This chapter describes issues associated with Oracle Web Cache. It includes the following topics:
This section describes configuration issues and their workarounds. It includes the following topics:
For enhanced security, no default hard-coded passwords are used for managing Oracle Web Cache.
When you install the Oracle Web Tier installation type, the Oracle Universal Installer prompts you to choose a password. The Web Cache Administrator page of the Oracle Universal Installer prompts you to enter a password for the
administrator account. The
administrator account is the Oracle Web Cache administrator authorized to log in to Oracle Web Cache Manager and make configuration changes through that interface.
When you install Oracle Portal, Forms, Reports, and Discoverer, the prompt for the
administrator password is missing. Instead, the Oracle Portal, Forms, Reports and Discoverer install type uses a random value chosen at install time.
Regardless of the installation type, before you begin configuration, change the passwords for these accounts to a secure password. If you are configuring a cache cluster, all members of the cluster must use the same password for the
To change the password, use the Passwords page of Fusion Middleware Control, as described in "Configuring Password Security" in the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.
Running Oracle Web Cache as a user other than the installed user through the use of the
webcache_setuser.sh setidentity command is not supported.
Specifically, you cannot change the user ID with the following sequence:
Change the process identity of the Oracle Web Cache processes in the Process Identity page using Oracle Web Cache Manager (Properties > Process Identity).
webcache_setuser.sh script as follows to change file and directory ownership:
webcache_setuser.sh setidentity user_ID
user_ID is the user you specified in the User ID field of the Process Identity page.
Restart Oracle Web Cache using
Oracle Web Cache will start and then immediately shut down.
In addition, messages similar to the following are displayed in the event log:
[2009-06-02T21:22:46+00:00] [webcache] [ERROR:1] [WXE-13212] [logging] [ecid: ] Access log file /scratch/webtier/home/instances/instance1/diagnostics/logs/WebCache/webcache1/access_log could not be opened. [2009-06-02T21:22:46+00:00] [webcache] [WARNING:1] [WXE-13310] [io] [ecid: ] Problem opening file /scratch/webtier/home/instances/instance1/config/WebCache/webcache1/webcache.pid (Access Denied). [2009-06-02T21:22:46+00:00] [webcache] [ERROR:1] [WXE-11985] [esi] [ecid: ] Oracle Web Cache is unable to obtain the size of the default ESI fragment page /scratch/webtier/home/instances/instance1/config/WebCache/webcache1/files/esi_fragment_error.txt. [2009-06-02T21:22:46+00:00] [webcache] [WARNING:1] [WXE-11905] [security] [ecid: ] SSL additional information: The system could not open the specified file.
For more information about the
webcache_setuser.sh script, see "Running webcached with Root Privilege" in the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.
This section provides clarifications for errors in Oracle Web Cache documentation. It includes the following topics:
Information about enabling generation of core dump is not available in the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.
To enable generation of a core dump when Oracle Web Cache is shut down, add
CORE="YES" to the
TRACEDUMP element in the
TRACEDUMP element would look like the following:
<TRACEDUMP FILENAME=file_name CORE="YES"/>
The core dump file with the specified name is created in the
Section 188.8.131.52.2, "Certificate" of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache states the following:
"Although the Oracle HTTP Server supports OpenSSL certificate revocation lists, Oracle Web Cache does not."
This statement is incorrect. Oracle Web Cache does support CRLs.
Section 5.5.3, "Configuring Certificate Revocation Lists (CRLs)" of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache has the following incorrect statements:
Incorrect statement: "Fusion Middleware Control or Oracle Web Cache Manager do not provide support for client certificate validation with Certificate Revocation Lists (CRLs). You can configure this support by manually editing the
Clarification: This statement is incorrect. You can enable and configure support for CRLs by using the Oracle Web Cache Manager, as follows:
Go to the Listen Ports page.
Select the HTTPS port for which you want to configure CRL settings, and click Edit Selected.
The Edit/Add Listen Port dialog box is displayed.
Select the Certificate Revocation List Enabled option.
In the CRL Path field, specify the fully qualified path to the directory in which the CRLs are stored. For example,
In the CRL File field, specify the fully qualified path and filename of the CRL file. For example,
Incorrect statement: Step 4 of the procedure to configure certificate validation using CRLs: "Configure CRL file location by adding the
SSLCRLFILE parameters to the
HTTPS LISTEN directive."
Clarification: This statement is incorrect. You must add either
SSLCRLFILE to the
HTTPS LISTEN directive, not both.