Friday, April 26, 2019

Unable to remove Trust Certificate chain

It's been long time posting blogs

Using this note you can accomplish many things
1) Remove any trusted cert's from Oracle Wallet/Keystore
2) Remove a certificate chain from UserCertificate
3) Display/List the certificates in wallet/keystore
4) Add certificates to wallet/keystore
5) Convert JKS to Wallet
6) Convert Wallet to JKS
7) orapki commands
8) keytool commands


Ref:
Followed Oracle Notes Doc ID -- Note 2275107.1, 2405429.1,  ChainCert

One of my trusted cert (intermediate) in the chain has expired.  Following is the process I used to resolve the issue.

1)
Opened Oracle Wallet, tried deleting by right clicking on the certificate "Trusted certificate in use, deletion failed"   Note 2275107.1
*** After creating the note, I came to know another way is to remove the Original Certificate, and then all the trusted certificates, add the trusted certs back and then Original certificate.

2)
Tried deleting from command line
orapki wallet remove - wallet <location> -trusted_cert -dn 'CN=inter2' -pwd password 
PKI-04015: Trusted cert cannon be removed

3)  Convert Wallet to JKS

a) To Display what all the certificates in wallet
$ orapki wallet display -wallet <wallet_location>

b) Convert the wallet to JKS
orapki wallet pkcs12_to_jks -wallet <wallet_location> -pwd wallet_pwd -jksKeyStoreloc <path>/ewallet.jks -storepass <passwd>

c) Find the Alias of the TrustCert using keytool:
keytool -list -v -keystore <path_to_keystore_file>/ewallet.jks

Alias name: <alias_name>

d) Remove trusted certificate using the alias_name found above.
keytool -delete -alias 'alias_name' -keystore <path_to_keystore_file>/ewallet.jks

e) Run the keytool list command to confirm that the alias_name for the Trusted Certificate is gone.
keytool -list -v -keystore <path_to_keystore_file>/ewallet.jks

4) I Still saw the CertificateChain has the expired entries, googled and found a note

a) First, convert the keystore from JKS to PKCS12 (this and other commands will require password entry):
keytool -importkeystore -srckeystore old.jks -destkeystore old.p12 -deststoretype pkcs12

b) Next, export a PEM file with key and certs from the PKCS12 file:

openssl pkcs12 -in old.p12 -out pemfile.pem -nodes

c) Now simply use a text editor to edit pemfile.pem and remove the offending certificate (and its preceding "Bag Attributes").
Next, load the edited PEM file into a new PKCS12 file. You'll need to give the cert/key the appropriate keystore alias, e.g. "newcert", at this point

openssl pkcs12 -export -in pemfile.pem -name newcert -out new.p12

d) Finally, convert back from PKCS12 to JKS:
keytool -importkeystore -srckeystore new.p12 -destkeystore new.jks -srcstoretype pkcs12


5) Now convert back the JKS to Oracle Wallet
a) Create an empty wallet.  This will create a Password Protected Wallet (ie.  ewallet.p12 and cwallet.sso)
$MW_HOME/oracle_common/bin/orapki wallet create -wallet <wallet_location> -auto_login

b) Display the wallet contents
orapki wallet display -wallet <wallet_location>

c) Delete any trusted cert (if needed)
orapki wallet remove -wallet <wallet_location> -trusted_cert_all -pwd <wallet_pwd>

d) Convert JKS to a new Oracle Wallet
orapki wallet jks_to_pkcs12 -wallet <wallet_location> -pwd <wallet_pwd> -keystore <path_to_keystore_file>/ewallet.jks -jkspwd jks_pwd


6) To Add a trusted Cert to JKS or Wallet
orapki wallet add -wallet <location> -trusted_cert -cert newTrust.cer
keytool -import -file newTrust.cer -trustcacerts -alias newTrust -keystore ewallet.jks

Posted by Shyam Enuganti at 3:56 PM 0 comments

Monday, December 15, 2014

Delete Obsolete Products in R12.2


Use the following example to Delete Obsolete Products in R12.2
 
Issue:
Warning error In Patch Log

AD Worker warning:

 Product Data File
 /u01/app/dev/fs1/EBSapps/appl/admin/cupprod.txt
 does not exist for product "cup".
This product is registered in the database but the
above file does not exist in APPL_TOP.  The product
will be ignored without error.

Solution
File to execute:    $AD_TOP/patch/115/sql/addropschema.sql

SYNTAX
sqlplus apps/apps @ addropschema.sql <SYSTEM_Password> <APPLSYS_Schema> <Schema_Name>

Example
sqlplus apps/apps @addropschema.sql manager APPLSYS cup;

Posted by Shyam Enuganti at 7:55 PM 0 comments

Labels:

Find Version of Oracle Client / Database/ Last PSU Applied / Components Installed

Quick SQL's to find the versions


Question:
 How to find the version of Oracle Database;
Answer
Select * from v$version;
select * from product_component_version;

Question
How to find the PSU/CPU version that was last applied to database;
Answer
select * from dba_registry_history;

 Question
How to find the client version;
Answer
SELECT   DISTINCT   client_version FROM   v$session_connect_info;

 Question
How to find the components installed in the Oracle database
Answer
select * from dba_registry;

 

 Good Luck!

Posted by Shyam Enuganti at 7:45 PM 0 comments

Labels:

Monday, December 8, 2014

Oracle R12 Documentation

Oracle R12.2  Documentation URL

http://docs.oracle.com/cd/E26401_01/index.htm

Good Luck!

Posted by Shyam Enuganti at 3:31 PM 0 comments

Even after setting TMPDIR still need bigger /tmp during install of R12.2.4


This issue occurred when I was trying to upgrade 11i to R12.  This happened very early during install process.  

Issue: Installing of Weblogic Server fails
Error: Fatal Error: TXK Install Service  (oracle.apps.fnd.txk.config.WLSInstallerPatchActionNode.processState)
Resolution: I had set TMPDIR, TEMP, TMP environment variables to different mount point. But still rapidwiz is trying to use /tmp. After increasing the /tmp filesystem I was able to move forward with installation. You need at least 2 GB

Detail Log
Installing WebLogic Server.

Using /u01/app/dev/fs2/inst/apps/DEV_devsrvr1/temp/xmldocs/instWLS.xml

Executing command: /u01/r12stage/startCD/Disk1/rapidwiz/jre/Linux_x64/1.6.0/bin/java -cp /u01/app/dev/fs2/inst/apps/DEV_devsrvr1/temp/ASInstallHome/fnd/../j11067592_fnd.zip:/u01/app/dev/fs2/inst/apps/DEV_devsrvr1/temp/ASInstallHome/fnd/java/3rdparty/stdalone/xmlparserv2.zip -Doracle.apps.fnd.txk.env_home=/u01/app/dev/fs2/EBSapps/appl/admin/DEV_devsrvr1/ -Doracle.apps.fnd.txk.runtime.config=/u01/app/dev/fs2/inst/apps/DEV_devsrvr1/temp/xmldocs/instWLS.xml oracle.apps.fnd.txk.config.InstallService

Fatal Error: TXK Install Service

oracle.apps.fnd.txk.config.ProcessStateException: Weblogic Installer process failed : Exit=255 See log for details. CMD= /u01/app/dev/fs2/EBSapps/comn/util/jdk64/bin/java -Dspace.detection=false -jar /u01/ r12stage/TechInstallMedia/wls1036_generic/wls1036_generic.jar -mode=silent -silent_xml=/u01/app/dev/fs2/inst/apps/DEV_devsrvr1/temp/cfgHome/response/APPS_JAVA_HOME/txkWLS_1036_rsp.xml -log=/u01/app/dev/fs2/EBSapps/appl/admin/DEV_devsrvr1//logs/wls1036.log

    at oracle.apps.fnd.txk.config.WLSInstallerPatchActionNode.processState(WLSInstallerPatchActionNode.java:187)
    at oracle.apps.fnd.txk.config.PatchActionNode.processState(PatchActionNode.java:187)
    at oracle.apps.fnd.txk.config.PatchNode.processState(PatchNode.java:338)
    at oracle.apps.fnd.txk.config.PatchesNode.processState(PatchesNode.java:79)
    at oracle.apps.fnd.txk.config.InstallNode.processState(InstallNode.java:68)
    at oracle.apps.fnd.txk.config.TXKTopology.traverse(TXKTopology.java:594)
    at oracle.apps.fnd.txk.config.InstallService.doInvoke(InstallService.java:224)
    at oracle.apps.fnd.txk.config.InstallService.invoke(InstallService.java:237)
    at oracle.apps.fnd.txk.config.InstallService.main(InstallService.java:291)



Good Luck!

Posted by Shyam Enuganti at 2:44 PM 0 comments

Subscribe to: Posts (Atom)