1. REST API for the Session Border ControllerREST API for Session Border Controller, Enterprise Session Border Controller, and Subscriber-Aware Load Balancer, Release 8.4.0
  2. Enable HTTPS

Enable HTTPS

The Oracle Communications Session Border Controller (SBC) REST API only accepts requests over secure HTTPS connections. Unencrypted HTTP requests are rejected with a 426 Upgrade Required. Follow this procedure to enable secure communications between the REST client and the SBC.

Task 1: Generate a Certificate Signing Request on the SBC

After logging in as the admin user on the SBC:

  1. Access the certificate-record configuration element. 
    ORACLE# conf t
ORACLE(configure)# security
ORACLE(security)# certificate-record
ORACLE(certificate-record)#
  2. Supply the details for the certificate you will install on the SBC. 
    
ORACLE(certificate-record)# name restless
ORACLE(certificate-record)# country US
ORACLE(certificate-record)# state MA
ORACLE(certificate-record)# locality Boston
ORACLE(certificate-record)# organization Engineering
ORACLE(certificate-record)# common-name Acme
ORACLE(certificate-record)# key-size 4096 
ORACLE(certificate-record)# key-algor ecdsa
  3. Type done to save your configuration. 
    ORACLE(certificate-record)# done
  4. Navigate to the top level of the ACLI. 
    ORACLE(certificate-record)# exit
ORACLE(security)# exit
ORACLE(configure)# exit
ORACLE#
  5. Generate a certificate request. 
    ORACLE# generate-certificate-request restless
Generating Certificate Signing Request. This can take several minutes....

-----BEGIN CERTIFICATE REQUEST-----
MIIBPTCB5QIBADBQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcM
BkJvc3RvbjEUMBIGA1UECgwLRW5naW5lZXJpbmcxDTALBgNVBAMMBEFjbWUwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAARycOclOeAiDutZtSjFMnFEICB71DWDGeG9
. . .
hvcNAQkOMSQwIjALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYI
KoZIzj0EAwIDRwAwRAIgSIXIgYmjUvzQE8bP43WLYt89TWj8dw2G9A70cPbkpdsC
IAd70mq6ejgfBkeq9XDkqqhc6jk0SaYo1wPC09OuphFF
-----END CERTIFICATE REQUEST-----

WARNING: Configuration changed, run "save-config" command.
ORACLE#

Task 2: Acquire the Certificate

Send the certificate request to a Certificate Authority (CA). The CA will reply with a certificate for you to install on the SBC.

Task 3: Import the Certificate into the SBC

  1. Execute the import-certificate command.
  2. Paste the certificate into the ACLI, using a semicolon to terminate the certificate. 
    ORACLE# import-certificate try-all restless

IMPORTANT:
        Please enter the certificate in the PEM format.
        Terminate the certificate with ";" to exit.......
-----BEGIN CERTIFICATE-----
MIIEMDCCAxigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgMAk1BMRMwEQYDVQQHDApCdXJsaW5ndG9uMRQwEgYDVQQKDAtFbmdp
bmVlcmluZzEXMBUGA1UEAwwOQWNtZSBQYWNrZXQgTUExITAfBgkqhkiG9w0BCQEW
EmxhcnJ5LmVAb3JhY2xlLmNvbTAeFw0xODA2MDEyMDU1MzBaFw0yMzA2MDEyMDU1
. . .
OcDuA+9hJpjKqCn51lmH39iHt0oeuwGKrrE919q4SDcEoSCb48gi8zR1hRy2Rfzx
9bsRJ+uFLWpwE88QaZUFviR+CmIBUl1o9Yk3bLOQFmf0DWgHiyy7DOuswVqoF/Xg
rQNY6LB1Nm5e2yQ6ocLQ36S9HNIqewT6iPcf1RWbbf/Ond0QJYJMJV8RZeMD6JcB
ehJMI7/fN6t9A4m3JaknJqYv3qg=
-----END CERTIFICATE-----;
Certificate imported successfully....
WARNING: Configuration changed, run "save-config" command.
ORACLE#

Task 4: Configure TLS

  1. Access the tls-global configuration element. 
    REST# conf t
REST(configure)# security
REST(security)# tls-global
REST(tls-global)#
  2. Select the object and verify that session-caching is disabled and session-cache-timeout is 12. 
    ORACLE(tls-global)# select
ORACLE(tls-global)# show
tls-global
        session-caching                         disabled
        session-cache-timeout                   12
        last-modified-by
        last-modified-date
  3. Type done to save your configuration. 
    ORACLE(tls-global)# done
  4. Access the tls-profile configuration element. 
    ORACLE(tls-global)# exit
ORACLE(security)# tls-profile
ORACLE(tls-profile)#
  5. Give a name to this tls-profile. 
    ORACLE(tls-profile)# name rest-profile
  6. Set end-entity-certificate to the name of the previously configured certificate-record. 
    ORACLE(tls-profile)# end-entity-certificate restless
  7. Set the TLS version. 
    ORACLE(tls-profile)# tls-version compatibility
  8. Type done to save your configuration.

Enable HTTPS on the SBC Web Server

  1. Access the multi-instance http-server configuration element. 
    ORACLE# co t
ORACLE(configure)# system
ORACLE(system)# http-server 
ORACLE(http-server)#
  2. Create a name for this http-server instance. 
    ORACLE(http-server)# name rest-server
  3. Set the state and https-state parameters to enabled. 
    ORACLE(http-server)# state enabled
    ORACLE(http-server)# https-state enabled
  4. Set the HTTPS port. 
    ORACLE(http-server)# https-port 443
  5. Set http-interface-list to REST,GUI if using both REST and the GUI or to REST if using REST but not the GUI. 
    ORACLE(http-server)# http-interface-list REST
  6. Set the tls-profile attribute to the name of the previously configured tls-profile configuration element. 
    ORACLE(http-server)# tls-profile rest-profile
  7. Type done to save your configuration.

Task 5: Save, Activate, and Reboot

  1. From the top level of the ACLI, save the configuration. 
    ORACLE# save-config
  2. Activate the configuration. 
    ORACLE# activate-config
  3. Reboot the SBC. 
    ORACLE# reboot