetty.http2.HTTP2Connection.onFillable(HTTP2Connection.java:155) 
at org.eclipse.jetty.http2.HTTP2Connection$FillableCallback.succeeded(HTTP2Connection.java:378) 
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) 
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558) 
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379) 
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146) 
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) 
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) 
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421) 
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390) 
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277) 
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139) 
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411) 
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933) 
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077) 
at java.base/java.lang.Thread.run(Thread.java:834)

I think it's about a small detail. However I'm not sure that a crt + der files are what is required. Can you confirm my configuration here, in the settings.xml file ?

I get this error even if I set another value as standalone.ssl.host.

Thank you for your help and expertise.
Comments
Post Details
Added on May 31 2023
2 comments
3,443 views