Expiration Checklist for Fusion Applications

February 3, 2013, 3:00 am

≫ Next: Fusion Applications

≪ Previous: Super User/Role setup for Common Implementation of Fusion Apps

$

0

0

Two main things when expired will significantly affect the operations of Fusion Applications. These are database passwords and certificates. As such these expiration dates need to be checked and maintained properly.

Check for expiring database account passwords

Fusion Applications have many schema users in the Fusion Application database.  Many of these schema users by default have no expiry date, however some do.  You can check the expiration date for these passwords using sqlplus and connecting to the FA database as sys.  Use the following command to check the expiry_date:

 

select username, account_status, expiry_date, sysdate from dba_users where expiry_date is not null;

 

TODO:  Keep track of when database accounts will expire.  When the database accounts will soon expire, update the accounts and reset the expiry_date according to your established corporate security policy requirements.  Note: You can reuse the existing password when resetting these schema accounts.

 

Check for expiring certificates

Fusion Application will fail when certificates expire.  It’s important to check all certificate stores (JKS for WebLogic and PKCS#12 for OHS) for expiring keys and certificates so that they can be renewed in a controlled and timely manner.

 

For Fusion JKS Certificates Stores

You should maintain a list of all certificate stores so that they can be located easily.  

The fusion jks stores are fusion_trust.jksand <hostname>_fusion_identity.jks in APPLICATIONS_BASE/fusionapps/wlserver_10.3/server/lib. 

 

For each JKS store, use keytool to examine the contents, noting the expiration date for each key and certificate:

 

$JAVA_HOME/bin/keytool -list -v -keystore <keystore filename>

 

 

Note:  fusion_trust.jks contains the keys and certificates in each of the <hostname>_fusion_identity.jks.  When replacing the key and certificates, you must replace each <hostname>_fusion_identity.jks and fusion_trust.jks separately.

 

For Webgate Certificate

You should note down the expiration date of the webgate certificate and replace them as appropriate.  The webgate certificate is in APPLICATIONS_CONFIG/CommonDomain_webtier/config/OHS/ohs1/webgate/config/simple. To check the certificate expiration date, use keytool to examine the contents:

$JAVA_HOME/bin/keytool -printcert -v -file aaa_cert.pem

 

 

For PKCS#12 Certificates Stores

The location of the certificate stores used by FA OHS instances can be found in the OHS configuration files. The following example shows how to determine this:

cd APPLICATIONS_CONFIG/CommonDomain_webtier/config/OHS/ohs1

 

cat *.conf ./moduleconf/*.conf | grep SSLWallet filename

 

Each of these should be opened with the orapki utility to examine the content and verify the certificate expiration. The orapki utility is described in detail here:

 

http://docs.oracle.com/cd/E16340_01/core.1111/e10105/walletmgr.htm#CDEFHBGA

 

 

 

 

---

Fusion Applications

February 19, 2013, 11:58 am

≫ Next: OAM and OIM Config changes for Split Profile ( Split Profile Configuration -Part 2)

≪ Previous: Expiration Checklist for Fusion Applications

$

0

0

Provides information about Fusion Application architecture with respect to High Availability, RAC, Exadata, Exalogic, Disaster Recovery, Performance, Virtualization options, OVM Templates, Topology considerations and general information on Fusion Application’s use of Fusion Middleware. The information found here is intended for on-premise customers. The best practices and operational aspects of the content in this site is […]

OAM and OIM Config changes for Split Profile ( Split Profile Configuration -Part 2)

April 26, 2017, 12:23 pm

≫ Next: Index of Architecture articles

≪ Previous: Fusion Applications

$

0

0

In my previous post i have discussed split profile set up scenario with AD and OID in Fusion Applications IDM Environment and how to create Adapters in OVD  for consolidating the two directory servers AD and OID.Adapters configuration alone is not...

Index of Architecture articles

February 26, 2013, 8:20 pm

≫ Next: Index of BI and Reporting articles

≪ Previous: OAM and OIM Config changes for Split Profile ( Split Profile Configuration -Part 2)

$

0

0

Below you will find a variety of articles that help you design an Architecture for Fusion Apps that is in line with Oracle’s best practices.  In addition, you will also find articles that are related to Fusion Apps, and also to Architecture, but which address a specific issue by describing ways of solving the issue […]

Index of BI and Reporting articles

February 26, 2013, 8:30 pm

≫ Next: Index of Diagnosis and Troubleshooting articles

≪ Previous: Index of Architecture articles

$

0

0

Provides information on how Fusion Applications makes use of BI, both in terms of OTBI as well as the warehouse option for Fusion Applications. The information found here is intended for on-premise customers. The best practices and operational aspects of the content in this site is a service provided as a part of the Fusion […]

Index of Diagnosis and Troubleshooting articles

February 26, 2013, 8:41 pm

≫ Next: Index of Extensibility and Customization articles

≪ Previous: Index of BI and Reporting articles

$

0

0

Highlights diagnostic best practices and provides useful tips and tricks designed to speed time to resolution. The information found here is intended for on-premise customers. The best practices and operational aspects of the content in this site is a service provided as a part of the Fusion Applications Cloud offering.

Index of Extensibility and Customization articles

February 26, 2013, 8:43 pm

≫ Next: Index of Security articles

≪ Previous: Index of Diagnosis and Troubleshooting articles

$

0

0

Fusion Apps will become part of a larger architecture that supports your enterprise. Understanding how to extend, and customize Fusion Apps will help you solve for the future in less time. The information found here is intended for on-premise customers. The best practices and operational aspects of the content in this site is a service […]

Index of Security articles

February 27, 2013, 8:40 pm

≫ Next: Discover Utility : A Tool to Collect Comprehensive Configuration Details of a Fusion Applications Instance

≪ Previous: Index of Extensibility and Customization articles

$

0

0

In-depth information about the Fusion App’s security model, including how to integrate it with existing Identity and Access Management systems. The information found here is intended for on-premise customers. The best practices and operational aspects of the content in this site is a service provided as a part of the Fusion Applications Cloud offering.

---

Discover Utility : A Tool to Collect Comprehensive Configuration Details of a Fusion Applications Instance

October 19, 2017, 10:38 am

≪ Previous: Index of Security articles

$

0

0

Introduction Oracle Fusion Applications is a large collection of artifacts at various levels – from Application Modules,URLs and Web services at the top levels to storage, hostnames and IPs at the lower layers with numerous connection and configuration settings and tunable parameters within and across the various products in different layers.  Often administrators need values […]