Go to main content

Oracle® Solaris Cluster 4.3 Release Notes

Exit Print View

Updated: June 2021
 
 

HA for Oracle External Proxy Guide

When creating a new resource for the HA for Oracle External Proxy data service, do not follow instructions in the data service guide to use the openssl command to encrypt the password for the remote Oracle database user. For Oracle Solaris Cluster 4.3, this password encryption is now performed by using the Oracle Solaris Cluster private string command, clpstring. Issue the following command from one node of the cluster:

# clpstring create -b resource resource-pw
Enter string value: ********
Enter string value again: ********
#

Note that the naming convention for the private string is the name of the resource appended with "-pw". For example, for a resource named oep-proxy-rs, you name the private string oep-proxy-rs-pw.

The 4.3 version of the agent automatically converts any existing resource that uses the openssl encrypted password to use a private string instead. The agent also removes the openssl password files, but not the openssl key files. You can remove these key files once you no longer use them. For more information about using FIPS 140 cryptography, see Using a FIPS 140-2 Enabled System in Oracle Solaris 11.3.


Note -  If, before the agent automatically converts the password, you converted the cluster node to use the FIPS-140-capable openssl command, the agent will fail to decrypt the old password and will not be able perform the automatic conversion. In this situation, use the above clpstring command to create the private string.