Lil-Fox.NET - A blog about Middleware, Linux, scripting, my Christian Faith, good music and much more.

Wildcard certificate in WLS 11.1.1.6

Problem Description

One of our applications running on WLS 11.1.1.6 was making a call out to another application (in the cloud) which was using a wildcard certificate, however it was not working. They were getting SSL Handshake errors.

Observed Errors in WLS .log file after enabling SSL Debug

Error 1:

####<Jan 12, 2017 7:55:28 PM GMT> <Debug> <SecuritySSL> <hostname> <managedWlsServer> <[ACTIVE] ExecuteThread: ’24’ for queue: ‘weblogic.kernel.Default (self-tuning)’> <<WLS Kernel>> <> <005HUgPGK1l3r2^5xVL6iW00072p001rau> <1484250928162> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: ’24’ for queue: ‘weblogic.kernel.Default (self-tuning)’,5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).

javax.net.ssl.SSLException: Received fatal alert: handshake_failure

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1467)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1435)

Error 2:

####<Jan 12, 2017 7:57:22 PM GMT> <Debug> <SecuritySSL> <hostname> <managedWlsServer> <ExecuteThread: ‘0’ for queue: ‘weblogic.socket.Muxer’> <<WLS Kernel>> <> <> <1484251042205> <BEA-000000> <Exception processing certificates: peer not authenticated

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)

at weblogic.servlet.internal.VirtualConnection.initSSLAttributes(VirtualConnection.java:176)

at weblogic.servlet.internal.VirtualConnection.init(VirtualConnection.java:78)

Documents found on the net

https://blogs.oracle.com/sravansarraju/entry/wildcard_ssl_certificate_support_in

http://docs.oracle.com/cd/E23943_01/web.1111/e13707/ssl.htm#SECMG576 (search for wildcard or wildcard character)

Possible Solution

Go to WLS Admin Console.
Go to Environment -> Servers on the menu to the left.
Click on the managed server.
Click on the SSL tab at the top.
Take a Lock & Edit.
Click on Advanced.
Change Hostname Verification to “Custom Hostname Verifier”
In “Custom Hostname Verifier” text field put in “weblogic.security.utils.SSLWLSWildcardHostnameVerifier”
1. Example:
Save and activate the changes.
Restart the WLS instance.

*Note: We already have JSSE enabled, not sure if this makes any difference.

**Note: Thank you to the blog and doc above that I found on the internet for the info. I am only posting this in case I run into it again or if someone else does that maybe they can find it easier.

*** Note: this did not fix our issues, but I am not ruling out that it didn’t fix the wildcard certificate part.

Nodemanager issues

I have decided to start posting any nodemanager issues that I run into on here so that I can resolve them quicker in the future. I am going to try and keep updating this blog as I encounter them. I am doing this because I just spent the better part of 2 hours trying to figure out this first issue; while working on a 10g environment (long story, don’t ask lol). So here’s the first issue.

invalid (domain salt file not found) [10g]

So I had already setup the domain, machines, servers, etc and started up nodemanager using my fancy nmctl script (more on this in a later post) when I got to the point where I needed to start up the managed nodes. I went to the machine and clicked on monitoring (to make sure I could connect to it), and uh oh it said inactive. So I went to the nodemanager log file and found this handy dandy error message:

<Nov 17, 2016 11:20:17 AM> <Warning> <I/O error while reading domain directory: java.io.FileNotFoundException: Domain directory ‘/product/home/wlserver_10.3/common/nodemanager’ invalid (domain salt file not found)>
java.io.FileNotFoundException: Domain directory ‘/product/home/wlserver_10.3/common/nodemanager’ invalid (domain salt file not found)
at weblogic.nodemanager.server.DomainManager.initialize(DomainManager.java:81)
at weblogic.nodemanager.server.DomainManager.<init>(DomainManager.java:53)
at weblogic.nodemanager.server.NMServer.getDomainManager(NMServer.java:252)
at weblogic.nodemanager.server.Handler.handleDomain(Handler.java:218)
at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:109)
at weblogic.nodemanager.server.Handler.run(Handler.java:66)
at java.lang.Thread.run(Thread.java:619)

After googling and duckduckgoing (duckduckgo.com is a pretty nifty search engine btw) I found the answer to my issue. The nodemanager home enroll process must have broke somewhere. So to fix this issue, I had to do the following:

run setDomainEnv.sh ($domainHome/bin/setDomainEnv.sh), run wlst.sh ($productHome/wlserver_10.3/common/bin/wlst.sh).
connect to the admin server. Ex. connect(“user”,”password”,”adminHostname:port”)
Run the following command: nmEnroll(‘DomainHomeDir’,’NodemanagerHomeDir’) where DomainHomeDir=full path to the domain home, and NodemanagerHomeDir=full path to the nodemanager home directory.
Now make sure the nodemanager.domains file is located in the NodemanagerHomeDir and has the correct entry. (Ex. base_domain = /oracle/user_projects/domains/base_domain)

After doing this, my issue was resolved.

Reset a forgotten WebLogic Admin password 12.2.1

So, we will just say I ran a script to change the admin password on a domain today (the script had been tested and worked just fine before) and this time it changed the password, but I was not sure to what. I tried everything I could think of to revert the changes and also to get the password correct. Eventually I found this blog on the web (https://community.oracle.com/thread/1042715?tstart=0) well techinically the oracle community forum. I had to tweak it a little bit as it was meant for 11g and I am running 12c (12.2.1) but I was able to get it to work. I figured I would post here how (just in case it happens again lol)

Steps:

```
cd $DOMAIN_HOME/security
```

cp DefaultAuthenticatorInit.ldift /tmp/DefaultAuthenticatorInit.ldift.bak #Making a backup of the file.

java -cp $ORACLE_HOME/products/fmw1221/wlserver/server/lib/weblogic.jar:$CLASSPATH weblogic.security.utils.AdminAccount username newPassword .

Note: do not forget the . at the end of the 3rd command.

After completing the above steps I was able to login and fix everything.

Chosen By God

Been a little while since I last posted on here. There have been a couple of posts that I wanted to do, but just haven’t had the time to do them. I am currently taking my baptismal studies and have been getting to know God more and more with each study. I have to thank my Pastor for all his help, even though I went to a Christian school from grades 10-12 and knew the core of the beliefs it was great to understand how deep rooted they are in the Bible. I will talk more about that some other time though. Right now I want to put some thought on “Chosen By God”.

This is based off of a sermon my Pastor had a few weeks back, which impacted me after reading a few verses in Scripture. The first one is in Ephesians 1:4, “According as He hath chosen us in Him before the foundation of the world, that we should be holy and without blame before Him in love.” This is so awesome!! I read this as saying that God chose us even before the creation of the world, to be holy and blameless in His sight. And to love and be loved by our Lord. To further emphasize this a cross reference in my Bible lead me to, Romans 8:28 “And we know that all things work together for good to them that love God, to them who are the called according to his purpose.” This reassures us that God is working good things for those who love Him. So don’t get upset or down the next time something bad or unexpected happens, look up and love the Creator because you can rest assured that He is not looking to make you suffer (as I have heard many people do, example: something bad happens, and they blame it on Him), He is looking to make you happy and loves us even when we don’t deserve it.

I hear so many people say things like this:

‘I asked God to help me, and he didn’t.’ So many people are this way, only going to God when in trouble and lacking the faith that God is already right there next to you trying to help. They are wanting instant gratification instead of living with faith that God is always good and always here to help. This is a good verse I found in Scripture: Psalm 46:1-2 says “God is our refuge and strength, an ever-present help in trouble. Therefore we will not fear, though the earth give way and the mountains fall into the heart of the sea,” [NIV]

‘Obviously the man upstairs doesn’t care about me.’ If I had a nickel .. jk. I think this is a very over used and just not true statement. I have heard many different people say this for one reason or another and I just want to say that could not be more untrue. He loves us all. Romans 8:39 says “Nor height, nor depth, nor any other creature, shall be able to separate us from the love of God, which is in Christ Jesus our Lord.” Also 1 Corinthians 8:3 says “But if any man love God, the same is known of him.” If you love God, then you are known by Him as well.

Well I think it is time for me to go to bed, I hope that all this finds you well and helps you on your path. I will plan on another post very soon, and maybe doing a weekly series of these. Please let me know what you think, comment and ask some questions. I may not be able to answer them but I know some people who might be able to help. Good night all and God bless.

This song has made an impact on me, and I encourage everyone to give it a listen.

EmCC Portatab Project

Materials Used:

Raspberry Pi Model B (ARM CPU, 512 MB RAM) ***
3.5 inch Touch screen LCD (http://www.amazon.com/OSOYOO-480×320-Display-Monitor-Raspberry/dp/B013E0IJSC/ref=sr_1_2?ie=UTF8&qid=1449867132&sr=8-2&keywords=3.5+inch+raspberry+pi+screen )
Wireless g/n dongle
Bluetooth Module**
Bluetooth Keyboard and trackpad*
Raspbian OS

** I have not purchased yet.

*Can only use this once Bluetooth has been enabled.

***Want to update to the new Raspberry Pi 2 asap.

Goal of the project:

The goal of this project is to make a portable computer with the raspberry pi which I can take anywhere with me and use it as a full desktop/laptop replacement. I want to create something that is unique and can be upgraded easily. I will work with my Dad to make a wooden case for the system. I have drawn up a lot of different designs for this, ones containing a portable keyboard and touchpad attached to the case, ones without the keyboard attached, etc. I have not yet figured this out 100% though.

Project Phase 1:

Phase 1 of this project was to get the main components of the system installed and running (no case). I already had the Raspberry Pi from a previous project, and had the other various components, I just needed the 3.5 inch touchscreen LCD. After a while of looking and searching, I found a pretty cheap ~20.00 touchscreen. I bought it and it was delivered fairly quickly. After a little bit of tinkering and working with the company I bought it from, I was able to get the screen working correctly. So After a few days I was able to complete Phase 1. Everything is functional and ready to move on to Phase 2.

Project Phase 2:

Phase 2 will be to assemble the case. I will be having my Dad’s help with this and it will be made out of wood. I will update this as I make more progress. I will also try to upload a picture of the design I am working on.

Automated Patching – Oracle Fusion Middleware 11g

Why?

The reason I am addressing this is that, while working on patches for 11g servers, I was so tired of doing it manually. Staging the patch out to each server, going to each one running the same mundane commands to install (with just the slight variations for each one). I decided I would just create 2 scripts to get this done instead.

Two Scripts?

I had to create two scripts in order to stage the patches from one server to the others. While there might have been a better (more all in one) way of doing this, I felt it was better to keep it plain and simple. The two scripts I wrote are patchOracle.sh (for the actual patching of the server) and stagePatches.sh (as the name says this one is to stage the patches from one server to the others).

Script one (stagePatches.sh)

This script resides on the server where the patches are downloaded from Oracle Support to. You will need to change the variables to suite where you want to grab the patches from (ie. Where you download them to):

## stagePatches.sh
## Variables for this script
patchID=${1}
patchType=${2}
hostListInput=${3}
stageDir="/stage/dir/stage-tmp"
oracleHome="/my/oracle/home"
function stageBSU(){
 echo "SCPing patched to staging directory on hosts . . "
 hostList=`echo ${hostListInput} | sed 's/,/\\n/g'`
 for host in ${hostList}
 do
 scp ${stageDir}/${patchID}.zip ${host}:${oracleHome}/utils/bsu/cache_dir/
 echo "Staged to ${host}"
 done
 echo ". . FINISHED"
}
function stageOPatch(){
 echo "SCPing patched to staging directory on hosts . . "
 hostList=`echo ${hostListInput} | sed 's/,/\\n/g'`
 for host in ${hostList}
 do
 scp ${stageDir}/${patchID}.zip ${host}:~/
 echo "Staged to ${host}"
 done
 echo ". . FINISHED"
}
function help(){
 echo "Help Function:"
 echo "Usage: ${0} patchID patchType hostList"
 echo "Examples:"
 echo "BSU: ${0} IHFB bsu hostname01,hostname02"
 echo "OPatch: ${0} 17802511 opatch hostname01,hostname02"
 exit 0
}

function checkProd(){
 #this is for checking if staging to a prod environment (change the *prod* to a string checking the hostname for a prod indicator, this is obviously different for each environment).
 if [[ ${hostList} = *prod* ]]; then
 echo "You are applying a patch on a production environment!!"
 read -p "Press [Enter] to continue or ctr-C to quit."
 echo ""
 fi
}

case ${patchType} in
 bsu | -bsu )
 checkProd "${hostList}"
 stageBSU "${patchID}" "${hostList}" "${stageDir}"
 ;;

 opatch | -opatch )
 checkProd "${hostList}"
 stageOPatch "${patchID}" "${hostList}" "${stageDir}"
 ;;
 *)

help
exit 0
;;


esac

Script two (patchOracle.sh)

This script resides on the server where the patches are to be installed. You will need to change the variables to suite where you want to grab the patches from (ie. Where you scp’d the patches to):

## patchOracle.sh

## Variables for this script
patchID=${1}
logFile="~/patchOracle.log"
oracleHome="/oracle/home/dir"

function bsuPatching(){
 ## Run BSU on host
 echo "Unzipping patch . . . ."
 cd ${oracleHome}/utils/bsu/cache_dir/
 unzip ${patchID}.zip
 echo "Applying BSU patch on host now"
 cd ${oracleHome}/utils/bsu/
 ./bsu.sh -prod_dir=${oracleHome}/wlserver_10.3 -patchlist=${patchID} -verbose -install
 echo "${patchID} has been applied!!"
}
function osbPatching(){
 ## Run OSB patch on host
 echo "Unzipping patch . . . ."
 cd ~/
 unzip ${patchID}.zip
 cd ~/${patchID}/
 echo "Applying OSB patch on host now"
 ${oracleHome}/Oracle_OSB1/OPatch/opatch apply
 echo "${patchID} has been applied!!"
}
function soaPatching(){
 ## Run SOA patch on host
 echo "Unzipping patch . . . ."
 cd ~/
 unzip ${patchID}.zip
 cd ~/${patchID}/
 echo "Applying SOA patch on host now"
 ${oracleHome}/Oracle_SOA1/OPatch/opatch apply
 echo "${patchID} has been applied!!"
}
# Swap out the *prod* for a better way of telling whether the host is a prod or non production en#vironment
function checkProd(){
 hostname=`hostname`
 if [[ ${hostname} = *prod* ]]; then
 echo "You are applying a patch on a production environment!!"
 read -p "Press [Enter] to continue or ctr-C to quit."
 echo ""
 fi
}
function bsuCheck(){
 ## Run BSU on host
 echo "Checking if patch is installed already . . "
 cd ${oracleHome}/utils/bsu/
 check=`./bsu.sh -report |grep ${patchID}`
 if [[ ${check} ]]; then
 echo "${patchID} is already installed!!"

 exit 1
 fi
 echo "Patch ID: ${patchID} is not installed yet, proceeding . . "
}
function osbCheck(){
 ## Check to see if osb patch is already installed
 echo "Checking if patch is installed already . . "
 check=`${oracleHome}/Oracle_OSB1/OPatch/opatch lsinventory |grep ${patchID}`
 if [[ ${check} ]]; then
 echo "${patchID} is already installed!!"
 exit 1
 fi
 echo "Patch ID: ${patchID} is not installed yet, proceeding . . "
}
function soaCheck(){
 ## Check to see if soa patch is already installed
 echo "Checking if patch is installed already . . "
 check=`${oracleHome}/Oracle_SOA1/OPatch/opatch lsinventory |grep ${patchID}`
 if [[ ${check} ]]; then
 echo "${patchID} is already installed!!"
 exit 1
 fi
 echo "Patch ID: ${patchID} is not installed yet, proceeding . . "
}
function help(){
 echo "Help Function:"
 echo "Usage: ${0} patchID patchType"
 echo "Examples:"
 echo "BSU: ${0} IHFB bsu"
 echo "OSB: ${0} 17802511 osb"
 echo "SOA: ${0} 17802001 soa"
 exit 0
}
function startPatching(){
 echo "####################################" &gt;&gt; ${logFile}
 echo "Patching has been initiated on ${hostname} for patch number ${patchID}" &gt;&gt; ${logFile}
 echo "####################################" &gt;&gt; ${logFile}
}
function finishedPatching(){
 echo "####################################" &gt;&gt; ${logFile}
 echo "Patching has been finished on ${hostname} for patch number ${patchID}" &gt;&gt; ${logFile}
 echo "####################################" &gt;&gt; ${logFile}
}

case ${2} in
 bsu | -bsu )
 if [ $# -ne 2 ]; then
 help
 fi
 checkProd
 startPatching ${patchID}
 bsuCheck ${patchID}
 bsuPatching ${patchID}
 finishedPatching ${patchID}
 ;;
 osb | -osb )
 if [ $# -ne 2 ]; then
 help
 fi
 checkProd
 startPatching ${patchID}
 osbCheck ${patchID}
 osbPatching ${patchID}
 ;;
 soa | -soa )
 if [ $# -ne 2 ]; then
 help
 fi
 checkProd
 startPatching ${patchID}
 soaCheck ${patchID}
 soaPatching ${patchID}
 finishedPatching ${patchID}
 ;;
 *)
 help
 exit 0
 ;;
esac

Error Using the MAT memory analyzer

I was getting the following error while using the MAT memory analyzer to try and figure out an OutOfMemoryError:

“An internal error occurred during: “Parsing heap dump from ‘jrockit_3731.hprof'”.
Java heap space”

I googled it and luckily found the answer in one try, I am going to post here on my blog now too, in case I run into it again You have to edit the MemoryAnalyzer.ini and up the heap from the default 1024m to something higher. This fixed the issue I was having.

Salvation through faith

Salvation through faith in Jesus Christ

I was recently asked some questions about Jesus and the Bible. One question that was brought up was “if Jesus died for our sins, then why can’t people just sin and then ask for forgiveness at the end?” My answer to this question was “Because if you truly love Jesus, then you will try your best not to sin and to live your life as Christ-like as is possible for a man/woman.” Well tonight in our daily reading of the Bible, my wife and I read Romans 3 and in this chapter Paul talks a lot about sin, faithfulness, and God’s love for us. I think it deals with the question above about sin in Romans 3:8 which says “And some people even slander us by claiming we say, ‘The more we sin, the better it is!’ Those who say such things deserve to be condemned.” To me Paul is saying that Christians and those who believe should do their best not to sin. When talking about following the law, which I think too many churches base their teachings on, by saying people are sinners and that “you can’t do this . . . you can’t do that . . .” for instance. Those who base salvation upon works should take note of Romans 3:20 “. . . . The law simply shows us how sinful we are.” So if it is not based upon who sins less than who, then how is it that we are saved? It is through our faith and belief in Jesus Christ, as is pointed out in Romans 3:26 “… And He declares sinners to be right in His sight when they believe in Jesus.” and in Romans 3:27 “… our acquittal is not based on obeying the law. It is on faith.” This does not mean however that the law can be forgotten about, in Romans 3:31 it reads “Well then, if we emphasize faith, does this mean that we can forget about the law? Of course not! In fact, only when we have faith do we truly fulfil the law.” Just to clarify in these scriptures, I believe not obeying the law would mean to sin. I would like to end this post by saying how loving our God is and how much I truly love God.

“Yet God, with undeserved kindness, declares that we are righteous. He did this through Christ Jesus when he freed us from the penalty for our sins.” Romans 3:24

*The Bible read from is the New Living Translation.

Anomaly Tour 2015

My wife and I were able to go to the Cross Insurance Arena in Portland just a few days ago to see Lecrae, Andy Mineo, and DJ Promote in concert. It was an awesome experience to share with my wife. I have posted 3 videos already to my youtube channel with many more to come. It was a great concert, I myself am a big Christian Hip Hop fan, and have wanted to see more representation of Reach Records here in Maine and boy did I get it. We were supposed to meet Andy Mineo, but do to some errors on the ticketmaster side, we were not able to meet him. Even with this kind of disappointment the show more than made up for it. I was wicked happy to see Black Knight at the drums for Andy, he is really talented as were the rest of the set. I hope that more Reach Records artists will think about booking Maine into their schedules. I will be on the look out for sure

go to my concerts page above to see more and also some of my youtube videos.

My Star [POEM]

My Star

Star light, star bright

We go together better than left goes with right.

You say “I need makeup, jewelry, to be more tan”

You say “I am not beautiful at all”

When this happens, you make me say,

Baby you are the most beautiful of all.

You are my star, you light up my day.

I plead you remember that,

God made you, and so;

You are just right, someone I just love to look at.

You are more than just some plain Jane.

You are a star, a twinkle in His eye.

Without your love, I just might die.

God loves you, and holds you close.

I love you more than anybody knows.

Poem By Alex Curit