During development it is sometimes necessary to able to run your webapplication under SSL. To obtain a test certificate from verisign can sometimes take a little too much time and effort. Especially when there is a bug waiting to be fixed.
This post describes an easy way to create a certificate yourself using SUN’s keytool and configure OC4J to use it. It originates almost one to one from the Oracle Application Server Containers for J2ee Stand Alone User’s Guide (how about that for a title).
I assume that you have at least JDK 1.3 installed and setup correctly. Make sure that the you set the PATH to include the JDK’s bin directory.
1. Create a certificate
- Open a command prompt and change directory to the config directory of your OC4J instance
- type the following:
keytool -genkey -keyalg "RSA" -keystore sslfile -storepass simanoel -validity 365
- the keystore option sets the filename where the keys are stored
- the storepass option sets the password for the keystore
- the validity sets the number of days the certificate is valid
The keytool will prompt several questions to you. Just answer these as you please.
The new keystore file ( sslfile in my case ) is created in the current directory (config in this case)
2 . Setting up OC4J
- If you don’t already have a
secure-web-site.xmlfile in your OC4J config directory, create one by copying the existing
http- web-site.xmland renaming the copy to
- add secure=”true” to the website element
- add the following line inside the web-site element
use the keystore name and password you used when creatiung the certificate
- te port number, to use an available port. The default for SSL is normally 443, but you have to be a super user to use it, I therefore used (4443)
- Save the changes
- It should look something like this
< <?xml version="1.0" standalone="yes"?> <!DOCTYPE web-site PUBLIC "Oracle9iAS XML Web-site" "http://xmlns.oracle.com/ias/dtds/web-site.dtd"> <web-site port="4443" display-name="Oracle9iAS Containers for J2EE HTTP Web Site" secure="true"> <ssl-config keystore="sslfile" keystore-password="simanoel"/> <default -web-app application="default" name="defaultWebApp"/> <web-app application="default" name="dms0" root="/dms0"/> <web-app application="default" name="dms" root="/dmsoc4j"/> <web-app application="udo" name="web" root="/udo"/> <access-log path="../log/http-web-access.log"/>
- Uncomment or add the following line
<web-site path="./secure-web-site.xml" />
- Save the changes
- it will something like:
<?xml version="1.0" standalone="yes"?> <!DOCTYPE application-server PUBLIC "Orion Application Server Config" "http://xmlns.oracle.com/ias/dtds/application-server.dtd"> <application-server application-directory="../applications" deployment-directory="../application-deployments" connector-directory="../connectors"> <rmi-config path="./rmi.xml"/> <jms-config path="./jms.xml"/> <log> <file path="../log/server.log"/> </log> <global-application name="default" path="application.xml"/> <global-web-app-config path="global-web-application.xml"/> <web-site path="./secure-web-site.xml" /> <web-site path="./http-web-site.xml"/> <application name="udo" path="../applications/udo" auto-start="true"/> </application-server>
Restart OC4J. Now OC4J will listen for both SSL request (port 4443) and non-SSL requests (port 8888). In my case the urls would be
You can switch either of them off by removing the corresponding entry in