If you are using demonstration WebLogic certificates, and if you have implemented alias hostnames as part of preparation for implementing Standby OMSs using the Storage Replication DR architecture, the demonstration identity certificates configured for WebLogic Server need to be recreated on each OMS to have the alias hostname for the OMS, instead of the physical hostname of the server. These steps need to be implemented after installations and upgrades. These steps involve downtime as the OMS must be restarted. To maintain availability, these steps should be performed serially, first on OMS1 and then one by one on additional OMSs so that other OMSs remain online while only one OMS is being updated at a time.
Perform the following steps serially, first on OMS1 and then on each additional OMS:
DemoIdentity.jks
file.
cp -p <NEW_INSTANCE_BASE>/user_projects/domains/GCDomain/security/DemoIdentity.jks <NEW_INSTANCE_BASE>/user_projects/domains/GCDomain/security/DemoIdentity.jks.before_regen_YYYYMMDD
For example:
cp -p /u01/app/oracle/OMS/gc_inst/user_projects/domains/GCDomain/security/DemoIdentity.jks /u01/app/oracle/OMS/gc_inst/user_projects/domains/GCDomain/security/DemoIdentity.jks.before_regen_20160402
DemoTrust.jks
file.
cp -p <NEW_MIDDLEWARE_HOME>/wlserver/server/lib/DemoTrust.jks <NEW_MIDDLEWARE_HOME>/wlserver/server/lib/DemoTrust.jks.before_regen_YYYYMMDD
For example:
cp -p /u01/app/oracle/OMS/MWare13c/wlserver/server/lib/DemoTrust.jks /u01/app/oracle/OMS/MWare13c/wlserver/server/lib/DemoTrust.jks.before_regen_20160402
Change directory to the bin directory for the domain.
cd <NEW_INSTANCE_BASE>/user_projects/domains/GCDomain/bin
For example:
cd /u01/app/oracle/OMS/gc_inst/user_projects/domains/GCDomain/bin
Source the script to set environment variables. Make sure you source the contents of the script using the exact syntax below including the leading dot and space. . ./setDomainEnv.sh
mkdir -p <NEW_MIDDLEWARE_HOME>/keystores
For example:
mkdir -p /u01/app/oracle/OMS/MWare13c/keystores
cd <NEW_MIDDLEWARE_HOME>/keystores
For example:
cd /u01/app/oracle/OMS/MWare13c/keystores
<OMS_ALIAS_HOSTNAME_FQDN>
with the value for <OMS1_ALIAS_HOSTNAME_FQDN>
when running these commands on OMS1 and with the value for <OMS<#>_ALIAS_HOSTNAME_FQDN>
when running these commands on OMS<#>.
java utils.CertGen -cn <OMS_ALIAS_HOSTNAME_FQDN> -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey
For example:
java utils.CertGen -cn emoms1.domain.com -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey
DemoIdentity.jks
file.
java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfilepass DemoIdentityPassPhrase -certfile democert.pem -keyfile demokey.pem -alias demoidentity
CN=
on the line that starts Owner:
keytool -list -v -keystore DemoIdentity.jks
DemoIdentity.jks
file in the current directory:
rm democert.*
rm demokey.*
<NEW_MIDDLEWARE_HOME>/bin/emctl stop oms -all
For example:
/u01/app/oracle/OMS/MWare13c/bin/emctl stop oms -all
cd <NEW_MIDDLEWARE_HOME>/keystores
For example:
cd /u01/app/oracle/OMS/MWare13c/keystores
cp DemoIdentity.jks <NEW_INSTANCE_BASE>/user_projects/domains/GCDomain/security/
For example:
cp DemoIdentity.jks /u01/app/oracle/OMS/gc_inst/user_projects/domains/GCDomain/security/
DemoIdentity.jks
file has been copied successfully.
ls -alF <NEW_INSTANCE_BASE>/user_projects/domains/GCDomain/security/Demo*
For example:
ls -alF /u01/app/oracle/OMS/gc_inst/user_projects/domains/GCDomain/security/Demo*
<NEW_MIDDLEWARE_HOME>/bin/emctl start oms
For example:
/u01/app/oracle/OMS/MWare13c/bin/emctl start oms
Open a new shell session as the Oracle Software Owner User.
Set necessary environment variables
Change directory to the bin directory for WebLogic Home.
cd <NEW_MIDDLEWARE_HOME>/wlserver/server/bin
For example:
cd /u01/app/oracle/OMS/MWare13c/wlserver/server/bin
Source script to set the environment needed to run wlst. Make sure you source the contents of the script using the exact syntax below including the leading dot and space.
. ./setWLSEnv.sh
Change directory to prepare to run wlst.
cd <NEW_MIDDLEWARE_HOME>/oracle_common/common/bin
For example:
cd /u01/app/oracle/OMS/MWare13c/oracle_common/common/bin
Launch wlst.
java -Dweblogic.security.TrustKeyStore=DemoTrust -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1 weblogic.WLST
At this point you should be able to successfully connect to this OMS server via wlst specifying the alias hostname for this OMS server, and if you have already completed these steps on the other OMS server(s) you should also be able to connect to the other OMS server(s).
Attempt to connect to the Admin server:
connect('<ADMIN_SERVER_USER>','<ADMIN_SERVER_PASSWORD>','t3s://<OMS1_ALIAS_HOSTNAME_FQDN>:<ADMIN_SERVER_HTTPS_PORT>')
For example:
connect('weblogic','changeme','t3s://emoms1.domain.com:7101')
Attempt to connect to the OMS1 Managed Server.
connect('<ADMIN_SERVER_USER>','<ADMIN_SERVER_PASSWORD>','t3s://<OMS1_ALIAS_HOSTNAME_FQDN>:<OMS_SERVER_HTTPS_PORT>')
For example:
connect('weblogic','changeme','t3s://emoms1.domain.com:7301')
Attempt to connect to the OMS<#> Managed Server (will fail until these steps are completed on OMS<#>. These connection tests can be repeated again once the process is complete on all OMS servers.
connect('<ADMIN_SERVER_USER>','<ADMIN_SERVER_PASSWORD>','t3s://<OMS<#>_ALIAS_HOSTNAME_FQDN>:<OMS_SERVER_HTTPS_PORT>')
For example:
connect('weblogic','changeme','t3s://emoms2.domain.com:7301')
If BI Publisher is configured, attempt to connect to the BIP (primary) Managed Server:
connect('<ADMIN_SERVER_USER>','<ADMIN_SERVER_PASSWORD>','t3s://<OMS1_ALIAS_HOSTNAME_FQDN>:<BIP_SERVER_HTTPS_PORT>')
For example:
connect('weblogic','changeme','t3s://emoms1.domain.com:9803')
If BI Publisher is configured, attempt to connect to the BIP<#> Managed Server (will fail until these steps are completed on each OMS<#>). These connection tests can be repeated again once the process is complete on all OMS servers.
connect('<ADMIN_SERVER_USER>','<ADMIN_SERVER_PASSWORD>','t3s://<OMS<#>_ALIAS_HOSTNAME_FQDN>:<BIP_SERVER_HTTPS_PORT>')
For example:
connect('weblogic','changeme','t3s://emoms2.domain.com:9803')
Exit wlst.
exit()
Exit the separate shell session that was started to execute these commands.