Wednesday, May 14, 2008

Outgoing SSL Connections in OC4J

The project I'm working on is currently deployed to Oracle Application Server. I spent most of the day yesterday trying to figure out 2 things.

1. Why can't I set the java options javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword in the opmn.xml file w/o the system spewing error messages on startup?

2. How can I get my application to successfully make outgoing HTTPS connections if I can't set those system properties?

I posted a message on the Oracle forms here with no response. I spent hours searching online, only finding documentation on how to secure your deployed applications with SSL.

I ended up finding an off-topic document that revealed the answer. OC4J looks to a default trust store located at ${ORACLE_HOME}/jdk/jre/lib/security/cacerts. So, after adding the certificate I needed to trust into this trust store, all was good.

I knew that java had a default trust store, but my goal was to point OC4J to a trust store of my choice, not edit the system default. I did look for a way to configure OC4J through other means, but no luck. And in this case, my whole goal was to point the system to a trust store of my choice, so I was ok with using the system properties.

It still irks me that I can't set those system properties. Oh well.

1 comment:

Rob Madole said...

I've spent some time on this as well. I agree, it's very irritating. I'm beginning to wonder if the trust store can be set using ssl-config in the default-web-site.xml file within j2ee/$INSTANCE/config.