[ORDS Standalone: Configure SSL Certificate Chain] Process for installing an SSL certificate chain in ORDS running in Standalone mode. #ords

_prerequisites.md

Prerequisites:

• One instance certificate
  • Certificate file in text format
  • Certificate private key file
• Intermediate certificate in text format

certificate_chain.sh

# Set variables
PASSWORD="MySecret123"
HOSTNAME="myhost.domain.com"
KEY="my_certificate.key"                             #provided by certificate authority
IDENTITY_CRT="my_certificate.crt"                    #provided by certificate authority
INTERMEDIATE_CRT="my_intermediate_certificate.crt"   #provided by certificate authority

# Write a passwordfile
echo "${PASSWORD}" > passfile

# Concatenate the identity and intermediate certificates. Order matters!
cat ${IDENTITY_CRT} ${INTERMEDIATE_CRT} > ${HOSTNAME}.chain.crt

# Combine certificates and private key into a .p12 file.
openssl pkcs12 \
    -export \
    -inkey ${KEY} \
    -in ${HOSTNAME}.chain.crt \
    -out ${HOSTNAME}.chain.p12 \
    -password pass:${PASSWORD}

# Convert certificate key to DER format for ORDS
openssl pkcs8 \
    -topk8 \
    -inform P12 \
    -outform DER \
    -in ${HOSTNAME}.chain.p12 \
    -out ${HOSTNAME}_key.der \
    -nocrypt \
    -passin file:passfile

# Remove passfile
rm passfile

standalone.properties

# SSL Configuration
jetty.secure.port=443
ssl.cert=/path/to/myhost.domain.com.chain.crt
ssl.cert.key=/path/to/myhost.domain.com_key.der
ssl.host=myhost.domain.com

validate_certificate.sh

openssl s_client -showcerts -connect myhost.domain.com:443