1. REST API for <ProductName>REST API for Oracle Enterprise Communications Broker, Release 4.2.0
  2. Enable HTTPS

Enable HTTPS

The Oracle Enterprise Communications Broker (Communications Broker) REST API only accepts requests over secure HTTPS connections. Unencrypted HTTP requests are rejected with a 426 Upgrade Required. Follow this procedure to enable secure communications between the REST client and the Communications Broker.

Task 1: Generate a Certificate Signing Request on the Communications Broker

After logging in as the admin user on the Communications Broker:

  1. Access the certificate-record configuration element. 
    ORACLE# conf t
ORACLE(configure)# security
ORACLE(security)# certificate-record
ORACLE(certificate-record)#
  2. Supply the details for the certificate you will install on the Communications Broker. 
    
ORACLE(certificate-record)# name restless
ORACLE(certificate-record)# country US
ORACLE(certificate-record)# state MA
ORACLE(certificate-record)# locality Boston
ORACLE(certificate-record)# organization Engineering
ORACLE(certificate-record)# common-name Acme
ORACLE(certificate-record)# key-size 4096 
ORACLE(certificate-record)# key-algor ecdsa
  3. Type done to save your configuration. 
    ORACLE(certificate-record)# done
  4. Navigate to the top level of the ACLI. 
    ORACLE(certificate-record)# quit
ORACLE#
  5. Generate a certificate request. 
    ORACLE# generate-certificate-request restless
Generating Certificate Signing Request. This can take several minutes....

-----BEGIN CERTIFICATE REQUEST-----
MIIBPTCB5QIBADBQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcM
BkJvc3RvbjEUMBIGA1UECgwLRW5naW5lZXJpbmcxDTALBgNVBAMMBEFjbWUwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAARycOclOeAiDutZtSjFMnFEICB71DWDGeG9
. . .
hvcNAQkOMSQwIjALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYI
KoZIzj0EAwIDRwAwRAIgSIXIgYmjUvzQE8bP43WLYt89TWj8dw2G9A70cPbkpdsC
IAd70mq6ejgfBkeq9XDkqqhc6jk0SaYo1wPC09OuphFF
-----END CERTIFICATE REQUEST-----

WARNING: Configuration changed, run "save-config" command.
ORACLE#

Task 2: Acquire the Certificate

Send the certificate request to a Certificate Authority (CA). The CA will reply with a certificate for you to install on the Communications Broker.

Task 3: Import the Certificate into the Communications Broker

  1. Execute the import-certificate command.
  2. Paste the certificate into the ACLI, using a semicolon to terminate the certificate. 
    ORACLE# import-certificate try-all restless

IMPORTANT:
        Please enter the certificate in the PEM format.
        Terminate the certificate with ";" to exit.......
-----BEGIN CERTIFICATE-----
MIIEMDCCAxigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgMAk1BMRMwEQYDVQQHDApCdXJsaW5ndG9uMRQwEgYDVQQKDAtFbmdp
bmVlcmluZzEXMBUGA1UEAwwOQWNtZSBQYWNrZXQgTUExITAfBgkqhkiG9w0BCQEW
EmxhcnJ5LmVAb3JhY2xlLmNvbTAeFw0xODA2MDEyMDU1MzBaFw0yMzA2MDEyMDU1
. . .
OcDuA+9hJpjKqCn51lmH39iHt0oeuwGKrrE919q4SDcEoSCb48gi8zR1hRy2Rfzx
9bsRJ+uFLWpwE88QaZUFviR+CmIBUl1o9Yk3bLOQFmf0DWgHiyy7DOuswVqoF/Xg
rQNY6LB1Nm5e2yQ6ocLQ36S9HNIqewT6iPcf1RWbbf/Ond0QJYJMJV8RZeMD6JcB
ehJMI7/fN6t9A4m3JaknJqYv3qg=
-----END CERTIFICATE-----;
Certificate imported successfully....
WARNING: Configuration changed, run "save-config" command.
ORACLE#

Task 4: Configure TLS

  1. Access the tls-global configuration element. 
    ORACLE# conf t
ORACLE(configure)# security
ORACLE(security)# tls-global
ORACLE(tls-global)#
  2. Select the object and verify that session-caching is disabled and session-cache-timeout is 12. 
    ORACLE(tls-global)# select
ORACLE(tls-global)# show
tls-global
        session-caching                         disabled
        session-cache-timeout                   12
        diffie-hellman-key-size                 DH_KeySize_2048
        last-modified-by
        last-modified-date
  3. Type done to save your configuration. 
    ORACLE(tls-global)# done
  4. Access the tls-profile configuration element. 
    ORACLE(tls-global)# exit
ORACLE(security)# tls-profile
ORACLE(tls-profile)#
  5. Give a name to this tls-profile. 
    ORACLE(tls-profile)# name rest-profile
  6. Set end-entity-certificate to the name of the previously configured certificate-record. 
    ORACLE(tls-profile)# end-entity-certificate restless
  7. Set the TLS version. 
    ORACLE(tls-profile)# tls-version tlsv12
  8. Type done to save your configuration.

Task 5: Enable HTTPS on the HTTP Server

  1. Access the multi-instance http-server configuration element. 
    ORACLE# co t
ORACLE(configure)# system
ORACLE(system)# http-server 
ORACLE(http-server)#
  2. Create a name for this http-server instance. 
    ORACLE(http-server)# name rest-server
  3. Set the state and https-state parameters to enabled. 
    ORACLE(http-server)# state enabled
    ORACLE(http-server)# https-state enabled
  4. Set the HTTPS port. 
    ORACLE(http-server)# https-port 443
  5. Set http-interface-list to REST,GUI. 
    ORACLE(http-server)# http-interface-list REST
  6. Set the tls-profile attribute to the name of the previously configured tls-profile configuration element. 
    ORACLE(http-server)# tls-profile rest-profile
  7. Type done to save your configuration.

Task 6: Save, Activate, and Reboot

  1. From the top level of the ACLI, save the configuration. 
    ORACLE# save-config
  2. Activate the configuration. 
    ORACLE# activate-config
  3. Reboot the Communications Broker. 
    ORACLE# reboot

After the Communications Broker reboots, you can authenticate to the Communications Broker.