ORDS SSL Standalone

Coding

Oracle APEX/REST

ORDS

ORDS SSL

You will need a private key and a certificate (in DER format). The certificate can be self-signed for testing.

The suggested location for the certificate/key files is /home/oracle/keystore

ssl

vi /u01/app/ords/conf/ords/standalone/standalone.properties

Append the following...

# SSL Confile

jetty.secure.port=8443

ssl.cert=/home/oracle/keystore/ordscert.der

ssl.cert.key=/home/oracle/keystore/ordskey.der

ssl.host=delphi

NOTE: Remember to open the jetty.secure.port in your firewall

Firewall

Restart ORDS

/u01/dba/ords/scripts/stop_ords.sh

/u01/dba/ords/scripts/start_ords.sh

AIX

There are issues running standalone ORDS with SSL on AIX due to all IBM cipher suite names begin with SSL_ even though the RFC standard says some should begin with TLS_. Jetty auto excludes names beginning with SSL (Our exclusion of ^SSL_.*$ is to comply with our stated goal of being up to date with industry practices of not allowing use of vulnerable Cipher Suites). It is possible to override this in a standard Jetty install but the way Oracle have embedded Jetty into the ords.war file makes this very difficult to address. (Theoretically you could extract the WAR file contents, update the config, and recreate the WAR file, but this feels too risky for a production environment).

https://github.com/eclipse/jetty.project/issues/2921 https://stackoverflow.com/questions/58857846/is-there-a-way-to-make-the-ibm-jvm-use-standard-rfc-cipher-suite-names

Bibliography

https://oracle-base.com/articles/misc/oracle-rest-data-services-ords-standalone-modehttp://krisrice.io/2018-05-09-ORDS-and-lets_encrypt/ https://mikesmithers.wordpress.com/2019/03/01/installing-apex-and-ords-on-oracle-18cxe-on-centos/#more-7855 https://github.com/eclipse/jetty.project/issues/2921 (SSL on AIX)https://stackoverflow.com/questions/58857846/is-there-a-way-to-make-the-ibm-jvm-use-standard-rfc-cipher-suite-names

How to Implement SSL with a Recognized Certificate Authority SSL Server Certificate with ORDS Standalone 3.0.5 and Higher (Doc ID 2156766.1) Can One Use 'Wildcard Domain Certificates' With Standalone ORDS Deploy In SSL Mode (Doc ID 2674278.1) How to Check the SSL Version Used in ORDS of DBCS (OCIC) (Doc ID 2566721.1)