Tech Help

Oracle EM Third Party SSL Configuration

Oracle Enterprise Manager

Third party SSL certificate

Configurations

1) Create New p12 file using openssl and Create wallet using orapki and import p12 file into wallet

2) Secure OMS , upload port and agent using created Wallet

3) Secure WLS using same Wallet

For this we have following third party certificates two trusted certificates, one user certificate and key file also is there any password please take that also.

DigiCertCA.crt

TrustedRoot.crt

star_techtel_lk.crt

em13c.key

First we take trusted certificate and create one file using following command

Cat DigiCertCA.crt > cacert.crt

Cat TrustedRoot.crt >> cacert.crt

1) Create New p12 file using openssl and Create wallet using orapki and import p12 file into wallet

a) To create a new wallet using openssl, run the following command to create a p12 file

openssl pkcs12 -export -in /path/to/user.cer -inkey /path/to/private.key -certfile /path/to/trust.cer -out openssl.p12

Ex:

openssl pkcs12 -export -in /home/oracle/ssl_techtel/star_techtel_lk.crt -inkey /home/oracle/ssl_techtel/em13c.key -certfile /home/oracle/ssl_techtel/cacert.crt -out openssl.p12

Note: provide password new out put file keep it safe this password need further steps (oracle123)

b) Create an auto-login wallet, run the following:

$ORACLE_HOME/oracle_common/bin/orapki wallet create -wallet /path/to/wallet -auto_login

Ex:

Cd /u01/app/oracle/middleware13.5/oracle_common/bin/

./orapki wallet create -wallet /home/oracle/newwallet -auto_login

Note: provide new password for wallet (this case I have given oracle123) this is needed for further steps

c) Import the p12 file into the newly created wallet.

orapki wallet import_pkcs12 -wallet <wallet path> -pkcs12file <p12 file path>openssl.p12

Ex:

orapki wallet import_pkcs12 –wallet /home/oracle/newwallet -pkcs12file /home/oracle/wallet2/ /home/oracle/ssl_techtel/openssl.p12

This time you have to provide wallet password and openssl.p12 password whis we provided step one.

d) Verify created wallet using orapki

./orapki wallet display -wallet /home/oracle/newwallet

2) Secure OMS , upload port and agent using created Wallet

a) Secure EM console execute following command in Middleware Home

./emctl secure console -wallet /home/oracle/newwallet

b) Secure upload port

./emctl secure oms -host em13c.techtel.lk -secure_port 4903 -wallet /home/oracle/newwallet

c) Stop and start OMS

./emctl stop oms -all -force

./emctl start oms

d) Secure agent, go to the agent home

cd /u01/app/oracle/agent/agent_inst/bin

./emctl secure agent

Check upload is working

./emctl upload agent

Note: You have follow section d in every host added in EM

If all the steps are success, then you can check the EM

3) Secure WLS using same Wallet

1) The custom CA certificates (root and intermediate certificates) need to be imported into the trust store of the Agent (Chained Agent) which is monitoring the OMS target so that it can continue to monitor the WLS components

a. Stop the Agent on the OMS server

cd /u01/app/oracle/agent/agent_inst/bin

./ emctl stop agent

b. Import the custom CA certificate into Agent

./emctl secure add_trust_cert_to_jks -trust_certs_loc /home/oracle/ssl_techtel/star_techtel_lk.crt -alias rootcacert -password welcome

Note : you have to provide alias and password

c. Start agent

emctl start agent

2) Take a backup of files below from the OMS Host

<EM_INSTANCE_BASE>/em/EMGC_OMS(n)/emgc.properties file

/u01/app/oracle/gc_inst1/em/EMGC_OMS1

<DOMAIN HOME>/nodemanager/nodemanager.properties file

/u01/app/oracle/gc_inst1/user_projects/domains/GCDomain/nodemanager

<DOMAIN HOME>/config/fmwconfig/components/OHS/ohs1/keystores/proxy

/u01/app/oracle/gc_inst1/user_projects/domains/GCDomain/config/fmwconfig/components/OHS/ohs1/keystores

<DOMAIN HOME>/config/fmwconfig/components/OHS/instances/ohs1/keystores/proxy

/u01/app/oracle/gc_inst1/user_projects/domains/GCDomain/config/fmwconfig/components/OHS/instances/ohs1/keystores

<DOMAIN HOME>/config/config.xml file

/u01/app/oracle/gc_inst1/user_projects/domains/GCDomain/config

<EM_INSTANCE_BASE>/em/EMGC_OMS(n)/embip.properties (If exist)

/u01/app/oracle/gc_inst1/em/EMGC_OMS1 ----------------No embip.properties files

3) Stop the OMS

cd /u01/app/oracle/middleware13.5/bin

emctl stop oms

4) Secure WLS and stop all OMS and start

./emctl secure wls -wallet /home/oracle/newwallet

./emctl stop oms -all -force

./emctl start oms

If there are no any issue Weblogic console also getting secured successfully

How to connect Navicat with EDB

How to Check EDB version

How to convert Windows Oracle Databse to Linux Using RMAN

How to Put Oracle database to Archivelog Mode

You can check log_mode using following command

SQL> select log_mode from v$database;

LOG_MODE
------------
NOARCHIVELOG

Step01

If not shutdown database, you have to shutdown the database

SQL> shutdown immediate ;

Step02

stratup database mount stage

SQL> startup mount;

Step03

Alter database archivelog mode

SQL> alter database archivelog;

Step04

Database open

SQL>alter database open;

check again log_mode ,

SQL> select log_mode from v$database;

LOG_MODE
------------

ARCHIVELOG

RMAN Duplicate to New Database

I have installed two virtual machine on my PC (Red Hat 6) ,and installed oracle (11.2.0) binary both machine and created database on one machine name DB11G, Now I want to duplicate DB11G database as DB11G2 to my 2nd machine .

Step 1: I have created database backup using RMAN on DB11G database ,

rman target=/

RMAN> CONFIGURE CONTROLFILE AUTOBACKUP ON;

RMAN> BACKUP DATABASE PLUS ARCHIVELOG;

Step 2: Login to 2nd machine and created the oracle password file in dbs folder

orapwd file=/u01/app/oracle/product/11.2.0/db_1/dbs/orapwDB11G2 password=password entries=10

Step 3:Also added to tns entry in "tnsnames.ora" file in the

"$ORACLE_HOME/network/admin" directory

DB11G=(DESCRIPTION =

(ADDRESS_LIST =(ADDRESS = (PROTOCOL = TCP)(HOST =1stMachine-IP )(PORT = 1521))

)

(CONNECT_DATA =(ORACLE_SID = DB11G)

)

Step 4: Also created the PFILE on 2nd machine "initDB11G2.ora"

DB_NAME=DB11G2

# Convert file names to allow for different directory structure if necessary.

#DB_FILE_NAME_CONVERT='/u01/app/oracle/oradata/DB11G/','/u01/app/oracle/oradata/DB11G2/'

#LOG_FILE_NAME_CONVERT='/u01/app/oracle/oradata/DB11G/','/u02/app/oracle/oradata/DB11G2/'

Step 5: Create any directories necessary for start the duplicate database.

mkdir -p /u01/app/oracle/oradata/DB11G

mkdir -p /u01/app/oracle/fast_recovery_area/DB11G

mkdir -p /u01/app/oracle/admin/DB11G/adump

Step 6: Copy all the backup files from 1st machine to 2nd machine.

scp -r /u01/app/oracle/fast_recovery_area/DB11G/archivelog oracle@2ndMachine-IP:/u01/app/oracle/fast_recovery_area/DB11G

scp -r /u01/app/oracle/fast_recovery_area/DB11G/backupset

oracle@2ndMachine-IP:/u01/app/oracle/fast_recovery_area/DB11G

scp -r /u01/app/oracle/fast_recovery_area/DB11G/autobackup

oracle@2ndMachine-IP:/u01/app/oracle/fast_recovery_area/DB11G

Setp 7:Log in to 2nd machine

export ORACLE_SID=DB11G2

#this is which you have installed oracle version

*.compatible='11.2.0.4.0'

sqlplus / as sysdba

SQL> startup nomount

SQL> exit

Step 8:Login RMAN as auxiliary database

rman auxiliary /

RMAN>

Step 9: Enter duplicate command as bellow

RMAN>DUPLICATE DATABASE DB11G TO DB11G2 BACKUP LOCATION '/u01/app/oracle/fast_recovery_area/DB11G' nofilenamecheck;

How to Put Oracle database to Archivelog Mode

Step01
If not shutdown database, you have to shutdown the database
SQL> shutdown immediate ;

Step02
stratup database mount stage

SQL> startup mount;

Step03

Alter database archivelog mode

SQL> alter database archivelog;

Step04

Database open

SQL>alter database open;

ATEST

Oracle EM Third Party SSL Configuration

How to connect Navicat with EDB

How to Check EDB version

How to convert Windows Oracle Databse to Linux Using RMAN

How to Put Oracle database to Archivelog Mode

RMAN Duplicate to New Database

How to Put Oracle database to Archivelog Mode