Thursday, March 15, 2012

Stand alone OHS 11g Silent Installation in RHEL

1.1    RHEL Package Requirements

Oracle HTTP Server 11g 32-Bit RHEL Packages
Sr.No. Package Justification
1gcc-4.1.0-28.4OHS installation package dependency.
2gcc-c++-4.1.0-28.4OHS installation package dependency.
3setarch-1.6-1 OHS installation package dependency.
4sysstat-5.0.5-1OHS installation package dependency.
5libstdc++-4.1.0-28.4OHS installation package dependency.
6libstdc++-devel-4.1.0-28.4 OHS installation package dependency.
7compat-libstdc++-296-2.96-132.7.2OHS installation package dependency.
8compat-db-4.1.25-9OHS installation package dependency.
9 control-center-2.8.0-12OHS installation package dependency.
10glibc-common-2.3.4-2.9 OHS installation package dependency.
11binutils-2.16.91.0.5-23.4OHS installation package dependency.
12make-3.80-202.2OHS installation package dependency.
13 elfutils-develOHS installation package dependency.
14glibc-develOHS installation package dependency.
15libaio-0.3OHS installation package dependency.
16 libaio-devel-0.3OHS installation package dependency.

 

1.2   RHEL System File Requirements

Oracle Fusion Middleware  RHEL System Files
FileAdd/ChangeJustification
/etc/security/limits.conforacle       soft    nofile          4096oracle       hard    nofile          65536Append the required Kernel Parameters for proceeding OHS 11g Installer.

 

1.3    IP Table Requirements

OFM IP Server Table Requirements
PortProtocol UDP/TCPSource IP/Network Destination IP/Network
7777TCPOHS Install Server Local Secure Network
4443TCPOHS Install ServerLocal Secure Network

 

1.4    Oracle HTTP Server 11g 32-Bit Web Server Installation 1)

1) The Silent Install feature works on the principle of reading an input file which contains all parameter values required during installation, processing these values, and then applying these values automatically. This process of installation avoids almost all human interaction with the system during the installation process – via GUI or command line.

2) The Silent Installation process necessitates editing the input file – called a "Response File" – with the applicable parameter values. This section describes the process of Silent Installation, and highlights the parameters that should be changed per environment as applicable.

3) The input parameter file – called a Response File – have to be edited. The default Response Files are located in the installation directory (eg: /u01/OHS_32Bit/Disk1/stage/Response/) on the Linux server.

4) Use the following embedded file as your input Response File: WebTierInstallAndConfigure.rsp.

This has been optimized to use only those parameters applicable for an OHS 11g installation. Please edit the parameter values listed in Table: WebTierInstallAndConfigure parameters.

After the changes, this file has to be copied to the default installation location (as specified above), replacing the existing file.

5) Edit the following parameter names with values provided in the table below

Table 1: WebTierInstallAndConfigure parameters

Sl NoResponse File Parameter NameSample Value
1.   INSTALL AND CONFIGURE TYPEtrue
2.   INSTALL AND CONFIGURE LATER TYPE false
3.   ORACLE_HOME/u01/app/oracle/product/ohs
4.   INSTANCE_HOME/u01/app/oracle/product/ohs/instances/instance1
5.   INSTANCE_NAME instance1 
6.   AUTOMATIC_PORT_DETECTtrue 
7.   CONFIGURE_OHStrue 
8.   CONFIGURE_WEBCACHE false
9.   OHS_COMPONENT_NAMEohs1
10.    ASSOCIATE_WEBTIER_WITH_DOMAINfalse

Tip: This module is to be executed on the OHS 32-Bit Server.

6) Create the oraInst.loc File:

The installer uses the Oracle inventory directory to keep track of all Oracle products installed on a system. Location of the Inventory Directory is specified in a file named oraInst.loc. This file is created when the first Oracle product is installed in a system. If this file does not already exist on the system, you must create it before starting the OHS installation.

7) Perform the following steps to create the oraInst.loc file (only if it does not exist):

a) Log in as the root user.

b) Using a text editor such as vi, create the oraInst.loc file in /etc by updating the required parameters with valid values.

Figure 1 : Create oraInst.loc

8) On the OHS 11g installer directory, issue the following command to run silent installation.

./runInstaller –silent responseFile <Installer Location>/Disk1/stage/Response/ WebTierInstallAndConfigure.rsp

9) The silent installation and configuration should proceed as depicted in the screen print below.

Figure 2 : OHS Installation Pre-requisites Check In Progress

Figure 3 : OHS Installation Completes Successfully.

10) Test OHS11g Web Server page is by accessing URL (http://<OHS-32Bit-OAMWebPass-FQDN>:7777/) should depict in the screen shot below.

                          

Figure 4 : OHS 11g Test Page Screen


Posted by at No comments:

SSL Configuration in WAS7.0

PHASE 1:
--------

Following link

Creating certificate signing requests
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/topic/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/tsec_csr.html

1. Start the key management utility if it is not already running.

2. Open the key database file from which you want to generate the request.

opened key.p12 located under
/usr/websphere/appserver/profiles/Apprsv01/config/cell/cellname/nodes/nodename

Key Database type : pkcs12

default password : WebAS

3. Type the password and click OK.

4. Click Create > New Certificate Request. The Create New Key and
Certificate Request window displays.

5. Type a Key Label, a Common Name, and Organization; and select a
Country. For the remaining fields, accept the default value, type a
value, or select new values. The common name must be valid in the
configured user registry for the secured WebSphere environment.

6. Type in a name for the file, such as certreq.arm.

7. Click OK to complete.

8. Optional: On UNIX-based platforms, remove the end of line
characters (^M) from the certificate signing request. To remove the
end of line characters, type the following command:

cat certreq.arm |tr -d "\r" > new_certreq.arm

9. Send the certreq.arm file to the certificate authority (CA)
following the instructions from the CA Web site for requesting a new
certificate.


PHASE 2:
--------

Once you submit the certificate signing request, wait for the CA to
accept the request. After the CA has verified your identity, it sends
back the signed certificate usually through e-mail Receive the signed
certificate back to the keystore file from which you generated the
CSR.

However before receiving the signed certificate back to the keystore..
you need to add your internal CA root or intermediate Certificate
under singer certificate of key.p12 and trust.p12

Root and Class 2 certificates.. this need to be added under singer
certificate of key.p12 and trust.p12


PHASE 3:
--------

Following link

Receiving certificate authority-signed personal certificates
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/topic/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/tsec_ksrr.html

# Open the key database file from which you generated the request.

open key.p12 located under
/usr/websphere/appserver/profiles/Apprsv01/config/cell/cellname/nodes/nodename

Key Database type : pkcs12

default password : WebAS

# Type the password and click OK.

# Select Personal Certificates from the pull-down list.

# Click Receive.

# Click Data type and select the data type of the new digital
certificate, such as Base64-encoded ASCII data. Select the data type
that matches the CA-signed certificate. If the CA sends the
certificate as part of an E-mail message, you may first need to cut
and paste the certificate into a separate file.

# Type the certificate file name and location for the new digital
certificate, or click Browse to locate the CA-signed certificate.

# Click OK.

# Type a label for the new digital certificate and click OK.

Results
The personal certificate list now displays the label you just gave for
the new CA-signed certificate.


PHASE 4:
---------

Replace the default certificate with your CA certificate using Adminconsole.

1) Under adminconsole Security > SSL certificate and key management >
Key stores and certificates >NodeDefaultKeyStore > Personal
certificates

2) Select the default certificate and click Replace

3) On the next screen, you are able to choose which certificate will
replace the default certificate. Accept your new certificate.

select the Delete old certificate after replacement or Delete old signers

Accept your new certificate and any browser if it prompts.

Click oK and save the changes..

4) Under adminconsole Security > SSL certificate and key management >
Key stores and certificates >NodeDefaultKeyStore > Personal
certificates


On this screen select the default certificate and click Delete. Click
OK and Save the changes.

5) Copy this existing key.p12 and trust.p12
for example
From
usr/websphere/appserver/profiles/Apprsv01/config/cell/cellname/nodes/nodename

To
usr/websphere/appserver/profiles/Apprsv01/etc

6) Start the application server

TESTING
--------

How to test application on Websphere and to make sure it using new certificate:


Using IE Access the adminconsole or your application using https port
for example

https://appserver:9043/ibm/console ( for adminconsole example)

https://Appserver:9044/App ( for application example)

you will see the certificate in the browser and make sure it is your CA cert..

If so then Websphere is using your CA cert

Posted by at No comments:
Subscribe to: Posts (Atom)