1. REST API for <ProductName>REST API for Enterprise Communications Broker, Release 4.0.0
  2. Enable HTTPS

Enable HTTPS

The Oracle Enterprise Communications Broker (ECB) REST API only accepts requests over secure HTTPS connections. Unencrypted HTTP requests are rejected with a 426 Upgrade Required. Follow this procedure to enable secure communications between the REST client and the ECB.

Task 1: Generate a Certificate Signing Request on the ECB

After logging in as the admin user on the ECB:

  1. Access the certificate-record configuration element. 
    ORACLE# conf t
ORACLE(configure)# security
ORACLE(security)# certificate-record
ORACLE(certificate-record)#
  2. Supply the details for the certificate you will install on the ECB. 
    ORACLE(certificate-record)# name         example-name
ORACLE(certificate-record)# country      US
ORACLE(certificate-record)# state        MA
ORACLE(certificate-record)# locality     Boston
ORACLE(certificate-record)# organization Engineering
ORACLE(certificate-record)# common-name  Acme
ORACLE(certificate-record)# key-size     2048
ORACLE(certificate-record)# key-algor    ecdsa
  3. Type done to save your configuration. 
    ORACLE(certificate-record)# done
  4. Navigate to the top level of the ACLI. 
    ORACLE(certificate-record)# exit
ORACLE(security)# exit
ORACLE(configure)# exit
ORACLE#
  5. Generate a certificate request. 
    ORACLE# generate-certificate-request example-name
Generating Certificate Signing Request. This can take several minutes....
-----BEGIN CERTIFICATE REQUEST-----
MIICzDCCAbQCAQAwVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1BMRMwEQYDVQQH
EwpCdXJsaW5ndG9uMRQwEgYDVQQKEwtFbmdpbmVlcmluZzENMAsGA1UEAxMEQWNt
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8pu02mJNnEIgjfHR87
CAWpH0r/pTg51gXjDl5Oi/aoaLiDZJHR5REy1OylyY3Ih/jc6E/x8QGJGU5V+sVO
. . .
Bd0WH3fWraUf3PWralTF9xORElk+kqDzZIg3mkSTzCh+cggfpKx7udDh4OhQ3FRi
LaDoX0VeKIvus5QtPjwCLnajfIUIR3gMWmXny0jOYXAd2sf3KFYSZTZYc84VpdGC
CoAeZtTCpKj1/OJY7ukwGE09WTbEHPURghcXDd/LixUSn2mchvy6SQU2gk3LS6Wm
vCnHyFNmcjlnXXZ/TREmbIn1wLDkwZk0stNokBBS9Qtcf4C60JmpjXyza1RXXnBz
-----END CERTIFICATE REQUEST-----
WARNING: Configuration changed, run "save-config" command.
ORACLE#

Task 2: Acquire the Certificate

Send the certificate request to a Certificate Authority (CA). The CA will reply with a certificate for you to install on the ECB.

Task 3: Import the Certificate into the ECB

  1. Execute the import-certificate command.
  2. Paste the certificate into the ACLI, using a semicolon to terminate the certificate. 
    ORACLE# import-certificate try-all example-name

IMPORTANT:
        Please enter the certificate in the PEM format.
        Terminate the certificate with ";" to exit.......
-----BEGIN CERTIFICATE-----
MIIEMDCCAxigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgMAk1BMRMwEQYDVQQHDApCdXJsaW5ndG9uMRQwEgYDVQQKDAtFbmdp
bmVlcmluZzEXMBUGA1UEAwwOQWNtZSBQYWNrZXQgTUExITAfBgkqhkiG9w0BCQEW
EmxhcnJ5LmVAb3JhY2xlLmNvbTAeFw0xODA2MDEyMDU1MzBaFw0yMzA2MDEyMDU1
. . .
OcDuA+9hJpjKqCn51lmH39iHt0oeuwGKrrE919q4SDcEoSCb48gi8zR1hRy2Rfzx
9bsRJ+uFLWpwE88QaZUFviR+CmIBUl1o9Yk3bLOQFmf0DWgHiyy7DOuswVqoF/Xg
rQNY6LB1Nm5e2yQ6ocLQ36S9HNIqewT6iPcf1RWbbf/Ond0QJYJMJV8RZeMD6JcB
ehJMI7/fN6t9A4m3JaknJqYv3qg=
-----END CERTIFICATE-----;
Certificate imported successfully....
WARNING: Configuration changed, run "save-config" command.
ORACLE#

Task 4: Configure TLS

  1. Access the tls-global configuration element. 
    REST# conf t
REST(configure)# security
REST(security)# tls-global
REST(tls-global)#
  2. Select the object and verify that session-caching is disabled and session-cache-timeout is 12. 
    ORACLE(tls-global)# select
ORACLE(tls-global)# show
tls-global
        session-caching                         disabled
        session-cache-timeout                   12
        last-modified-by
        last-modified-date
  3. Type done to save your configuration. 
    ORACLE(tls-global)# done
  4. Access the tls-profile configuration element. 
    ORACLE(tls-global)# exit
ORACLE(security)# tls-profile
ORACLE(tls-profile)#
  5. Give a name to this tls-profile. 
    ORACLE(tls-profile)# name restless
  6. Set end-entity-certificate to the name of the previously configured certificate-record. 
    ORACLE(tls-profile)# end-entity-certificate example-name
  7. Set the TLS version. 
    ORACLE(tls-profile)# tls-version compatibility
  8. Type done to save your configuration.

Enable HTTPS on the ECB Web Server

  1. Access the web-server-config configuration element. 
    ORACLE# co t
ORACLE(configure)# system
ORACLE(system)# web-server-config
ORACLE(web-server-config)#
  2. Select the object and show the parameters. 
    ORACLE(web-server-config)# select
ORACLE(web-server-config)# show
web-server-config
        state                                   enabled
        inactivity-timeout                      5
        http-state                              enabled
        http-port                               80
        https-state                             disabled
        https-port                              443
        http-interface-list                     REST,GUI
        tls-profile
        last-modified-by
        last-modified-date
  3. Set https-state to enabled. 
    ORACLE(web-server-config)# https-state enabled
  4. Set http-interface-list to REST,GUI if using both REST and the GUI or to REST if using REST but not the GUI. 
    ORACLE(web-server-config)# http-interface-list REST,GUI
  5. Set the tls-profile attribute to the name of the previously configured tls-profile configuration element. 
    ORACLE(web-server-config)# tls-profile restless
  6. Type done to save your configuration.

Task 5: Save, Activate, and Reboot

  1. From the top level of the ACLI, save the configuration. 
    ORACLE# save-config
  2. Activate the configuration. 
    ORACLE# activate-config
  3. Reboot the ECB. 
    ORACLE# reboot