Implement SSL on Oracle APEX site - Lets Encrypt or sslforfree.com
Securing Oracle Apex applications sites
Implementation of SSL on APEX22.1 is made simple. You can use self generate SSL certificate, use free Lets Encrypt/any free certificate provider or buy one from any SSL certificate provider. Initial steps to generate are different are all methods.
Here is the link to generate and implement the self signed certificate. https://oracle-base.com/articles/misc/oracle-rest-data-services-ords-standalone-mode-22-onward
If you are using self signed certificate the data transferred are encrypted but you still receive message that site is insecure, this can be used for development environment.
In this article we will show step to implement free ssl using https://www.sslforfree.com/ The certificate is generated for 3 months but renewal is just one click away. The steps involved are
1. Generate a Certificate and private Key
2. Convert .cer and .key to .der format.
3. Copy them on database server.
4. Update ORDS setting.xml with certificate path
Generate Certificate-
Create a new account with : www.sslforfree.com Click on New Certificate.
Follow the steps, under validity choose 3 month for free.
Your certificate will be generated but it needs to be verify. use any og the three methods. the firat method sends email to domain admin contact. This is the simple method and check the email account and verify by clicking the link provided in the email.
Download the certificate from dashboard.
Certificate will be downloaded in as a zip file with 3 files inside
Now you need to convert certificate.crt file to der format. using https://www.sslshopper.com/ssl-converter.html. or use OpenSSL
The above site does not allow you to convert .key file to .der file use OpenSSL command on Linux server to convert .key file to .der file.
Go to your database server
openssl pkcs8 -topk8 -inform PEM -outform DER -in openclouderp.com.key -out openclouderp.com.key.der -nocrypt
Open setting.xml
add 3 key enteries following
<entry key="standalone.https.cert">/home/ords-run/conf/global/ssl/OpencloudERP.com.der</entry>
<entry key="standalone.https.cert.key">/home/ords-run/conf/global/ssl/openclouderp.com.key.der</entry>
<entry key="standalone.https.port">8443</entry>
You can also set parameter by using following commands
ords --config ${ORDS_CONFIG} config set standalone.https.port 8443
ords --config ${ORDS_CONFIG} config set standalone.https.cert /<<yourpathtoderCRTfile>>
ords --config ${ORDS_CONFIG} config set standalone.https.cert.key /<<yourpathtoderCRTfile>>
Final step
stop ORDS service and restart using ords --config ${ORDS_CONFIG} serve