During development it is sometimes necessary to able to run your webapplication under SSL. To obtain a test certificate from verisign can sometimes take a little too much time and effort. Especially when there is a bug waiting to be fixed.
This post describes an easy way to create a certificate yourself using SUN’s keytool and configure OC4J to use it. It originates almost one to one from the Oracle Application Server Containers for J2ee Stand Alone User’s Guide (how about that for a title).
I assume that you have at least JDK 1.3 installed and setup correctly. Make sure that the you set the PATH to include the JDK’s bin directory.
1. Create a certificate
- Open a command prompt and change directory to the config directory of your OC4J instance
- type the following:
keytool -genkey -keyalg "RSA" -keystore sslfile -storepass simanoel -validity 365
Where:
- the keystore option sets the filename where the keys are stored
- the storepass option sets the password for the keystore
- the validity sets the number of days the certificate is valid
The keytool will prompt several questions to you. Just answer these as you please.
The new keystore file ( sslfile in my case ) is created in the current directory (config in this case)
2 . Setting up OC4J
- If you don’t already have a
secure-web-site.xmlfile in your OC4J config directory, create one by copying the existinghttp- web-site.xmland renaming the copy tosecure-web-site.xml - Edit
secure-web-site.xml- add secure=”true” to the website element
- add the following line inside the web-site element
use the keystore name and password you used when creatiung the certificate
- te port number, to use an available port. The default for SSL is normally 443, but you have to be a super user to use it, I therefore used (4443)
- Save the changes
- It should look something like this
< <?xml version="1.0" standalone="yes"?> <!DOCTYPE web-site PUBLIC "Oracle9iAS XML Web-site" "http://xmlns.oracle.com/ias/dtds/web-site.dtd"> <web-site port="4443" display-name="Oracle9iAS Containers for J2EE HTTP Web Site" secure="true"> <ssl-config keystore="sslfile" keystore-password="simanoel"/> <default -web-app application="default" name="defaultWebApp"/> <web-app application="default" name="dms0" root="/dms0"/> <web-app application="default" name="dms" root="/dmsoc4j"/> <web-app application="udo" name="web" root="/udo"/> <access-log path="../log/http-web-access.log"/>
</>
- edit
server.xml
- Uncomment or add the following line
<web-site path="./secure-web-site.xml" />
- Save the changes
- it will something like:
<?xml version="1.0" standalone="yes"?> <!DOCTYPE application-server PUBLIC "Orion Application Server Config" "http://xmlns.oracle.com/ias/dtds/application-server.dtd"> <application-server application-directory="../applications" deployment-directory="../application-deployments" connector-directory="../connectors"> <rmi-config path="./rmi.xml"/> <jms-config path="./jms.xml"/> <log> <file path="../log/server.log"/> </log> <global-application name="default" path="application.xml"/> <global-web-app-config path="global-web-application.xml"/> <web-site path="./secure-web-site.xml" /> <web-site path="./http-web-site.xml"/> <application name="udo" path="../applications/udo" auto-start="true"/> </application-server>
Restart OC4J. Now OC4J will listen for both SSL request (port 4443) and non-SSL requests (port 8888). In my case the urls would be
- http://localhost:8888/udo/
- https://localhost:4443/udo/
You can switch either of them off by removing the corresponding entry in server.xml
Â
Â
Â
Hi I have enabled SSL in oc4j but getting null pointer exception in client. The code is given below java.security.cert.X509Certificate[] ClientCertificates = (java.security.cert.X509Certificate[])request.getAttribute(
“javax.servlet.request.X509Certificate”);
Â
Â
Â
Â
for
Â
Â
(int i=0;i<ClientCertificates.length
;i++)
{
user_cert = (X509Certificate) ClientCertificates[i];
}
Thanks for installation tips, it works!
Hey, way cool! Had to play around with the XML config files a bit, but finally got it working with JDev 10.1.3.5. Make sure your “” statement in secure-web-site.xml is the same as the one in default-web-site.xml. Note that the config files are located in folder “..\embedded-oc4j\config”
Just a comment in case someone else runs into trouble. When using the keystore tool, there are two passwords, if you do not enter the same password for both, you may get “”Cannot recover key” errors when deploying your application. Thanks for the instructions!
Hi, does any body has solved TAB’s problem?, help help
Hi,
This setting works in my jdeveloper version 10.1.3.0…
Now i already migrates my application using version 10.1.3.1 and suddenly jdeveloper found an error…(handshake alert: no_certificate)
so it’s a bug or what in jdeveloper?
may God bless .wat a simple and easy way to enable SSL
I resolved the problem, my http-web-site.xml is :
< ?xml version="1.0" ?>
< !DOCTYPE web-site (View Source for full doctype...)>
–
secure-web-site.xml:
< ?xml version="1.0" standalone="yes" ?>web-site (View Source for full doctype…)>
–
server.xml:
< ?xml version="1.0" ?>application-server (View Source for full doctype…)>
–
–
I have resolved the problem if you want I can send you the files I modified.
Hi, I’ve the same problem using standalone OC4J provided with JDeveloper.
please help us …
Thanks, Rem
I did what you have explained in the article but I have this problem :
Error starting HTTP-Server: Unable to intialize SSLServerSocketFactory ‘com.ever
mind.server.JSSESSLServerSocketFactory’: com.evermind.server.JSSESSLServerSocket
Factory
What was wrong ????
Someone can help me ????
It is very good and really helpful for a newbie like me.
The article was simple great 🙂 It helped me save a lot of time in setting up an SSL environment for OC4J.
How do you set SSL by directory level? For example I want the root directory (http://localhost:8888/wwwroot) to be http only but a directory under this to be https only (ex: https://localhost:4443/wwwroot/secure)
Simply : Very helpful..quick and easy…congratulations
When I type https://:4443/:4443/
Excelent !
Bingo !! That was exactly what I wanted.. Amazing thing is that you have explained everything soooooooo clearly that
everything goes fine… well done (Y)
Thanks very much yours steps have already help me to get a easy way to build a ssl certificate in oc4j.
Hello,
wenn I set in ssl-config from secure-web-site.xml needs-client-auth=”true”,
I get no login window and the exception:
handling exception: javax.net.ssl.SSLHandshakeException: null cert chain.
Without needs-client-auth the application runs.
Have you an ideea why?
Thanks a lot.
dragan-sassler
Your this comment help me lot in configuring the SSL in Oracle 9i App. Server.
just gr8!!! Documentation.
thank yuo very mcuh for providing this kind of gr8! help.
cheers!
Chirag from India
Leon,
You may not know where Bulgaria is, but you sure helped a guy form there (namely me ;->) with your OC4J+SSL howto. Thank you very much.