Let’s Encrypt

Probably the easiest way to get an SSL Certificate these days is with the Free Let’s Encrypt. Let’s Encrypt is currently creating ~600k SSL certificates a day according to their statistics

ORDS Standalone and SSL

ORDS standalone mode will create a self-signed certificate upon install just to get something in place. This certificate should clearly never be used other than development. When going to production, there should be a real certificate aquired and installed.

Installing a real certificate is quite straight forward and in the documentation

  • Aquire a Certificate

  • (optional) If the key file is in .pem format, create a .der file

      openssl pkcs8 -topk8 -inform PEM -outform DER -in demo.example.com.pem -out demo.example.com.der -nocrypt
  • Edit the ords/standalone/standalone.properties


This is the path in Oracle Cloud DBCS that is the ORDS configuration /u01/app/oracle/product/ords/conf/ords/standalone/

  • Restart ORDS.

Let’s Encrypt Setup Options

There’s lots of prebuilt integrations that Let’s Encrypt. For example, if the ORDS install is being front ended with Nginx or Apache httpd there’s a couple choices with the implementations listed on the client-optiosn page or EFF’s Certbot


Since there’s no prebuilt tool for dealing with ORDS. I’ll be using GetSSL to aquiring a cert.

These are just my steps to get the cerificate working in an Oracle Cloud DBCS installation. I’m sure there are other ways to accomplish the same result.

  • Install

      curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl
  • Initialize the configuration files

    ./getssl -c demo.example.com

  • Edit the configuration to site specifics.

    In the file ~/.getssl/demo.example.com/getssl.cfg , These are the only settings I adjusted.


This is the path in Oracle Cloud DBCS that is the docroot for ORDS /u01/app/oracle/product/ords/conf/ords/standalone/doc_root/

  • Clean up the self-signed certificates

      rm /u01/app/oracle/product/ords/conf/ords/standalone/self-signed.key	
      rm /u01/app/oracle/product/ords/conf/ords/standalone/self-signed.pem
  • Convert the Let’s Encrypt .key file to a .der that ORDS can use

      openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in /u01/app/oracle/product/ords/conf/ords/standalone/demo.example.com.key -out /u01/app/oracle/product/ords/conf/ords/standalone/demo.example.com.pkcs8.key
      openssl pkcs8 -topk8 -inform PEM -outform DER -in /u01/app/oracle/product/ords/conf/ords/standalone/demo.example.com.pkcs8.key -out /u01/app/oracle/product/ords/conf/ords/standalone/demo.example.com.pkcs8.der -nocrypt
      # remove temp file
      rm /u01/app/oracle/product/ords/conf/ords/standalone/demo.example.com.pkcs8.key
  • Configure ORDS. This is now the same as setting ORDS to using any SSL certificate as mentioned in the documentation.

    Edit /u01/app/oracle/product/ords/conf/ords/standalone/standalone.properties



The end result is a valid SSL certificate in the Standalone mode of ORDS