Quick and easy SSL in OC4J Standalone

Leon van Tegelen 24
0 0
Read Time:3 Minute, 5 Second

During development it is sometimes necessary to able to run your webapplication under SSL. To obtain a test certificate from verisign can sometimes take a little too much time and effort. Especially when there is a bug waiting to be fixed.

This post describes an easy way to create a certificate yourself using SUN’s keytool and configure OC4J to use it. It originates almost one to one from the Oracle Application Server Containers for J2ee Stand Alone User’s Guide (how about that for a title).

I assume that you have at least JDK 1.3 installed and setup correctly. Make sure that the you set the PATH to include the JDK’s bin directory.


1. Create a certificate

  • Open a command prompt and change directory to the config directory of your OC4J instance
  • type the following:keytool -genkey -keyalg "RSA" -keystore sslfile -storepass simanoel -validity 365

Where:

  1. the keystore option sets the filename where the keys are stored
  2. the storepass option sets the password for the keystore
  3. the validity sets the number of days the certificate is valid

The keytool will prompt several questions to you. Just answer these as you please.
The new keystore file ( sslfile in my case ) is created in the current directory (config in this case)

2 . Setting up OC4J

  • If you don’t already have a secure-web-site.xml file in your OC4J config directory, create one by copying the existing http- web-site.xml and renaming the copy to secure-web-site.xml
  • Edit secure-web-site.xml
    • add secure=”true” to the website element
    • add the following line inside the web-site element

      use the keystore name and password you used when creatiung the certificate

    • te port number, to use an available port. The default for SSL is normally 443, but you have to be a super user to use it, I therefore used (4443)
    • Save the changes
    • It should look something like this
      < <?xml version="1.0" standalone="yes"?>
      <!DOCTYPE web-site PUBLIC "Oracle9iAS XML Web-site" "http://xmlns.oracle.com/ias/dtds/web-site.dtd">
      <web-site port="4443" display-name="Oracle9iAS Containers for J2EE HTTP Web Site" secure="true">
      <ssl-config keystore="sslfile" keystore-password="simanoel"/>
      <default -web-app application="default" name="defaultWebApp"/>
      <web-app application="default" name="dms0" root="/dms0"/>
      <web-app application="default" name="dms" root="/dmsoc4j"/>
      <web-app application="udo" name="web" root="/udo"/>
      <access-log path="../log/http-web-access.log"/>
      

      </>

  • edit server.xml
  • Uncomment or add the following line
       <web-site path="./secure-web-site.xml" />
    
  • Save the changes
  • it will something like:
      <?xml version="1.0" standalone="yes"?>
      <!DOCTYPE application-server PUBLIC "Orion Application Server Config" "http://xmlns.oracle.com/ias/dtds/application-server.dtd">
      <application-server application-directory="../applications" deployment-directory="../application-deployments" connector-directory="../connectors">
        <rmi-config path="./rmi.xml"/>
        <jms-config path="./jms.xml"/>
        <log>
          <file path="../log/server.log"/>
        </log>
        <global-application name="default" path="application.xml"/>
        <global-web-app-config path="global-web-application.xml"/>
        <web-site path="./secure-web-site.xml" />
        <web-site path="./http-web-site.xml"/>
        <application name="udo" path="../applications/udo" auto-start="true"/>
    </application-server>
    

Restart OC4J. Now OC4J will listen for both SSL request (port 4443) and non-SSL requests (port 8888). In my case the urls would be

  • http://localhost:8888/udo/
  • https://localhost:4443/udo/

You can switch either of them off by removing the corresponding entry in server.xml

About Post Author

Leon van Tegelen

Consultant at AMIS
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

24 thoughts on “Quick and easy SSL in OC4J Standalone

  1.  

     

     

    Hi I have enabled SSL in oc4j but getting null pointer exception in client. The code is given below java.security.cert.X509Certificate[] ClientCertificates = (java.security.cert.X509Certificate[])request.getAttribute(

    “javax.servlet.request.X509Certificate”);
     

     

     

     

    for

     

     
    (int i=0;i<ClientCertificates.length

    ;i++)
    {
    user_cert = (X509Certificate) ClientCertificates[i];
    }

  2. Hey, way cool! Had to play around with the XML config files a bit, but finally got it working with JDev 10.1.3.5. Make sure your “” statement in secure-web-site.xml is the same as the one in default-web-site.xml. Note that the config files are located in folder “..\embedded-oc4j\config”

  3. Just a comment in case someone else runs into trouble. When using the keystore tool, there are two passwords, if you do not enter the same password for both, you may get “”Cannot recover key” errors when deploying your application. Thanks for the instructions!

  4. Hi,
    This setting works in my jdeveloper version 10.1.3.0…
    Now i already migrates my application using version 10.1.3.1 and suddenly jdeveloper found an error…(handshake alert: no_certificate)
    so it’s a bug or what in jdeveloper?

  5. I resolved the problem, my http-web-site.xml is :

    < ?xml version="1.0" ?>
    < !DOCTYPE web-site (View Source for full doctype...)>





    secure-web-site.xml:

    < ?xml version="1.0" standalone="yes" ?>web-site (View Source for full doctype…)>






    server.xml:

    < ?xml version="1.0" ?>application-server (View Source for full doctype…)>






    application name=”default” path=”application.xml”/>






  6. Hi, I’ve the same problem using standalone OC4J provided with JDeveloper.

    please help us …

    Thanks, Rem

  7. I did what you have explained in the article but I have this problem :

    Error starting HTTP-Server: Unable to intialize SSLServerSocketFactory ‘com.ever
    mind.server.JSSESSLServerSocketFactory’: com.evermind.server.JSSESSLServerSocket
    Factory

    What was wrong ????
    Someone can help me ????

  8. The article was simple great 🙂 It helped me save a lot of time in setting up an SSL environment for OC4J.

  9. Bingo !! That was exactly what I wanted.. Amazing thing is that you have explained everything soooooooo clearly that
    everything goes fine… well done (Y)

  10. Thanks very much yours steps have already help me to get a easy way to build a ssl certificate in oc4j.

  11. Hello,

    wenn I set in ssl-config from secure-web-site.xml needs-client-auth=”true”,
    I get no login window and the exception:
    handling exception: javax.net.ssl.SSLHandshakeException: null cert chain.
    Without needs-client-auth the application runs.

    Have you an ideea why?

    Thanks a lot.

    dragan-sassler

  12. Your this comment help me lot in configuring the SSL in Oracle 9i App. Server.
    just gr8!!! Documentation.
    thank yuo very mcuh for providing this kind of gr8! help.

    cheers!
    Chirag from India

  13. Leon,
    You may not know where Bulgaria is, but you sure helped a guy form there (namely me ;->) with your OC4J+SSL howto. Thank you very much.

Comments are closed.

Next Post

SchemaSurf (Freeware) - Browser based tool to navigate the database

Perhaps SchemaSurf from Cobblesoft – FREEWARE – is worth a little investigation. SchemaSurfTM is a browser-based tool for querying your Oracle database schemas. Unlike most other tools, SchemaSurf does not rely upon SQL*Net and, therefore, can be accessed from anywhere in the world. In addition to providing quick and easy […]
%d bloggers like this: