Erman Arslan's Oracle Forum EBS 12.2

2572809.1 confusion

classic Classic list List threaded Threaded
6 messages Options
satish
Reply | Threaded
Open this post in threaded view
|

2572809.1 confusion

satish
Dear erman,

We are on R12.2.5 and not using ssl

We are following this note id 2572809.1 as a prerequisite for a patch reported by etcc.Note is not clear.Do we need to replace certificates for all wallets under FMW_HOME like under opmn,ohs etc..please clarify

[applsupp@erpsupport FMW_Home]$ /u01/SUPPDBAPPS/fs2/FMW_Home/oracle_common/bin/orapki wallet display -wallet /u01/SUPPDBAPPS/fs2/FMW_Home/webtier/instances/EBS_web_SUPPDB_OHS1/config/OPMN/opmn/wallet/
Oracle PKI Tool : Version 11.1.1.9.0
Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:
User Certificates:
Subject: CN=Self-Signed Certificate for EBS_web_SUPPDB_OHS1\20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US
Trusted Certificates:
Subject: CN=Self-Signed Certificate for EBS_web_SUPPDB_OHS1\20,OU=OAS,O=ORACLE,L=REDWOODSHORES,ST=CA,C=US
[applsupp@erpsupport FMW_Home]$

Multiple wallet locations in EBS

/u01/SUPPDBAPPS/fs1/FMW_Home/user_projects/domains/EBS_domain_SUPPDB/config/fmwconfig/cwallet.sso

/u01/SUPPDBAPPS/fs1/FMW_Home/user_projects/domains/EBS_domain_SUPPDB/opmn/EBS_web_SUPPDB_OHS1/wallet
/u01/SUPPDBAPPS/fs1/FMW_Home/user_projects/domains/EBS_domain_SUPPDB/opmn/EBS_web_SUPPDB_OHS1/EBS_web_SUPPDB/wallet
/u01/SUPPDBAPPS/fs1/FMW_Home/user_projects/domains/EBS_domain_SUPPDB/opmn/EBS_web_SUPPDB_OHS1/EBS_web_SUPPDB/wallet/cwallet.sso

/u01/SUPPDBAPPS/fs1/FMW_Home/user_projects/domains/EBS_domain_SUPPDB/opmn/EBS_web_SUPPDB_OHS1/wallet/cwallet.sso
/u01/SUPPDBAPPS/fs1/FMW_Home/webtier/instances/EBS_web_SUPPDB_OHS1/config/OHS/EBS_web_SUPPDB/proxy-wallet
/u01/SUPPDBAPPS/fs1/FMW_Home/webtier/instances/EBS_web_SUPPDB_OHS1/config/OHS/EBS_web_SUPPDB/keystores/default/cwallet.sso

/u01/SUPPDBAPPS/fs1/FMW_Home/webtier/instances/EBS_web_SUPPDB_OHS1/config/OHS/EBS_web_SUPPDB/proxy-wallet/cwallet.sso
/u01/SUPPDBAPPS/fs1/FMW_Home/webtier/instances/EBS_web_SUPPDB_OHS1/config/OPMN/opmn/wallet
/u01/SUPPDBAPPS/fs1/FMW_Home/webtier/instances/EBS_web_SUPPDB_OHS1/config/OPMN/opmn/wallet/cwallet.sso

Thanks,
Satish
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: 2572809.1 confusion

ErmanArslansOracleBlog
Administrator
The note is clear about the need for replacing the certificates ->

**If the Signature algorithm name is displayed equal to "MD5withRSA", it means that a certificate signed with the MD5 algorithm is present in your wallet. You must replace this certificate with a certificate signed using SHA2 algorithm.

There it says : "Products such as OPMN, Oracle HTTP Server, Web Cache, Oracle Internet Directory, and Business Intelligence use the Oracle Security Service (OSS) for SSL and may be affected by the changes introduced by the OSS patch."

You applied this to FMW right? So wallets under FMW / FMW_HOME /MW_HOME needs to be checked and the required replacement needed to be done for the certificates that are signed with MD5. (take backups of the wallets before doing any operations on them)  
satish
Reply | Threaded
Open this post in threaded view
|

Re: 2572809.1 confusion

satish
Thanks for the update,
We are not using ssl,still do we need to perform this action before applying this patch.
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: 2572809.1 confusion

ErmanArslansOracleBlog
Administrator
If you are not using SSL at all (in opmn or in anywhere else), then you don't need to check it at this time. This is a post req not a pre req by the way.
satish
Reply | Threaded
Open this post in threaded view
|

Re: 2572809.1 confusion

satish
This post was updated on .
Dear erman,

We faced issue with opmn services.we did that post step and then able to start it.Do we need to perform in both the file systems?

Run file system
————————

[applsupp@erpsupport EBS_web_SUPPDB_OHS1]$ cd /u01/SUPPDBAPPS/fs2/FMW_Home/webtier/instances/EBS_web_SUPPDB_OHS1/config/OPMN/opmn/wallet
[applsupp@erpsupport wallet]$ ls -lrt
total 16
-rw------- 1 applsupp dba    0 Oct 12 16:37 cwallet.sso.lck
-rw------- 1 applsupp dba 3037 Oct 13 10:51 cwallet.ssonotworking
-rw------- 1 applsupp dba  941 Oct 13 10:56 wallet.cert
-rw------- 1 applsupp dba 6461 Oct 13 11:02 cwallet.sso

Ran fsclone and it completed

Patch file system:
—————————

[applsupp@erpsupport wallet]$ cd /u01/SUPPDBAPPS/fs1/FMW_Home/webtier/instances/EBS_web_SUPPDB_OHS1/config/OPMN/opmn/wallet
[applsupp@erpsupport wallet]$ ls -lrt
total 8
-rw------- 1 applsupp dba    0 Oct 13 13:02 cwallet.sso.lck
-rw------- 1 applsupp dba 4405 Oct 13 13:02 cwallet.sso
[applsupp@erpsupport wallet]

Looks like not synchronised.can we copy cwallet.sso manually to patch file system.Pls suggest



Thanks,
Satish
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: 2572809.1 confusion

ErmanArslansOracleBlog
Administrator
Which last step, Satish?
Free forum by Nabble Edit this page