Quick and easy SSL in OC4J Standalone html

Quick and easy SSL in OC4J Standalone

During development it is sometimes necessary to able to run your webapplication under SSL. To obtain a test certificate from verisign can sometimes take a little too much time and effort. Especially when there is a bug waiting to be fixed.

This post describes an easy way to create a certificate yourself using SUN’s keytool and configure OC4J to use it. It originates almost one to one from the Oracle Application Server Containers for J2ee Stand Alone User’s Guide (how about that for a title).

I assume that you have at least JDK 1.3 installed and setup correctly. Make sure that the you set the PATH to include the JDK’s bin directory.


1. Create a certificate

  • Open a command prompt and change directory to the config directory of your OC4J instance
  • type the following:keytool -genkey -keyalg "RSA" -keystore sslfile -storepass simanoel -validity 365

Where:

  1. the keystore option sets the filename where the keys are stored
  2. the storepass option sets the password for the keystore
  3. the validity sets the number of days the certificate is valid

The keytool will prompt several questions to you. Just answer these as you please.
The new keystore file ( sslfile in my case ) is created in the current directory (config in this case)

2 . Setting up OC4J

  • If you don’t already have a secure-web-site.xml file in your OC4J config directory, create one by copying the existing http- web-site.xml and renaming the copy to secure-web-site.xml
  • Edit secure-web-site.xml
    • add secure=”true” to the website element
    • add the following line inside the web-site element

      use the keystore name and password you used when creatiung the certificate

    • te port number, to use an available port. The default for SSL is normally 443, but you have to be a super user to use it, I therefore used (4443)
    • Save the changes
    • It should look something like this
      < <?xml version="1.0" standalone="yes"?>
      <!DOCTYPE web-site PUBLIC "Oracle9iAS XML Web-site" "http://xmlns.oracle.com/ias/dtds/web-site.dtd">
      <web-site port="4443" display-name="Oracle9iAS Containers for J2EE HTTP Web Site" secure="true">
      <ssl-config keystore="sslfile" keystore-password="simanoel"/>
      <default -web-app application="default" name="defaultWebApp"/>
      <web-app application="default" name="dms0" root="/dms0"/>
      <web-app application="default" name="dms" root="/dmsoc4j"/>
      <web-app application="udo" name="web" root="/udo"/>
      <access-log path="../log/http-web-access.log"/>
      

      </>

  • edit server.xml
  • Uncomment or add the following line
       <web-site path="./secure-web-site.xml" />
    
  • Save the changes
  • it will something like:
      <?xml version="1.0" standalone="yes"?>
      <!DOCTYPE application-server PUBLIC "Orion Application Server Config" "http://xmlns.oracle.com/ias/dtds/application-server.dtd">
      <application-server application-directory="../applications" deployment-directory="../application-deployments" connector-directory="../connectors">
        <rmi-config path="./rmi.xml"/>
        <jms-config path="./jms.xml"/>
        <log>
          <file path="../log/server.log"/>
        </log>
        <global-application name="default" path="application.xml"/>
        <global-web-app-config path="global-web-application.xml"/>
        <web-site path="./secure-web-site.xml" />
        <web-site path="./http-web-site.xml"/>
        <application name="udo" path="../applications/udo" auto-start="true"/>
    </application-server>
    

Restart OC4J. Now OC4J will listen for both SSL request (port 4443) and non-SSL requests (port 8888). In my case the urls would be

  • http://localhost:8888/udo/
  • https://localhost:4443/udo/

You can switch either of them off by removing the corresponding entry in server.xml

22 Comments

  1. tintu November 18, 2010
  2. Kenan Kara January 7, 2010
  3. Robert October 3, 2009
  4. Jerry Russell May 9, 2008
  5. SMLG January 23, 2008
  6. TAB May 28, 2007
  7. hasnath October 31, 2006
  8. Gianluca Vannozzi September 9, 2005
  9. Gianluca Vannozzi September 9, 2005
  10. Rem September 9, 2005
  11. Gianluca Vannozzi September 9, 2005
  12. Vivek August 29, 2005
  13. Nilesh Ghorpade July 12, 2005
  14. Matt July 7, 2005
  15. Pingback: Quick and easy SSL in OC4J Standalone June 12, 2005
  16. Pingback: Quick and easy SSL in OC4J Standalone June 9, 2005
  17. Bois May 13, 2005
  18. Carla Ribeiro May 9, 2005
  19. Alessandro May 4, 2005
  20. Naveed Zafar May 3, 2005
  21. gaizka April 19, 2005
  22. Dragan-Sassler February 24, 2005
  23. chirag gandhi February 17, 2005
  24. al_shopov January 12, 2005