Operator gets "400: Invalid SNI" when accessing Ords

[rbaumgar]

documentation who to create certificates is incomplete https://github.com/oracle/oracle-database-operator/blob/main/docs/multitenant/README.md#secrets-for-certificates

operator uses the URL following URL to access ORDS: -ords., e.g. cdb-dev-ords.oracle

that results extfile.txt should be created like the following example. www.example.com is complete useless.

echo "subjectAltName=DNS:cdb-dev-ords,DNS:cdb-dev-ords.oracle" > extfile.txt

[mmalvezz]

Makefile with correct example has been changed few months ago please let us know if your problem still exists

197         $(OPENSSL) req -newkey rsa:2048 -nodes -keyout $(SKEY) -subj "/C=US/ST=California/L=SanFrancisco/O=$(COMPANY) /CN=$(RESTPREFIX)-$(REST_SERVER).$(C    DB_NAMESPACE) /CN=$(LOCALHOST)" -out server.csr
198         $(ECHO) "subjectAltName=DNS:$(RESTPREFIX)-$(REST_SERVER).$(CDB_NAMESPACE),DNS:www.example.com" > extfile.txt
199         $(OPENSSL) x509 -req -extfile extfile.txt -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $(SCRT)

[rbaumgar]

why is www.example.com defined? This is definitely not required here. Or please explain this, I thought this should be used in an enterprise environment.

[mmalvezz]

Thank you we are going to remove the example as well please let us know if you are still facing problem 400 SNI

[rbaumgar]

I faceced the 400 SNI error again, when I exposed the ORDS service externally, than I had to create an entry with the external name.

e.g. echo "subjectAltName=DNS:-ords,DNS:-ords.,DNS:cdb-dev-ords-." > extfile.txt