Prerequisite Steps to Configure Oracle Fusion Middleware 11.1.1.9 Components for Oracle E-Business Suite Release 12.2 Before Applying CPU patch

 I have applied JAN Critical Patch 31304503 [IMPORTANT: Follow Note 2555355.1 before applying.]

    – Filename: p31304503_111190_Linux-x86-64.zip

 

If applied the Patch 31304503 the following OPMN will log the following Error:

 

[opmn] [ERROR:1] [] [ons-secure] Connection server SSL set credentials failed (43084)

[opmn] [ERROR:1] [222] [ons-secure] SSL initialization failed

 

To avoid failures when trying to start OPMN and OHS

 

The Following Prerequisite Steps to configure:

 

1.login into the application server (ie applmgr (username)

 

2. Source the run file system environment 

 

[applmgr@visebsapp appl]$ . APPSVIS_visebsapp.env

 

3. Set an alias for the correct orapki

[applmgr@visebsapp appl]$ alias orapki=$FMW_HOME/oracle_common/bin/orapki

[applmgr@visebsapp appl]$ cd

[applmgr@visebsapp ~]$ ls

bea  oradiag_applmgr

4. Create new wallet an self signed certificate in $HOME/ss

 

[applmgr@visebsapp ~]$ cd $HOME

[applmgr@visebsapp ~]$ pwd

/home/applmgr

[applmgr@visebsapp ~]$ ls

bea  oradiag_applmgr

[applmgr@visebsapp ~]$ mkdir ~/ss

[applmgr@visebsapp ~]$ ls

bea  oradiag_applmgr  ss

[applmgr@visebsapp ~]$ cd ~/ss

[applmgr@visebsapp ss]$ ls

[applmgr@visebsapp ss]$ orapki wallet create -wallet ./ -auto_login_only

Oracle PKI Tool : Version 11.1.1.9.0

Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.

 

[applmgr@visebsapp ss]$ orapki wallet add -wallet . -dn “CN=FMWSmallCircleOfTrust” -asym_alg RSA -keysize 2048 -sign_alg sha256 -self_signed -validity 3652 -aut                                          o_login_only

Oracle PKI Tool : Version 11.1.1.9.0

Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.

 

5. verify that the wallet was properly created:

 

[applmgr@visebsapp ss]$ orapki wallet display -wallet .

Oracle PKI Tool : Version 11.1.1.9.0

Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.

 

Requested Certificates:

User Certificates:

Subject:        CN=FMWSmallCircleOfTrust

Trusted Certificates:

Subject:        CN=FMWSmallCircleOfTrust

 

 

6. Find the Instance name of this environment 

[applmgr@visebsapp ss]$ tr < $CONTEXT_FILE ‘<>’ ‘  ‘ | awk ‘/”s_ohs_instance”/ {print $(NF-1)}’

EBS_web_VIS_OHS1

[applmgr@visebsapp ss]$ iName=$(tr < $CONTEXT_FILE ‘<>’ ‘  ‘ | awk ‘/”s_ohs_instance”/ {print $(NF-1)}’ )

 

7. Go to the instance directory

[applmgr@visebsapp ss]$ cd $FMW_HOME/webtier/instances/$iName

 

8. Find the default wallets used by this instance

 

[applmgr@visebsapp EBS_web_VIS_OHS1]$ find . -name cwallet.sso | fgrep -v /webgate/

./config/OPMN/opmn/wallet/cwallet.sso

./config/OHS/EBS_web_VIS/keystores/default/cwallet.sso

./config/OHS/EBS_web_VIS/proxy-wallet/cwallet.sso

 

9.Verify each wallet only contains the ss cerificate:

 

[applmgr@visebsapp EBS_web_VIS_OHS1]$ find . -name cwallet.sso | fgrep -v /webgate/ | while read w ; do echo -e “n$w”; orapki wallet display -nologo -wallet $w ;

> done

 

./config/OPMN/opmn/wallet/cwallet.sso

Requested Certificates:

User Certificates:

Subject:        CN=Self-Signed Certificate for EBS_web_VIS_OHS120,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US

Trusted Certificates:

Subject:        CN=Self-Signed Certificate for EBS_web_VIS_OHS120,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US

 

./config/OHS/EBS_web_VIS/keystores/default/cwallet.sso

Requested Certificates:

User Certificates:

Subject:        CN=Self-Signed Certificate for EBS_web_VIS20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US

Trusted Certificates:

Subject:        CN=Self-Signed Certificate for EBS_web_VIS20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US

 

./config/OHS/EBS_web_VIS/proxy-wallet/cwallet.sso

Requested Certificates:

User Certificates:

Subject:        CN=Self-Signed Certificate for EBS_web_VIS20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US

Trusted Certificates:

Subject:        CN=Self-Signed Certificate for EBS_web_VIS20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US

10. Copy the new SHA-256 signed wallet to all default wallet locations.

 

[applmgr@visebsapp EBS_web_VIS_OHS1]$ find . -name cwallet.sso | fgrep -v /webgate/ | while read w ; do echo $w; cp -p ~/ss/cwallet.sso $w ; done

./config/OPMN/opmn/wallet/cwallet.sso

./config/OHS/EBS_web_VIS/keystores/default/cwallet.sso

./config/OHS/EBS_web_VIS/proxy-wallet/cwallet.sso

[applmgr@visebsapp EBS_web_VIS_OHS1]$

 

Reference: 

Prerequisite Steps to Configure Oracle Fusion Middleware 11.1.1.9 Components for Oracle E-Business Suite Release 12.2 Before Applying the July 2019 and Later FMW OSS Security Patch (Doc ID 2555355.1)

 



 

 

 

 

 

 

 

 

 

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *