Saturday, October 17, 2015

Oracle Access Manager Upgrade from to - Part 3

Upgrade WebLogic and apply Mandatory Patch

1) Upgrade Oracle Weblogic Server to 10.3.6: 

2) Apply below Oracle Weblogic Server mandatory Patches as per below post:
  • Patch 18398295-FSG4
  • Patch 14404715-ZARV
  • Patch 16844206-NPM3
  • Patch 13114768-56MM
  • Patch 15865825-CM69
  • Patch 14809365-XA6W
  • Patch 13964737-YVDZ (JSSE patch. Required for WLS 10.3.6 with JDK 7)
  • Patch 14174803-IMWL (JSSE patch. Required for WLS 10.3.6 with JDK 7)
  • Patch 17938462-XECL(Required for WLS 10.3.6 with JDK 7 on Windows)
  • Patch 13351178-VRGR (Recommended)
Please perform Post Installation Steps for Patch 13964737 (YVDZ) as per READ ME of patch: 

Step 1) Set all environment variables:
$ cd /u01/oracle/middlewareoam/wlserver_10.3/server/bin
$ . ./ 

Step 2) Create a temp directory at below location:
$ cd /u01/oracle/middlewareoam/oracle_common/common
$ mkdir -p temp
$ cd temp
$ pwd
Step 3) Execute below command: 

$ java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey
Generating a certificate with common name HOSTNAMEand key strength 2048
issued by CA with certificate from /u01/oracle/middlewareoam/wlserver_10.3/server/lib/CertGenCA.der file and key from /u01/oracle/middlewareoam/wlserver_10.3/server/lib/CertGenCAKey.der file 

$ java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile demokey.der -keyfilepass DemoIdentityPassPhrase -certfile democert.der -alias demoidentity
No password was specified for the key entry
Key file password will be used
<Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify>
<Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify>
<Using default WebLogic SSL Hostname Verifier implementation.> 

Imported private key demokey.der and certificate democert.der into a new keystore DemoIdentity.jks of type jks under alias demoidentity 

$ cd /u01/oracle/middlewareoam/oracle_common/common/temp
$ ls
DemoIdentity.jks democert.der democert.pem demokey.der demokey.pem   

Step 4) Copy the newly generated DemoIdentity.jks to $WL_HOME/server/lib directory(back up the current DemoIdentity.jks) 
$ cd $WL_HOME/server/lib
$ mv DemoIdentity.jks DemoIdentity.jks_BKP
$ cd /u01/oracle/middlewareoam/oracle_common/common/temp
$ cp * /u01/oracle/middlewareoam/wlserver_10.3/server/lib 

Step 5) Delete the temporary directory.
$ cd /u01/oracle/middlewareoam/oracle_common/common
$ rm -rf temp; 

Step 6) Restart Weblogic to enable JSSE on the commandline(-Dweblogic.ssl.JSSEEnabled=true) or in the Admin console.
For Node Manager, use

No comments:

Post a Comment

Other Posts