Skip to Main Content
Forums

ORDS, SODA & JSON in the Database

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

The problem with certificates

Ali Mehmet - Turning PointJul 11 2023 — edited Jul 11 2023

its that time of year when our CA certs need to be updated (lord know what will happen if the move to every 3 months comes into force!)

I followed my normal documented process as I have followed over the last 3 years. this time our development DB's ORDS would not accept the DER encoded private key file (took 4 attempts) we are running in standalone mode. then moved on to our UAT environment, also standalone, but absolutely no joy :(

P1 SR raised
3 days later……

I was told that the as documented command was wrong! when I was given the correct command (which was found with Google the support engineer tells me) ORDS just worked.

For those of you who may experience the same issue this is the detail:

link to oracle documentation - check out the section on generating the DER encoded private key file for ORDS
https://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbi/administer-ords.html#GUID-CFF2853B-1375-4F71-9600-69347A47A291

the command documented and I have successfully used in the past is is follows:
openssl pkcs8 -topk8 -inform PEM -outform DER -in <your private key file name>.pem -out <your private key file name>.der –nocrypt

irritatingly this actually generates a file but there is no way, that I have found, to verify it. Tell ORDS where it is after chown'ing and chmod'ing it and start ORDS. It will bleat and tell you the DER file is not correct. Much time and stress later I am given the following command

openssl pkcs8 -topk8 -inform PEM -outform DER -in <your private key file name>.pem -out <your private key file name>.der -passin pass:'your key phrase/password' -nocrypt

issued the chown and chomd commands and started ORDS - came straight up.

have a conversation abou the ‘documentation’ with our account team.

HERE' S A THOUGHT

if ORDS is running in STANDALONE mode on the same server as the database (with SSL) from which APEX is hosted (like in a DEV environment) why cant ORDS just reference the same xdb_wallet as the database? That is where the certificate and private key reside. All we would need to do is update the standalone.properties file and edit the new entry (hopefully) with the path to the xdb_wallet.

Feature or change request?

Oh and it would be nice if ORACLE SORTED OUT ITS DOCUMENTATION! look at that I appear to be shouting
Comments
Post Details
Added on Jul 11 2023
1 comment
465 views