X

The Visual Builder Cloud Service Blog

Connecting VBCS to ORDS with self-signed certificates for Development

Aparna Gaonkar
Product Manager

From Visual Builder 18.4.1 onwards, there is a facility for uploading trusted SSL certificates including self-signed certificates, which is normally needed during development.

We have had a number of customers asking about how to use a self-signed certificate to connect to ORDS (Oracle Rest Data Services), which is a tool to create REST interfaces on top of relational data.

ORDS exposes its REST APIs over an IP address, and when ORDS is installed, it simply creates a self-signed certificate for localhost.  This will not be trusted by Visual Builder when one tries to build a Service Connection to an ORDS API.  You might get an error like the one below:

 

If you have an ORDS URL like https://<IPAddress>/ords/pdb1/myworkspace/myhandler/my_ords_service, and are looking for a quick way to use the Service in VBCS with a self-signed certificate, here are steps that you might find handy.  However a bit of caution - these steps involve self-signed certificates in VB and only should be used in case of development not production!

 

Step 1 – Get the hostname for ORDS

First find the ‘proper’ hostname for your ORDS IP address using the below:

nslookup <ip address>

This will give you the proper hostname to use for your service connections.  So instead of https://<IP address> use https://<hostname>

Step 2 – Generate a self-signed certificate

Create a self-signed certificate with openssl utility the above hostname as the CName and modify other attributes according to your need

For e.g.

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj '/CN=<hostname>'

This will yield two files key.pem and cert.pem

Convert the key.pem to its der file as below:

openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out key.der -nocrypt

Similarly convert cert.pem to its crt file

 

openssl x509 -outform der -in cert.pem -out cert.crt

Once you have these two, they need to be updated in the ORDS standalone.properties (More details can be found in the ORDS documentation)

ssl.cert=/u01/app/oracle/product/ords/cert.crt
ssl.cert.key=/u01/app/oracle/product/ords/key.der
ssl.host=<hostname>

Restart the ORDS server after making these changes.

Step 3 – Upload the self-signed certificate to VB

Go to Visual Builder -> Certificates (You require administrator privileges to do this).  Upload the cert.pem (or cert.crt) giving some alias.   

Step 4 – Create the Service Connection

Create the service connection in Visual Builder for the ORDS endpoint as you would create normally by using "Define by Endpoint" flow but remember to give the URL with the hostname instead of the IP address i.e. https://<hostname>/ords/pdb1/myworkspace/myhandler/my_ords_service.  (A detailed tutorial for creating and consuming  Service Connections is available here)

 

The Service Connection should now work.  Do remember that we have made Visual Builder trust all requests signed via this certificate, so it is imperative to keep this key secure, and as a best practice, never use self-signed certificates in production.

EDIT : Corrected the command to convert to key.der

 

 

 

 

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.