Node.js – Invoking Secured REST Services in Fusion Cloud – Part 1

Introduction This post focuses on invoking secured Fusion Cloud RESTFul services using Node.js. Part 1 is explicitly focused on the “GET” method. The assumption is that the reader has some basic knowledge on Node.js. Please refer to this link to download and install Node.js in your environment. Node.js is a programming platform that allows you to execute […]

How to Recover Initial Messages (Payload) from SOA Audit for Mediator and BPEL components

Introduction In Fusion Applications, the status of SOA composite instances are either running, completed, faulted or staled. The composite instances become staled immediately (irrespective of current status) when the respective composite is redeployed with the same version. The messages (payload) are stored in SOA audit tables until they are purged. The users can go through Enterprise […]

Introduction to the Sales Order Entry application

This post is part of a series on building a modern web-based interface for E-Business Suite using Oracle ADF with Oracle Service Bus providing services between EBS and the front end. Our (imaginary) client wants a new, modern, web-based Sales … Continue reading

Fusion Middleware and Certificate Expirations

I wanted to take a moment to blog about one of the most common, yet most easily preventable causes of middleware system outages.The cause is the expiration of digital certificates used in middleware infrastructure.

Certificates are used throughout many Oracle Fusion Middleware products for purposes of authentication and encryption.This includes:

  • Server certificates for SSL in OHS and WLS
  • Certificates used for intra and inter product transport communication in WLS, OAM, OAAM, OID, OVD, OIM, OSB etc…
  • Certificates used for signing and authentication in OWSM, WLS, OSB, OIF, and Oracle STS.

Despite the fact that digital certificates are such an integral part of middleware infrastructure, you might be surprised how many customers are not well organized about their PKI and in particular about when the different certificates in their infrastructure expire.

It is such a little, simple thing, but all it takes is one expired certificate in one middleware component to bring an application down.

I encourage you today to “not be that customer”, stay organized and keep track of when your certificates expire so that you can issue updated certificates before that happens.

A Note about OAM and the certificates used in Simple Mode

OAM has three different security “modes” for the communication done between the webgate (web server plug-in) and the OAM server component which processes authentication and authorization.These 3 modes are:

  • Open: Unencrypted communication
  • Simple: Communication over SSL using certificates generated by OAM using an Oracle CA certificate that comes with OAM.Simple mode is popular with customers who want to secure webgate to OAM server communication but don’t feel the need to use their own PKI infrastructure.
  • Cert: Communication over SSL using certificates issued by a third party CA.

The mode most relevant to this discussion on expiring certificates is simple mode where the certificates are generated automatically and may be out of sight and mind.

In OAM 10g the certificates are only issued with a validity period of one year by default.If you want to extend the validity period for the certificates generated in simple mode (and I recommend that you do), then follow the instructions in appendix F, section 2.9 of the OAM Identity Admin Guide:

In OAM 11g, the validity period of the certificates used in simple mode is 10 years, making early expiration of the certificates less of a problem.