ORDS: Implement a certificate

To implement a certificate on a running DBCS instance running on OCI classic, you need:

  • The combined certificate combined.cer, in pem format
  • The certificate private key privatekey.txt, in pem format

Navigate in the ORDS configuration directory

cd /u01/app/oracle/product/ords/conf/ords/standalone

Convert the key into a pkcs8 format:

openssl pkcs8 -topk8 -inform pem -outform der -in privatekey.txt -out privatekey_pkcs8.der -nocrypt

Now reference the certificate concatenated with the intermediate certificate IN THIS ORDER, and the certificate key in pkcs8 format from the configuration file standalone.properties

#Fri Feb 02 18:30:47 UTC 2017
jetty.port=8080
jetty.secure.port=8181
ssl.cert=/u01/app/oracle/product/ords/conf/ords/standalone/combined.cer
ssl.cert.key=/u01/app/oracle/product/ords/conf/ords/standalone/privatekey_pkcs8.key
ssl.host=<hostname>
standalone.context.path=/ords
standalone.doc.root=/u01/app/oracle/product/ords/conf/ords/standalone/doc_root
standalone.scheme.do.not.prompt=true
standalone.static.context.path=/i
standalone.static.do.not.prompt=true

Restart now the ORDS service

sudo /etc/init.d/ords restart