Tuesday, August 31, 2010

SOA MDS partition not found

you have created connection to SOA Suite 11g application server

Connection is working fine and its test result shows success.

Now you are trying to deploy a process to the server.

While deploying you first come to Deployment action

Then deploy configuration

Then select SOA SErver

when you select your server and say next you come up with a screen

That SOA MDS partition not found



All the buttons are disabled and you are stuck on how to deploy the process.



This error mainly occurs if your database and listener is not up and running properly.

If it is up and running ensure that you have soa-infra component in active state

in weblogic deployment.


Further you need to verify the target server is mentioned for admin server and managed server or not.Please specify the ip address of the machine in the target server for both admin server and managed server.

Log in to admin console

click on admin server

go to general configuration and specify the ip address in taret server
do the same for managed server also.

Restart the server and your issue will be resolved.
Posted by at 2 comments:

Monday, August 30, 2010

Not able to start managed server from admin console

You have done a fresh installation of weblogic server and have created a managed server also.

YOu are able to start the managed server from command console but when you are trying to start your managed server from admin console you are getting authentication error.

To over come this issue first of all ensure that you have node manager up and running because node manager is required to be up and running for managed server to be started from remote server,Now you need to go the following location


BEA_HOME|user_projects\domains\your domain\soa server\security


folder and there create a new file name it as boot.properties

and define these two parameters in there

username=<UserName>
password=<Password>


Here user name will be the name of user generally weblogic and password will be the password required to log in to the console.

Once you have done these changes you can restart your server and try to start your server from admin console it should work this time.
Posted by at No comments:

Saturday, August 28, 2010

Configuring HTTP Server to use SSL in Oracle Application Server

If you have a ready certificate in your wallet then these are the steps that you need to follow in order to configure your http server to use ssl in soa suite.

Select Wallet -> AutoLogin so that it is checked.

It will create a file cwallet.sso in the location where your wallet is saved.

By default All SSL related information are stored in the following file:

SOA_HOME/Apache/Apache/conf/ssl.conf

if you will open this file you will find an entry like this

Listen 4444

<VirtualHost _default_:4444>

# General setup for the virtual host
DocumentRoot "C:\product\10.1.3.1\OracleAS_1\Apache\Apache\htdocs"
ServerName ARAHI-PC2.in.oracle.com
ServerAdmin you@your.address
ErrorLog "|C:\product\10.1.3.1\OracleAS_1\Apache\Apache\bin\rotatelogs logs/error_log 43200"
TransferLog "|C:\product\10.1.3.1\OracleAS_1\Apache\Apache\bin\rotatelogs logs/access_log 43200"
Port 4444


For SSL to work, the SSL 'Listen' port must be same as the "VirtualHost _default_" property within the file.


when we install SOA Suite it by default sets a ssl port which in our case is 4444

As you can see linsten and VirtualHost _default_ is set to same value 4444

so even if we will try to open our bpel console through https://host:port/BPELConsole

we will get certificate exception if we will try to get the certificate that will be the default certificate that is generated by the soa suite during installation.

But our purpose here is to use our own certificate for ssl authentication.


Also you can see server wallet

# Server Wallet:
# The server wallet contains the server's certificate, private key
# and trusted certificates. Set SSLWallet at the wallet directory
# using the syntax: file:
SSLWallet file:C:\product\10.1.3.1\OracleAS_1\Apache\Apache\conf\ssl.wlt\default

if you will go to this location you will find a file named as ewallet.p12

this is the default wallet generated by soa suite.

We will just replace this wallet by the wallet that we have created in our previous exercise.

so the only change i will do is

SSLWallet file:D:/OCA/Wallet.

This is the location where in i have stored my wallet.

I will use the same port 4444 for ssl authentication.

This is configuration in soa suite 10.1.3.X

as by default ssl is on in 10.1.3.x version but for 10.1.2.x the configuration is different but we need not bother about that as it is obsolete version.

So once we have done the changes just restart the server and now try to log in to the BPEL Console using ssl port

https://host:port/BPELConsole


you will get an exception




if you will try to get the exception you will get something like this




try to view the certificate

click on view and you can see that it is same certificate which has been verified by verisign for trail purpose only.



So once you accept this you can view the console.

So this is how big companies use some third party certification authority and use it for ssl authentication.
Posted by at 2 comments:

Friday, August 27, 2010

Using Oracle Wallet Manager to request a certificate and validate from OCA

To start Wallet Manager,go to

Start -> Programs -> OracleAS 10g - ORACLE_HOME -> Integrated Management Tools -> Wallet Manager



Create a new wallet

Select Wallet -> New
Enter a password for the wallet

Specify Wallet Type: Standard
And say yes








Export the certificate to some local file directory


Save the certificates with .cer format

Create a new directory where in you will store all the files.



Open the .csr file thus created and copy the contents of the certifícate


Log in to https:host:sslport/oca/user

Navigate to Server/sub ca certificates

and create a new request



copy the content of certificate to pkcs request




and submit the request

You will get a request corresponding to that as shown



now log in to admin page by logging in to

https:host:sslport/oca/admin and switch to certificate management tab

There you will get a pending request with the same user id for which certificate has been requested.



click on view button and approve it.


it will again generate a certificate with some certificate id




copy this certification id and now log in to the user console

https:host:ssport/oca/user

and move to server/sub ca certificates and search with the certification id you will get it in the list now save this CA certificate as .crt file in the same location.



Again click on view details and view the certificate





This certificate will be saved as a base certificate



Similarly the ca certificate will be saved as a root certificate



Now once you have the certificate you can import it back to your wallet manager to change its status from pending to ready.

This can be done like this.



Now select the certificate which you have created




Well this really didn't worked for me as it was giving some error that ca certificate doesn't exist.

I left the plan to authenticate is from oca as OCA is not a product from 11g.

SO i rather gave the certification request to verisign,i used the trail version to get my certificate validated.


ONce validate when you will import your certificate status will be changed to ready



You can see that the issuer is Verisign trial version and it has also added some verisign trusted certificate.

There are other certification authority also but i am aware of verisign only you can do a google search and send your certificate to them to get it verified.

I believe now you have got some idea of how a certification authority works how wallet manager raise a certification request and how it is verified and completed.
Posted by at No comments:

Tuesday, August 24, 2010

Approving a Certificate by OCA Administrator

OCA administrator has the privilege to approve or reject any certificate that has been requested.

log in to following

https://host:sslport/oca/admin


and move to certificate management tab.




When I access the OCA admin page I can access the home page for this component, but when I click on any of the other tabs (Certificate Management, Configuration Management or View Logs) I get the error:

Error:
You are not authorized to perform this operation. (Jazn authorization failed)

I am trying to fix this issue for now

I followed these steps

1. I stopped the OCA service via the command line

2. I ran the command to regenerate the wallet:
ocactl generatewallet -type CA

3. I then started the OCA service via the command line.

Once I did this, I was able to access the admin page for OCA and enroll a new certificate request, which worked for me this time.

I again created a new manual request and now logged in to admin page and i was able to find it in the admin page.

The reason i am not pasting other details are that i did a lot of r&d and didn't keep track of all those but the steps provided only worked for me.



Now click on view and you will get details about the certificate.AS you can see it is in pending status.Go ahead and approve it.



As you can see it is approved and a serial number is assigned to it.YOu can use this serail number and find it in user page.



Now log in to the oca user page

https://host:sslport/oca/user and provide the serial id and click on go to find the certificate.



Click on view to find the certificate details



The reason for discussing OCA and about certificate is that we will be using these concepts for ssl authentication later.From 11g there is no OCA supported i believe we have to use third party as a certification authority like verisign.These articles will just give you an idea what goes behind the scene when we request for a certificate authentication.
Posted by at No comments:

Manual approval/Authentication from Certification Authority

Manual authentication process requires that the user should provide personal information as well as other necessary details in order to get the certificate from certification authority.Later based on the user credentials certification authority decide whether it has to approve the certificate or not.

log in to oca user page

https://host:sslport/oca/user

and click on manual authentication and say submit



Request for a certificate




Provide necessary information for certificate generation



and submit your request



you will get a reference id and information that administrator will contact you.

This is what happens in real time scenario.When you submit request to any certification authority it go through your credentials and then further communicate with you regarding the certificate if it finds everything correct it go ahead and provides a certificate.

In my case since i am the administrator i will go ahead and approve the certificated.
Posted by at No comments:

Use your existing certificate for SSL authentication

Please follow previous post to get more idea on the same

If a user has a valid certificate, he can use the same certificate to authenticate
from OCA for HTTPS.Oracle certification authority allows to use the existing certificate or it creates a new certificate for the use case.

log in to https://host:sslport/oca/user

and switch to user certificates tab.




Follow the same step what we have followed earlier.

get the certificate and import it in to your browser



You can see the new certificate thus generated

save the certificate







Now you have the certificate you can use it to authenticate your web service.
Posted by at No comments:

Monday, August 23, 2010

Requesting certificate for SSO Authentication

This exercise believe you already have completed the previous two post

Users can request for certificate based on sso,ssl or manual authentication from OCA.
In this exercise we will see how to generate a certificate for sso(single sign on).

For getting a certificate do the following

Log in to

https://host:sslport/oca/user

YOu will come up with a page like this,now go to User certificates tab






If the user have an SSO account, the certificate will be automatically generated and issued to the user.



login with your sso





say submit



following certificate will be generated.install it in browser for further sso authentication



Ok you can say ok and click on details to get details of the certificate

Posted by at No comments:

Enrolling as an administrator for OCA

For certificate management, the administrator must enroll by filling a form when first logged and then import his certificate.

do a opmnctl status-l to get the ssl port number of oca server



now log in to the oca admin by using the following url

https://host:sslport/oca/admin



Provide details in the next screen and say submit







Now if you will try to log in again you will find a different page.

YOu can go to browser setting and find that the certificate is imported in the browser



So now you can act as a certification authority
Posted by at No comments: