Thursday, May 2, 2019

DIP issue after JDK update

There are issues like DIP shows as down in em after JDK update. The below is the fix for this.

setDomainEnv.sh files:
    EXTRA_JAVA_PROPERTIES="${EXTRA_JAVA_PROPERTIES} -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"
    export EXTRA_JAVA_PROPERTIES

Importing SSL certificate in SOA 11g/12c

This article will describe the method to import certificate in SOA 11g and 12c. In 11g its stored in java key tool, while in 12c it is in OPSS (i.e database).Below are applicable for both 11g and 12c.

Steps for 11g:
 In the weblogic console in SOA/OSB managed server check for keystore tab.You will see that demo identity and demo trust will be enabled.Now login to linux server where SOA managed server is running.
ps -ef|grep -i SSL
You will find a process like 

              “-Djavax.net.ssl.trustStore=/app/fmw/111/wlserver_10.3/server/lib/DemoTrust.jks”
Take a backup of this DemoTrust.jks file.

keytool -import -trustcacerts -alias <Alias Name> -file <Certificate File > -keystore <Trust Store Location> -storepass <passwd>

The services will need restart after this.

Steps for 12c:
As seen 12c , the OPSS based keystore is used.Below are the steps.
- Remove Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks from setDomainEnv.sh
The follow below steps.

1. Log in to Fusion Middleware Control (EM).

2. From the navigation pane, locate the domain i.e "SOA Domain"
3. Navigate to Security, then Keystore. The Keystore page appears.
4. Expand the stripe in which the keystore resides and  Select the row corresponding to the keystore. For this case system -> trust
We will use Trustore to place the certificate to call the external SSL partner link.
5. Click Manage.
6. If the keystore is password-protected, you are prompted for a password. Enter the keystore password and click OK.
7. The Manage Certificates page appears. Click Import.
8. The Import Certificate dialog appears.
9. Select the certificate type, either Certificate or Trusted Certificate, from the drop-down. For this case use "Trusted Certificate"
10. Provide an alias i.e "testTrust"
11. Specify the certificate source. If using the Paste option, copy and paste the certificate directly into the text box. If using the Select a file option, click Browse to select the file from the operating system.
12. Click OK. The imported certificate or trusted certificate appears in the list of certificates.
13. Click OK.
14. Bounce the managed server.
 

OIM timezone issue

We had a case where OIM was ignoring the timezone set and adding EST .Even though the JDK , OS and application timezones were set correctly.

Its a bug and Oracle has released patches for it.I would suggest raise a support SR for details.But workaround is as below,

- Add to startweblogic.sh
- Add  the TZ parameter like -Duser.timezone=Asia/Calcutta

if [ "${WLS_REDIRECT_LOG}" = "" ] ; then
        echo "Starting WLS with line:"
        echo "${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${LAUNCH_ARGS} -Dweblogic.Name=${SERVER_NAME} -Djava.security.policy=${WLS_POLICY_FILE} ${JAVA_OPTIONS} ${PROXY_SETTINGS} ${SERVER_CLASS}"
        ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${LAUNCH_ARGS} -Dweblogic.Name=${SERVER_NAME} -Duser.timezone=Asia/Calcutta -Djava.security.policy=${WLS_POLICY_FILE} ${JAVA_OPTIONS} ${PROXY_SETTINGS} ${SERVER_CLASS}
else
        echo "Redirecting output from WLS window to ${WLS_REDIRECT_LOG}"

        ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${LAUNCH_ARGS} -Dweblogic.Name=${SERVER_NAME} -Duser.timezone=Asia/Calcutta -Djava.security.policy=${WLS_POLICY_FILE} ${JAVA_OPTIONS} ${PROXY_SETTINGS} ${SERVER_CLASS}  >"${WLS_REDIRECT_LOG}" 2>&1
fi

Note that location is before SERVER_NAME