Labels

DB (11) Query (11) R12 (8) FWM (7) scripts (7) APPS (6) AD Tools (5) Patch (4) Concurrent request (3) DB Vault (3) Performance Tuning (3) RMAN (3) tips (3) LOG (2) clone (2) ASM (1) RAC (1) error (1) metalink (1) standby (1)

Friday, 13 July 2018

OMEGA SSL Renew

HOW TO GENERATE SSL CERTS FOR EBS


Node : prn-omguatapp04.thefacebook.com (http://prn-omguatapp04.thefacebook.com/)
/opt/app/OMSUAT3/fs1/FMW_Home/oracle_common/bin/orapki wallet create -wallet   
 /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OHS/EBS_web_OMSUAT3/keystores/default -auto_login
 orapki wallet add -wallet  
 /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OHS/EBS_web_OMSUAT3/keystores/default -dn  
 'CN=prn-
 omguatapp04.thefacebook.com,OU=infra,O=facebook,L=menlopark,ST=California,C=US' -keysize 2048
 orapki wallet export -wallet  
 /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OHS/EBS_web_OMSUAT3/keystores/default -dn  'CN=prn-
 omguatapp04.thefacebook.com,OU=infra,O=facebook,L=menlopark,ST=California,C=US' -request /oraclesw/ssl_new/prn-omguatapp04_ohs.csr
Submit a Certificate Request
https://certs.thefacebook.com/certsrv/ generated cer file and download certificate chain.
 create root ,intermediate and server certificate from certification chain .
Below commands to add cer root,intermediate and server to wallet.
orapki wallet add -wallet   
 /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OHS/EBS_web_OMSUAT3/keystores/default -trusted_cert -cert /oraclesw/ssl_new/root_ap04.cer
 orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OHS/EBS_web_OMSUAT3/keystores/default -trusted_cert -cert /oraclesw/ssl/root_int_ap04.cer
 orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OHS/EBS_web_OMSUAT3/keystores/default -user_cert -cert /oraclesw/ssl/prn-omguatapp04_server.cer
copy cwallet.sso and ewallet.p12 to below location
/opt/app/OMSUAT3/fs_ne/inst/OMSUAT3_prn-omguatapp04/certs/Apache
/opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OHS/EBS_web_OMSUAT3/proxy-wallet
/opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OPMN/opmn/wallet
Verification:
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OHS/EBS_web_OMSUAT3/keystores/default
 orapki wallet display -wallet /opt/app/OMSUAT3/fs_ne/inst/OMSUAT3_prn-omguatapp04/certs/Apache
 orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OHS/EBS_web_OMSUAT3/proxy-wallet
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS1/config/OPMN/opmn/wallet
Update JDK Cacerts File
cd /opt/app/OMSUAT3/fs1/EBSapps/comn/util/jdk64/jre/lib/security

 keytool -import -alias OHSServer -file /oraclesw/ssl_new/prn-omguatapp04.cer -trustcacerts -v -keystore cacerts
 keytool -import -alias OHSIntCA -file /oraclesw/ssl_new/root_int-ap04.cer -trustcacerts -v -keystore cacerts
 keytool -import -alias OHSRootCA -file /oraclesw/ssl_new/root_ap04.cer -trustcacerts -v -keystore cacerts
Node : prn-omguatapp05.thefacebook.com (http://prn-omguatapp05.thefacebook.com/)
/opt/app/OMSUAT3/fs1/FMW_Home/oracle_common/bin/orapki wallet create -wallet   
 /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OHS/EBS_web_OMSUAT3/keystores/default -auto_login

 orapki wallet add -wallet  
 /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OHS/EBS_web_OMSUAT3/keystores/default -dn 'CN=prn-
omguatapp05.thefacebook.com,OU=infra,O=facebook,L=menlopark,ST=California,C=US' -keysize 2048
 orapki wallet export -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OHS/EBS_web_OMSUAT3/keystores/default -dn 'CN=prn-
omguatapp05.thefacebook.com,OU=infra,O=facebook,L=menlopark,ST=California,C=US' -request /oraclesw/ssl_new/prn-omguatapp05_ohs.csr

Submit a Certificate Request
https://certs.thefacebook.com/certsrv/ generated cer file and download certificate chain.
 create root ,intermediate and server certificate from certification chain .
Below commands to add cer root,intermediate and server to wallet.
orapki wallet add -wallet  /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OHS/EBS_web_OMSUAT3/keystores/default -trusted_cert -cert /oraclesw/ssl_new/root_ap05.cer
 orapki wallet add -wallet  /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OHS/EBS_web_OMSUAT3/keystores/default -trusted_cert -cert /oraclesw/ssl_new/root_int_ap05.cer
 orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OHS/EBS_web_OMSUAT3/keystores/default -user_cert -cert /oraclesw/ssl_new/prn-omguatapp05_server.cer
copy cwallet.sso and ewallet.p12 to below location
<code>
/opt/app/OMSUAT3/fs_ne/inst/OMSUAT3_prn-omguatapp05/certs/Apache
/opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OHS/EBS_web_OMSUAT3/proxy-wallet
/opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OPMN/opmn/wallet
verification:
orapki wallet display -wallet  
 /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OHS/EBS_web_OMSUAT3/keystores/default
 orapki wallet display -wallet /opt/app/OMSUAT3/fs_ne/inst/OMSUAT3_prn-omguatapp05/certs/Apache
 orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OHS/EBS_web_OMSUAT3/proxy-wallet
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS2/config/OPMN/opmn/wallet
Update JDK Cacerts File
cd /opt/app/OMSUAT3/fs1/EBSapps/comn/util/jdk64/jre/lib/security

 keytool -import -alias OHSServer -file /oraclesw/ssl_new/prn-omguatapp05.cer -trustcacerts -v -keystore cacerts
 keytool -import -alias OHSIntCA -file /oraclesw/ssl_new/root_int_ap05.cer -trustcacerts -v -keystore cacerts
 keytool -import -alias OHSRootCA -file /oraclesw/ssl_new/root_ap05.cer -trustcacerts -v -keystore cacerts
Node : prn-omguatapp06.thefacebook.com (http://prn-omguatapp06.thefacebook.com/)
/opt/app/OMSUAT3/fs1/FMW_Home/oracle_common/bin/orapki wallet create -wallet  
 /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS3/config/OHS/EBS_web_OMSUAT3/keystores/default -auto_login
 orapki wallet add -wallet  /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS3/config/OHS/EBS_web_OMSUAT3/keystores/default -dn 'CN=prn-
 omguatapp06.thefacebook.com,OU=infra,O=facebook,L=menlopark,ST=California,C=US' -keysize 2048
 orapki wallet export -wallet   /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS3/config/OHS/EBS_web_OMSUAT3/keystores/default -dn 'CN=prn-
 omguatapp06.thefacebook.com,OU=infra,O=facebook,L=menlopark,ST=California,C=US' -request /oraclesw/ssl_new/prn-omguatapp06_ohs.csr
Submit a Certificate Request
https://certs.thefacebook.com/certsrv/ generated cer file and download certificate chain.
 create root ,intermediate and server certificate from certification chain .
Below commands to add cer root,intermediate and server to wallet.
orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS3/config/OHS/EBS_web_OMSUAT3/keystores/default -trusted_cert -cert /oraclesw/ssl_new/root_ap06.cer
orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS3/config/OHS/EBS_web_OMSUAT3/keystores/default -trusted_cert -cert /oraclesw/ssl_new/root_int_ap06.cer
orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS3/config/OHS/EBS_web_OMSUAT3/keystores/default -user_cert -cert /oraclesw/ssl_new/prn-omguatapp06_server.cer
Verification:
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS3/config/OHS/EBS_web_OMSUAT3/keystores/default
orapki wallet display -wallet /opt/app/OMSUAT3/fs_ne/inst/OMSUAT3_prn-omguatapp06/certs/Apache
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS3/config/OHS/EBS_web_OMSUAT3/proxy-wallet
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS3/config/OPMN/opmn/wallet
Update JDK Cacerts File
cd /opt/app/OMSUAT3/fs1/EBSapps/comn/util/jdk64/jre/lib/security

keytool -import -alias OHSServer -file /oraclesw/ssl_new/prn-omguatapp06.cer -trustcacerts -v -keystore cacerts
keytool -import -alias OHSIntCA -file /oraclesw/ssl_new/root_int_ap06.cer -trustcacerts -v -keystore cacerts
keytool -import -alias OHSRootCA -file /oraclesw/ssl_new/root_ap06.cer -trustcacerts -v -keystore cacerts
Node : prn-isupplyuatweb04
/opt/app/OMSUAT3/fs1/FMW_Home/oracle_common/bin/orapki wallet create -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS5/config/OHS/EBS_web_OMSUAT3/keystores/default -auto_login
orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS5/config/OHS/EBS_web_OMSUAT3/keystores/default -dn 'CN=prn-isupplyuatweb04.thefacebook.com,OU=infra,O=facebook,L=menlopark,ST=California,C=US' -keysize 2048
orapki wallet export -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS5/config/OHS/EBS_web_OMSUAT3/keystores/default -dn 'CN=prn-isupplyuatweb04.thefacebook.com,OU=infra,O=facebook,L=menlopark,ST=California,C=US' -request /home/applmgr/ssl/prn-isupplyuatweb04.csr
Submit a Certificate Request
https://certs.thefacebook.com/certsrv/ generated cer file and download certificate chain.
 create root ,intermediate and server certificate from certification chain .
Below commands to add cer root,intermediate and server to wallet.
orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS5/config/OHS/EBS_web_OMSUAT3/keystores/default -trusted_cert -cert /home/applmgr/ssl/root_isupp04.cer
orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS5/config/OHS/EBS_web_OMSUAT3/keystores/default -trusted_cert -cert /home/applmgr/ssl/root_int_isupp04.cer
orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS5/config/OHS/EBS_web_OMSUAT3/keystores/default -user_cert -cert /home/applmgr/ssl/prn-isupplyuatweb04.cer
verification:
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS5/config/OHS/EBS_web_OMSUAT3/keystores/default
orapki wallet display -wallet /opt/app/OMSUAT3/fs_ne/inst/OMSUAT3_prn-isupplyuatweb04/certs/Apache
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS5/config/OHS/EBS_web_OMSUAT3/proxy-wallet
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS5/config/OPMN/opmn/wallet


Update JDK Cacerts File
<code>
cd /opt/app/OMSUAT3/fs1/EBSapps/comn/util/jdk64/jre/lib/security
keytool -import -alias OHSServer1 -file /home/applmgr/ssl/root_isupp04.cer -trustcacerts -v -keystore cacerts
keytool -import -alias OHSIntCA1 -file /home/applmgr/ssl/root_int_isupp04.cer -trustcacerts -v -keystore cacerts
keytool -import -alias OHSRootCA -file /home/applmgr/ssl/prn-isupplyuatweb04.cer -trustcacerts -v -keystore cacerts
Node : prn-isupplyuatweb03
/opt/app/OMSUAT3/fs1/FMW_Home/oracle_common/bin/orapki wallet create -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS4/config/OHS/EBS_web_OMSUAT3/keystores/default -auto_login

orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS4/config/OHS/EBS_web_OMSUAT3/keystores/default -dn 'CN=prn-isupplyuatweb03.thefacebook.com,OU=infra,O=facebook,L=menlopark,ST=California,C=US' -keysize 2048
orapki wallet export -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS4/config/OHS/EBS_web_OMSUAT3/keystores/default -dn 'CN=prn-isupplyuatweb03.thefacebook.com,OU=infra,O=facebook,L=menlopark,ST=California,C=US' -request /home/applmgr/ssl/prn-isupplyuatweb03.csr
Submit a Certificate Request
https://certs.thefacebook.com/certsrv/ generated cer file and download certificate chain.
 create root ,intermediate and server certificate from certification chain .
Below commands to add cer root,intermediate and server to wallet.
orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS4/config/OHS/EBS_web_OMSUAT3/keystores/default -trusted_cert -cert /home/applmgr/ssl/root_isupp03.cer
orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS4/config/OHS/EBS_web_OMSUAT3/keystores/default -trusted_cert -cert /home/applmgr/ssl/root_int_isupp03.cer
orapki wallet add -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS4/config/OHS/EBS_web_OMSUAT3/keystores/default -user_cert -cert /home/applmgr/ssl/prn-isupplyuatweb03.cer
verification:
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS4/config/OHS/EBS_web_OMSUAT3/keystores/default
orapki wallet display -wallet /opt/app/OMSUAT3/fs_ne/inst/OMSUAT3_prn-isupplyuatweb03/certs/Apache
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS4/config/OHS/EBS_web_OMSUAT3/proxy-wallet
orapki wallet display -wallet /opt/app/OMSUAT3/fs1/FMW_Home/webtier/instances/EBS_web_OMSUAT3_OHS4/config/OPMN/opmn/wallet
Update JDK Cacerts File
cd /opt/app/OMSUAT3/fs1/EBSapps/comn/util/jdk64/jre/lib/security
keytool -import -alias OHSServer1 -file /home/applmgr/ssl/root_isupp03.cer -trustcacerts -v -keystore cacerts
keytool -import -alias OHSIntCA1 -file /home/applmgr/ssl/root_int_isupp03.cer -trustcacerts -v -keystore cacerts
keytool -import -alias OHSRootCA -file /home/applmgr/ssl/prn-isupplyuatweb03.cer -trustcacerts -v -keystore cacerts

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)