Recreating an Oracle Middleware Central Inventory in the Oracle Public Cloud

Introduction This post provides a simple solution for recreating an Oracle Middleware software central inventory. One rare use case is when a server is lost and a new server is provisioned. The Middleware home may be on a storage device that can be reattached e.g. /u01. However, the central inventory may have been on a […]

EDI Processing with B2B in hybrid SOA Cloud Cluster integrating On-Premise Endpoints

Executive Overview SOA Cloud Service (SOACS) can be used to support the B2B commerce requirements of many large corporations. This article discusses a common use case of EDI processing with Oracle B2B within SOA Cloud Service in a hybrid cloud architecture. The documents are received and sent from on-premise endpoints using SFTP channels configured using […]

Identifying Underlying Middleware BI Software Versions within Fusion Applications

Introduction At times an administrator may need to identify which version of software one or more of the middleware components is within fusion applications.  Before downloading and installing ODI Studio, you would need to know which version of ODI that particular release of Fusion Applications was running. While this article references the BI software components, […]

Oracle GoldenGate in a distributed file system with file locking

Introduction This write up illustrates Oracle GoldenGate’s behavior in a distributed file system environment that supports file locking. Oracle GoldenGate(OGG) is very commonly used in an Oracle RAC environment. When OGG is installed in a distributed file system in a RAC environment, at any given time the OGG processes run in a single node of the cluster. To prevent accidental startup […]

Considerations for optimum use of the Oracle Fusion Middleware File and FTP Adapters when acquiring files

Introduction Careful consideration needs to be given to the manner in which files are created and written for (read) processing by the File and FTP Adapters Main Article Note Hereinafter the term “the Adapter” means either the File or FTP Adapter. The abbreviation EA means External Application. General usage of the Adapter The objective of […]

Adding and removing WebCenter Content cluster nodes

If you follow the Enterprise Deployment Guide, Fusion Middleware High Availability guide, or the support technote onexample steps for installing a multi node cluster of WebCenter Content 11g, they all cover establishing a multi node cluster using …

RCU cannot connect to database with SYS user

Today I found an interesting little issue when trying to use RCU to create schemas for a middleware installation.  RCU could not connect to the database with the SYS user.  I could connect with other users, like SYSTEM for example, … Continue reading

Fusion Middleware and Certificate Expirations

I wanted to take a moment to blog about one of the most common, yet most easily preventable causes of middleware system outages.The cause is the expiration of digital certificates used in middleware infrastructure.

Certificates are used throughout many Oracle Fusion Middleware products for purposes of authentication and encryption.This includes:

  • Server certificates for SSL in OHS and WLS
  • Certificates used for intra and inter product transport communication in WLS, OAM, OAAM, OID, OVD, OIM, OSB etc…
  • Certificates used for signing and authentication in OWSM, WLS, OSB, OIF, and Oracle STS.

Despite the fact that digital certificates are such an integral part of middleware infrastructure, you might be surprised how many customers are not well organized about their PKI and in particular about when the different certificates in their infrastructure expire.

It is such a little, simple thing, but all it takes is one expired certificate in one middleware component to bring an application down.

I encourage you today to “not be that customer”, stay organized and keep track of when your certificates expire so that you can issue updated certificates before that happens.

A Note about OAM and the certificates used in Simple Mode

OAM has three different security “modes” for the communication done between the webgate (web server plug-in) and the OAM server component which processes authentication and authorization.These 3 modes are:

  • Open: Unencrypted communication
  • Simple: Communication over SSL using certificates generated by OAM using an Oracle CA certificate that comes with OAM.Simple mode is popular with customers who want to secure webgate to OAM server communication but don’t feel the need to use their own PKI infrastructure.
  • Cert: Communication over SSL using certificates issued by a third party CA.

The mode most relevant to this discussion on expiring certificates is simple mode where the certificates are generated automatically and may be out of sight and mind.

In OAM 10g the certificates are only issued with a validity period of one year by default.If you want to extend the validity period for the certificates generated in simple mode (and I recommend that you do), then follow the instructions in appendix F, section 2.9 of the OAM Identity Admin Guide:

In OAM 11g, the validity period of the certificates used in simple mode is 10 years, making early expiration of the certificates less of a problem.