When creating a new resource for the HA for Oracle External Proxy data service, do not follow instructions in the data service guide to use the openssl command to encrypt the password for the remote Oracle database user. For Oracle Solaris Cluster 4.3, this password encryption is now performed by using the Oracle Solaris Cluster private string command, clpstring. Issue the following command from one node of the cluster:
# clpstring create -b resource resource-pw Enter string value: ******** Enter string value again: ******** #
Note that the naming convention for the private string is the name of the resource appended with "-pw". For example, for a resource named oep-proxy-rs, you name the private string oep-proxy-rs-pw.
The 4.3 version of the agent automatically converts any existing resource that uses the openssl encrypted password to use a private string instead. The agent also removes the openssl password files, but not the openssl key files. You can remove these key files once you no longer use them. For more information about using FIPS 140 cryptography, see Using a FIPS 140-2 Enabled System in Oracle Solaris 11.3.