Apex: upgrading Apex to 18.2, Ords to 18.3

Apex 18.2 and Ords 18.3 are now available.

To upgrade these versions in place, for example on an OCI DBsystem, from respectively Apex 18.1 and Ords 18.2:

#1 Download and unzip apex 18.3 in the n/u01/app/oracle/product/apex/18.3


#2 Upgrade apex

cd /u01/app/oracle/product/apex/18.3
sqlplus / as sysdba <<EOF


#3 Change the images symbolic links (quite convenient to handle periodic upgrades)

cd /u01/app/oracle/product/apex/latest
rm images
ln -s ../18.3/images images


#4 Download and unzip the ORDS zip file in the newly created directory



#5 Upgrade the params files

cd /u01/app/oracle/product/ords/18.3/params
cp /u01/app/oracle/product/ords/18.2/params/* .


#6 Upgrade the config directory

cd /u01/app/oracle/product/ords/18.3
java -jar ords.war configdir /u01/app/oracle/product/ords/config


#7 Upgrade the ORDS schema

cd /u01/app/oracle/product/ords/18.3
java -jar ords.war

The end of the process should start the ords server


SQL Developer: Rest Development connection setup to DBCS and https

There are two possible hiccups with the setup of “Rest Development” with SQL Developer 18c, when trying to connect to some https respoint, for example running on a DBcs on OCI.

#1 PKIX path building failed trying to connect after https is specified, basically getting the the error below trying to connect to a RestData service:

Cannot connect to <XX>.
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


The Solution is to add the destination server certificate to the cacerts file from the Java JDK embedded with SQL Developer, for example:



At this point, the easiest  is to transfer that certificate file on Linux and run the following command before transferring it back to Windows.

$ORACLE_HOME/jdk/jre/bin/keytool -storepass changeit -import -trustcacerts -keystore cacerts -file <mycertificate> -alias "myalias"


#2 Invalid resource owner credentials during login

The username to be specified is a special user that one can create from the compute instance running ORDS:

cd /u01/app/oracle/product/ords/18.2
cd /u01/app/oracle/product/ords/18.3


java -jar ords.war user ords_dev   "SQL Developer"
java -jar ords.war user ords_admin "Listener Administrator"

The command above will store these credentials in the ORDS configuration directory, where the user_name will be specified in clear, for example


Then use ords_dev or ords_admin to connect to the restful admin service to either develop new services or administer the service


Note that when upgrading from Apex 18.1 to 18.2, this is a matter to copy the cacerts file into the new SQLdev directory.

OCI: ORDS 18.x redirection and logging

The tips below are applicable for ORDS 18.x standalone, for example after a deployment on an OCI dbsystem.

#1 To configure the access.log, update the file standalone.properties available from the /u01/app/oracle/product/ords/config/ords/standalone/standalone.properties configuration file to add the following property


Where /tmp/ords is going to be a directory that will hold the daily logfiles. Then restart the ords standalone process.


#2 To implement some redirect for the internal ords port to be accessible from the standard https port 443, instead of the native port 8443, create the file https (for example) in /etc/xinetd.d, with the following content:

service jetty-https
disable = no
socket_type = stream
protocol = tcp
wait = no
redirect = localhost 8443
port = 443
user = nobody

Then restart the xinetd.d service

service xinetd restart

Check that the firewall and the ingress rules allow inbound access to 443.

OCI: Implement a certificate for ORDS

To implement a certificate on a running DBCS instance running on OCI classic, you need:

  • The combined certificate combined.cer, in pem format
  • The certificate private key privatekey.txt, in pem format


Navigate in the ORDS configuration directory

cd /u01/app/oracle/product/ords/conf/ords/standalone


Convert the key into a pkcs8 format:

openssl pkcs8 -topk8 -inform pem -outform der -in privatekey.txt -out privatekey_pkcs8.der -nocrypt


Now reference the certificate concatenated with the intermediate certificate IN THIS ORDER, and the certificate key in pkcs8 format from the configuration file standalone.properties

#Fri Feb 02 18:30:47 UTC 2017


Restart now the ORDS service

sudo /etc/init.d/ords restart