Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.server -> iSQL*Plus and SSL

iSQL*Plus and SSL

From: Alison Holloway <>
Date: Wed, 28 Apr 2004 13:02:03 +1000
Message-ID: <_gFjc.52$>

Some time ago there was a discussion on this newsgroup about setting up iSQL*Plus 10.1 to use SSL. I wanted to post my latest research on this which should makes securing iSQL*Plus easier for you all.

The SQL*Plus documentation states that a X.509 certificate is required, but I've recently discovered that it isn't after all. When you generate a keypair, a self-signed certificate is generated and is used to sign the public key. So if you're happy to use this self-signed certificate, you don't need to pay for one from a third party, eg, Verisign.

I will have the documentation changed and add this to the SQL*Plus release notes for the next release. In the meantime, I hope this helps you set up iSQL*Plus to use SSL in the 10.1 release.

This is what I did on Windows 2000. You'll need to change the steps slightly for UNIX-based operating systems.

  1. Open a command shell.
  2. Set environment variables.
      set ORACLE_HOME=<oracle_home_location>
      set JAVA_HOME=%ORACLE_HOME%\jdk

3. Move to correct directory. You can do this in any directory, but to make

    it easier to find the keystore later, I used:

      cd %ORACLE_HOME%\oc4j\j2ee

4. Create keypair and self-signed certificate. You can use whatever

    credentials you need in the certificate, but here's what I used during my testing:

      %JAVA_HOME%/bin/keytool -genkey -keyalg RSA -alias isqlplus -keystore keystore

      Enter keystore password: 123456
      What is your first and last name?

[Unknown]: Test User
What is the name of your organizational unit?
[Unknown]: IT Department
What is the name of your organization?
[Unknown]: Oracle Corporation
What is the name of your City or Locality?
[Unknown]: San Francisco
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Test User, OU=IT Department, O=Oracle Corporation, L=San Francisco, ST=Cal ifornia, C=US correct?
[no]: y
Enter key password for <isqlplus> (RETURN if same as keystore password):

5. Configure OC4J

5.1 Copy http-web-site.xml to a new file secure-web-site.xml

5.2 Edit secure-web-site.xml to add the attribute 'secure="true"' to the web-site


5.3 Edit secure-web-site.xml to include a new element in the web-site element:

      <ssl-config keystore="<keystore_path>" keystore-password="<keystore_password>" />

5.4 Edit server.xml and the path attribute of the web-site element to point to the

     newly created secure-web-site.xml file instead of the http-web-site.xml.

5.5 Restart iSQL*Plus and off you go!

Note, you will need to use https as your URL prefix instead of http.

Alison Received on Tue Apr 27 2004 - 22:02:03 CDT

Original text of this message