Enable HTTPS
The Oracle Enterprise Communications Broker (ECB) REST API only accepts requests over secure HTTPS connections. Unencrypted HTTP requests are rejected with a 426 Upgrade Required. Follow this procedure to enable secure communications between the REST client and the ECB.
Task 1: Generate a Certificate Signing Request on the ECB
After logging in as the admin user on the ECB:
- Access the certificate-record configuration element. ORACLE# conf t ORACLE(configure)# security ORACLE(security)# certificate-record ORACLE(certificate-record)#
- Supply the details for the certificate you will install on the ECB. ORACLE(certificate-record)# name restless ORACLE(certificate-record)# country US ORACLE(certificate-record)# state MA ORACLE(certificate-record)# locality Boston ORACLE(certificate-record)# organization Engineering ORACLE(certificate-record)# common-name Acme ORACLE(certificate-record)# key-size 4096 ORACLE(certificate-record)# key-algor ecdsa
- Type done to save your configuration. ORACLE(certificate-record)# done
- Navigate to the top level of the ACLI. ORACLE(certificate-record)# quit ORACLE#
- Generate a certificate request. ORACLE# generate-certificate-request restless Generating Certificate Signing Request. This can take several minutes.... -----BEGIN CERTIFICATE REQUEST----- MIIBPTCB5QIBADBQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcM BkJvc3RvbjEUMBIGA1UECgwLRW5naW5lZXJpbmcxDTALBgNVBAMMBEFjbWUwWTAT BgcqhkjOPQIBBggqhkjOPQMBBwNCAARycOclOeAiDutZtSjFMnFEICB71DWDGeG9 . . . hvcNAQkOMSQwIjALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYI KoZIzj0EAwIDRwAwRAIgSIXIgYmjUvzQE8bP43WLYt89TWj8dw2G9A70cPbkpdsC IAd70mq6ejgfBkeq9XDkqqhc6jk0SaYo1wPC09OuphFF -----END CERTIFICATE REQUEST----- WARNING: Configuration changed, run "save-config" command. ORACLE#
Task 2: Acquire the Certificate
Send the certificate request to a Certificate Authority (CA). The CA will reply with a certificate for you to install on the ECB.
Task 3: Import the Certificate into the ECB
- Execute the import-certificate command.
- Paste the certificate into the ACLI, using a semicolon to terminate the certificate. ORACLE# import-certificate try-all restless IMPORTANT: Please enter the certificate in the PEM format. Terminate the certificate with ";" to exit....... -----BEGIN CERTIFICATE----- MIIEMDCCAxigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMCVVMx CzAJBgNVBAgMAk1BMRMwEQYDVQQHDApCdXJsaW5ndG9uMRQwEgYDVQQKDAtFbmdp bmVlcmluZzEXMBUGA1UEAwwOQWNtZSBQYWNrZXQgTUExITAfBgkqhkiG9w0BCQEW EmxhcnJ5LmVAb3JhY2xlLmNvbTAeFw0xODA2MDEyMDU1MzBaFw0yMzA2MDEyMDU1 . . . OcDuA+9hJpjKqCn51lmH39iHt0oeuwGKrrE919q4SDcEoSCb48gi8zR1hRy2Rfzx 9bsRJ+uFLWpwE88QaZUFviR+CmIBUl1o9Yk3bLOQFmf0DWgHiyy7DOuswVqoF/Xg rQNY6LB1Nm5e2yQ6ocLQ36S9HNIqewT6iPcf1RWbbf/Ond0QJYJMJV8RZeMD6JcB ehJMI7/fN6t9A4m3JaknJqYv3qg= -----END CERTIFICATE-----; Certificate imported successfully.... WARNING: Configuration changed, run "save-config" command. ORACLE#
Task 4: Configure TLS
- Access the tls-global configuration element. REST# conf t REST(configure)# security REST(security)# tls-global REST(tls-global)#
- Select the object and verify that session-caching is disabled and session-cache-timeout is 12. ORACLE(tls-global)# select ORACLE(tls-global)# show tls-global session-caching disabled session-cache-timeout 12 diffie-hellman-key-size DH_KeySize_2048 last-modified-by last-modified-date
- Type done to save your configuration. ORACLE(tls-global)# done
- Access the tls-profile configuration element. ORACLE(tls-global)# exit ORACLE(security)# tls-profile ORACLE(tls-profile)#
- Give a name to this tls-profile. ORACLE(tls-profile)# name rest-profile
- Set end-entity-certificate to the name of the previously configured certificate-record. ORACLE(tls-profile)# end-entity-certificate restless
- Set the TLS version. ORACLE(tls-profile)# tls-version tlsv12
- Type done to save your configuration.
Task 5: Enable HTTPS on the HTTP Server
- Access the multi-instance http-server configuration element. ORACLE# co t ORACLE(configure)# system ORACLE(system)# http-server ORACLE(http-server)#
- Create a name for this http-server instance. ORACLE(http-server)# name rest-server
- Set the state and https-state parameters to enabled. ORACLE(http-server)# state enabledORACLE(http-server)# https-state enabled
- Set the HTTPS port. ORACLE(http-server)# https-port 443
- Set http-interface-list to REST,GUI. ORACLE(http-server)# http-interface-list REST
- Set the tls-profile attribute to the name of the previously configured tls-profile configuration element. ORACLE(http-server)# tls-profile rest-profile
- Type done to save your configuration.
Task 6: Save, Activate, and Reboot
- From the top level of the ACLI, save the configuration. ORACLE# save-config
- Activate the configuration. ORACLE# activate-config
- Reboot the ECB. ORACLE# reboot
After the ECB reboots, you can authenticate to the ECB.