Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> iSQL*Plus and SSL

iSQL*Plus and SSL

From: Alison Holloway <alison.holloway_at_Xoracle.com>
Date: Wed, 28 Apr 2004 13:02:03 +1000
Message-ID: <_gFjc.52$BD6.695@news.oracle.com> 





Some time ago there was a discussion on this newsgroup about setting up iSQL*Plus 10.1 to 
use SSL. I wanted to post my latest research on this which should makes securing iSQL*Plus 
easier for you all.



The SQL*Plus documentation states that a X.509 certificate is required, but I've recently 
discovered that it isn't after all. When you generate a keypair, a self-signed certificate 
is generated and is used to sign the public key. So if you're happy to use this 
self-signed certificate, you don't need to pay for one from a third party, eg, Verisign.



I will have the documentation changed and add this to the SQL*Plus release notes for the 
next release. In the meantime, I hope this helps you set up iSQL*Plus to use SSL in the 
10.1 release.



This is what I did on Windows 2000. You'll need to change the steps slightly for 
UNIX-based operating systems.



    
  
  1.   Open a command shell.

  
  2.   Set environment variables.





      set ORACLE_HOME=<oracle_home_location>
      set JAVA_HOME=%ORACLE_HOME%\jdk





3. Move to correct directory. You can do this in any directory, but to make


    it easier to find the keystore later, I used:



      cd %ORACLE_HOME%\oc4j\j2ee



4. Create keypair and self-signed certificate. You can use whatever


    credentials you need in the certificate, but here's what I used during my testing:



      %JAVA_HOME%/bin/keytool -genkey -keyalg RSA -alias isqlplus -keystore keystore


      Enter keystore password: 123456
      What is your first and last name?


      [Unknown]: Test User

      What is the name of your organizational unit?


      [Unknown]: IT Department

      What is the name of your organization?


      [Unknown]: Oracle Corporation

      What is the name of your City or Locality?


      [Unknown]: San Francisco

      What is the name of your State or Province?


      [Unknown]: California

      What is the two-letter country code for this unit?


      [Unknown]: US

      Is CN=Test User, OU=IT Department, O=Oracle Corporation, L=San Francisco, ST=Cal
      ifornia, C=US correct?


      [no]: y


      Enter key password for <isqlplus>
      (RETURN if same as keystore password):





5. Configure OC4J



5.1 Copy http-web-site.xml to a new file secure-web-site.xml



5.2 Edit secure-web-site.xml to add the attribute 'secure="true"' to the web-site


     element.



5.3 Edit secure-web-site.xml to include a new element in the web-site element:



      <ssl-config keystore="<keystore_path>" keystore-password="<keystore_password>" />



5.4 Edit server.xml and the path attribute of the web-site element to point to the


     newly created secure-web-site.xml file instead of the http-web-site.xml.



5.5 Restart iSQL*Plus and off you go!



Note, you will need to use https as your URL prefix instead of http.



Alison
Received on Tue Apr 27 2004 - 22:02:03 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US