I was using using REST adapter where I was trying to connect Database using ORDS/REST.
On creating an Connection using OIC/ICS, I was getting the below error during Test Connection
CA SDK-0003 :
Unable to parse the resource, https://IP.
Verify that URL is reachable, can be parsed and credentials if required are
accurate java.security.cert.CertificateException: No subject alternative names
present No subject alternative names present
Resolution.
On close examination, I saw the property subject alternative name not present in the certificate which I downloaded from the ORDS rest service.
To overcome this I created an self signed certificate and made sure that this property is created as part of the certificate. The next few commands was using on Oracle Database cloud cloud service machine.
cd /u01/app/oracle/product/ords/conf/ords/standalone
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048 -ext san=ip:<ORDS_IP_Address>
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12
openssl pkcs12 -in keystore.p12 -nokeys -out cert.pem
openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.pem
openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out server.key -nocrypt
keytool -export -alias selfsigned -keystore keystore.jks -rfc > server.cer
Once you run the above commands
modify standalone.properties file at /u01/app/oracle/product/ords/conf/ords/standalone
Edit the following lines:
ssl.cert=/u01/app/oracle/product/ords/conf/ords/standalone/server.crt
ssl.cert.key=/u01/app/oracle/product/ords/conf/ords/standalone/server.key
/etc/init.d/ords restart
Once done, upload your certificate into OIC store and you should be good to go.
No comments:
Post a Comment