自己署名証明書を生成し、ORDSへの接続をHTTPSに変更します。
自己署名証明書の生成
ORDSをインストールする際にプロトコルとしてHTTPSを選択すると、自己署名証明書を使用するか、または証明書と秘密鍵のファイルをそれぞれ指定するか、選択を要求されます。また、ホスト名の設定も要求されます。(以下はords installコマンドでの入力例です。これからの作業では設定ファイルを直接編集します。)
Enter a number to select the protocol
[1] HTTP
[2] HTTPS
Choose [1]: 2
Enter the HTTPS port [8443]:
Enter a number to select the certificate type
[1] Use self-signed certificate (generates automatically)
[2] Use my SSL certificate (requires SSL certificate and SSL certificate private key)
Choose [1]:
Enter the SSL hostname: apex.mydomain.dev
Enter the APEX static resources location: /home/oracle/i
自己署名証明書の使用を選択すると、ORDSが証明書と秘密鍵のファイルを作成し、それらのファイルを使ってORDSがHTTPSで接続の待ち受けを行うように構成されます。
***.***.***.*** apex.mydomain.dev
[root@localhost ~]# systemctl stop ords
[root@localhost ~]#
[root@localhost ~]# su - oracle
Last login: Thu May 18 11:48:18 JST 2023 on pts/0
[oracle@localhost ~]$ cd /etc/ords/config
[oracle@localhost config]$
[oracle@localhost config]$ mkdir global/standalone
[oracle@localhost config]$ cd global/standalone
[oracle@localhost standalone]$
echo "subjectAltName = DNS:apex.mydomain.dev" > san.txt
[oracle@localhost standalone]$ openssl genrsa -out private.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
......................................................+++++
............................................................+++++
e is 65537 (0x010001)
[oracle@localhost standalone]$ openssl req -new -key private.pem -out test.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:.
State or Province Name (full name) []:.
Locality Name (eg, city) [Default City]:.
Organization Name (eg, company) [Default Company Ltd]:.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:apex.mydomain.dev
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[oracle@localhost standalone]$ echo "subjectAltName = DNS:apex.mydomain.dev" > san.txt
[oracle@localhost standalone]$ openssl x509 -req -days 3650 -signkey private.pem -in test.csr -out self-signed.pem -extfile san.txt
Signature ok
subject=C = JP, L = Tokyo, O = Oracle, CN = apex.jp.oracle.com
Getting Private key
[oracle@localhost standalone]$ openssl pkcs8 -topk8 -nocrypt -in private.pem -outform PEM -out self-signed.key
[oracle@localhost standalone]$
ORDSの設定変更
[oracle@localhost ~]$ vi /etc/ords/config/global/settings.xml
[oracle@localhost ~]$
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<comment>Saved on Thu May 18 02:07:03 UTC 2023</comment>
<entry key="database.api.enabled">true</entry>
<entry key="standalone.context.path">/ords</entry>
<entry key="standalone.doc.root">/etc/ords/config/global/doc_root</entry>
<entry key="standalone.https.port">8443</entry>
<entry key="standalone.static.context.path">/i</entry>
<entry key="standalone.static.path">/home/oracle/i/</entry>
</properties>
[root@localhost ~]# systemctl start ords
[root@localhost ~]#
サーバー側の設定は以上で完了です。