How to Get Secure Web Services (SSL/HTTPS) and Oracle APEX Working

Learn How to Call Secure Web Services (SSL/HTTPS) from Oracle APEX applications!

More and more APEX developers need to call (consume) web services from their applications.  What environment changes are required to support a secure web service call?

In this four-part tutorial Oracle Certified Master DBA John Watson, SkillBuilders Director of Oracle Database Services, will demonstrate how to configure the Oracle Database environment to allow external connections and recognize and accept vetted digital certificates.

This free training is segmented into several separate lessons:

  1. Introduction / Agenda (1:00)
    (click to read the Transcript)
    John describes what we are trying to achieve and provides an overview of the steps required.
  2. Demonstration – Create an Access Control List (1:08)
    To allow APEX (i.e. Oracle Database) to make an external call, someone (typically the DBA) must create an ACL with dbms_network_acl_admin.append_host_ace.
  3. Demonstration – Using the orapki Utility to Add Digital Certificates (3:57) (click on video below)
    The orapki utility must be used In order for the Oracle Database to recognize and accept the digital certificates from your desired web services. John demonstrates how in this lesson.
  4. Demonstration – Test the Secure Web Services Call (1:41)
    John demonstrates how he tests the web services call over SSL / HTTPS.

Date: Sep 6, 2016


NOTE: Some corporate firewalls will not allow videos hosted by YouTube.

Free Online Registration Required

The tutorial session you want to view requires your registering with us.

It’s fast and easy, and totally FREE.

And best of all, once you are registered, you’ll also have access to all the other 100’s of FREE Video Tutorials we offer!

 

×
Transcript

Demonstration – Using the orapki Utility to Add Digital Certificates

>> John:  When you use HTTPS in a browser, it will usually work out of the box, no need for any configuration. And this is because browsers ship with a list of trusted certificate issuers. You can see the list here in Firefox. Options, advanced, certificates, and view the certificates. So, on the authorities tab these are the certificates that Firefox will accept or the certificate issuers that Firefox is prepared to accept. There they all are.

 

[pause]

 

As long as the website has bought and installed a certificate on one of these approved issuers, your browser will be happy. But the Oracle database has no such list of trusted certificate issuers. You have to build this up for yourself by downloading the certificates and installing them in a wallet.

 

The first step is to tell Oracle where the trusted certificates wallet is. We do that with entry in the sqlnet.ora file. Wallet location = source, method file – I could be using held up directory for instance but in this case, my wallet is going to be in a file and the metadata is the location of the wallet which will be in c:\tmp\wallet.

 

Then I need to create the directory, mkdir c:\tmp\wallet.

 

And then finally use the Oracle utility orapki to create the wallet. When I create the wallet, I give it the location of the wallet, a password to open the wallet, and I’m going to set it to auto login.

 

I need to obtain the certificates of the trusted certificate issuers from the website I’m going to go to. So I’ll browse to the Oracle.com secure site.

 

[pause]

 

And the exact technique will follow here will depend on the browser you’re using. In Firefox, this icon here will show me the details of the secure socket configuration.

 

[pause]

 

Here we see a certificate chain. I need to download certificates for all components of the chain except for the leaf certificate at the very end. That’s the one that will be validated when we actually make the connection. So the top level first, GeoTrust Global CA.

 

There are various possible export formats. I find the default CRT format seems to work well enough. The next one in the chain, export that as well and that’s saved in to my local file system.

 

To load those certificates into the wallet, I’ll use the orapki [3:23 inaudible] C again. Orapki wallet add. I’m going to add the certificate for GeoTrust Global CA into the nominated wallet as a trusted certificate and supply the password and do the same with the second certificate in the chain. What wallet certificates are actually in there, the wallet display command, it shows me there they are as trusted certificates.

Copyright SkillBuilders.com 2017

×