wget with SSL

Last week we faced an  issue to connect to a webservice which is SSL enabled  ..

To troubleshoot this issue ,we want to check ,whether we are able to connect that wsdl using wget ..

So this blog is dedicated to all those who want to conenct a wsdl or any URL which is SSL enabled :- )

You have 2 options ...one is


We can use the below 2 Arguments for testing the SSL handshake


1. --no-check-cert  //this will ignore the certificate check and you can see whether you are able to connect to the server or not...

2. --certificate=FILE

Syntax :

1. wget --no-check-cert https:

2. wget --certificate=Location of JKS https://



Example with --no-check-cert



As I don’t have access to the SIT environment ,I have used the soadev03. Giving the location of the certificate in wget using the argument



[weblogic@ngmlx504 security]$ wget --no-check-cert https://ashraftp-engineer/em

For more options ..Please check the arguements below which you can pass with wget for SSL enabeld URLs ...


HTTPS (SSL/TLS) options:


--secure-protocol=PR choose secure protocol, one of auto, SSLv2,

SSLv3, and TLSv1.

--no-check-certificate don't validate the server's certificate.

--certificate=FILE client certificate file.

--certificate-type=TYPE client certificate type, PEM or DER.

--private-key=FILE private key file.

--private-key-type=TYPE private key type, PEM or DER.

--ca-certificate=FILE file with the bundle of CA's.

--ca-directory=DIR directory where hash list of CA's is stored.

--random-file=FILE file with random data for seeding the SSL PRNG.

--egd-file=FILE file naming the EGD socket with random data.



How to check certificate validity using keytool command


keytool -list -v -keystore $WLSDOMAIN/certs/appTrustKeyStore.jks -storepass <>
egrep "Alias
Valid"



Other Useful commands:

Java Keytool Commands for Creating and Importing





These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.

•Generate a Java keystore and key pairkeytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048

•Generate a certificate signing request (CSR) for an existing Java keystorekeytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr

•Import a root or intermediate CA certificate to an existing Java keystorekeytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks

•Import a signed primary certificate to an existing Java keystorekeytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks

•Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytool for more info)keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking

If you need to check the information within a certificate, or Java keystore, use these commands.

•Check a stand-alone certificatekeytool -printcert -v -file mydomain.crt

•Check which certificates are in a Java keystorekeytool -list -v -keystore keystore.jks

•Check a particular keystore entry using an aliaskeytool -list -v -keystore keystore.jks -alias mydomain

Other Java Keytool Commands

•Delete a certificate from a Java Keytool keystorekeytool -delete -alias mydomain -keystore keystore.jks

•Change a Java keystore passwordkeytool -storepasswd -new new_storepass -keystore keystore.jks

•Export a certificate from a keystorekeytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks

•List Trusted CA Certskeytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

•Import New CA into Trusted Certskeytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts

http://lokeshtc.blogspot.co.uk/2012/10/how-to-check-certificate-validity-using.html

How to serach a word in a directory

grep Command Syntax

grep 'word' filename

grep 'string1 string2' filename

cat otherfile
grep 'something'

command
grep 'something'

command option1
grep 'data'

grep --color 'data' fileNameHow Do I Use grep To Search File?

Search /etc/passwd for boo user:



$ grep boo /etc/passwd

You can force grep to ignore word case i.e match boo, Boo, BOO and all other combination with -i option:



$ grep -i "boo" /etc/passwd

Use grep recursively

You can search recursively i.e. read all files under each directory for a string "192.168.1.5"



$ grep -r "192.168.1.5" /etc/

Use grep to search words only

When you search for boo, grep will match fooboo, boo123, etc. You can force grep to select only those lines containing matches that form whole words i.e. match only boo word:



$ grep -w "boo" /path/to/file

Use grep to search 2 different words

use egrep as follows:



$ egrep -w 'word1
word2' /path/to/file

Count line when words has been matched

grep can report the number of times that the pattern has been matched for each file using -c (count) option:



$ grep -c 'word' /path/to/file

Also note that you can use -n option, which causes grep to precede each line of output with the number of the line in the text file from which it was obtained:



$ grep -n 'word' /path/to/file

Grep invert match

You can use -v option to print inverts the match; that is, it matches only those lines that do not contain the given word. For example print all line that do not contain the word bar:



$ grep -v bar /path/to/file

UNIX / Linux pipes and grep command

grep command often used with pipes. For example print name of hard disk devices:



# dmesg
egrep '(s
h)d[a-z]'

Display cpu model name:



# cat /proc/cpuinfo
grep -i 'Model'

However, above command can be also used as follows without shell pipe:



# grep -i 'Model' /proc/cpuinfo

How do I list just the names of matching files?

Use the -l option to list file name whose contents mention main():



$ grep -l 'main' *.c

Finally, you can force grep to display output in colors:



$ grep --color vivek /etc/passwd

wget with SSL

you should be able to use /sw/etc/ssl/certs/ca-bundle.crt with Wget:


wget --ca-certificate=/sw/etc/ssl/certs/ca-bundle.crt \



https://fedorahosted.org

Increasing the heap in weblogic 11g

There are 2 different type of servers in Weblogic Server




1. Admin Server



2. Managed Server



Increasing JVM Size of Admin Server

JVM size of Admin server can be increased by changing Xmx and Xms values in setDomainEnv.sh which is located in $MW_HOME/user_projects/domains//bin



There are two blocks for XMX and XMS in setDomainEnv.sh. Depending up on type of JVM make changes in second block. Below I changed the value of XMX and XMS of 64 Bit SUN Java to 2048 and 1024.



XMS_SUN_64BIT=”256″

export XMS_SUN_64BIT

XMS_SUN_32BIT=”256″

export XMS_SUN_32BIT

XMX_SUN_64BIT=”512″

export XMX_SUN_64BIT

XMX_SUN_32BIT=”512″

export XMX_SUN_32BIT

XMS_JROCKIT_64BIT=”256″

export XMS_JROCKIT_64BIT

XMS_JROCKIT_32BIT=”256″

export XMS_JROCKIT_32BIT

XMX_JROCKIT_64BIT=”512″

export XMX_JROCKIT_64BIT

XMX_JROCKIT_32BIT=”512″

export XMX_JROCKIT_32BIT



XMS_SUN_64BIT=”1024″

export XMS_SUN_64BIT

XMS_SUN_32BIT=”512″

export XMS_SUN_32BIT

XMX_SUN_64BIT=”2048″

export XMX_SUN_64BIT

XMX_SUN_32BIT=”1024″

export XMX_SUN_32BIT

XMS_JROCKIT_64BIT=”512″

export XMS_JROCKIT_64BIT

XMS_JROCKIT_32BIT=”512″

export XMS_JROCKIT_32BIT

XMX_JROCKIT_64BIT=”1024″

export XMX_JROCKIT_64BIT

XMX_JROCKIT_32BIT=”1024″

export XMX_JROCKIT_32BIT



Increasing JVM Size of Managed Server

JVM size of Managed Server can be increased from Weblogic console. This can be achieved by adding Xmx and Xms values start tab in Managed server shown as below



Servers >> ;Server-0>>;Start Tab>> ; Arguments


There are two ways to increase the heap size in weblogic.




If you do not have a nodemanager configured. Login the operating system , Under $domain_home/bin directory look for setDomainEnv.sh and add the following -512Xmx -512Xms to the java options.








If you are using the nodemanager then Login to the weblogic Administration console, then click on Servers --> ServerName --> General -->Start Options and look for the Java Arguments

Here you can add -512Xmx -512Xms to the java arguments. If you want to increase the heap size then alter these values from 512 to 1024 depending on your requirements.

Increasing the heap in weblogic 11g

There are 2 different type of servers in Weblogic Server




1. Admin Server



2. Managed Server



Increasing JVM Size of Admin Server

JVM size of Admin server can be increased by changing Xmx and Xms values in setDomainEnv.sh which is located in $MW_HOME/user_projects/domains//bin



There are two blocks for XMX and XMS in setDomainEnv.sh. Depending up on type of JVM make changes in second block. Below I changed the value of XMX and XMS of 64 Bit SUN Java to 2048 and 1024.



XMS_SUN_64BIT=”256″

export XMS_SUN_64BIT

XMS_SUN_32BIT=”256″

export XMS_SUN_32BIT

XMX_SUN_64BIT=”512″

export XMX_SUN_64BIT

XMX_SUN_32BIT=”512″

export XMX_SUN_32BIT

XMS_JROCKIT_64BIT=”256″

export XMS_JROCKIT_64BIT

XMS_JROCKIT_32BIT=”256″

export XMS_JROCKIT_32BIT

XMX_JROCKIT_64BIT=”512″

export XMX_JROCKIT_64BIT

XMX_JROCKIT_32BIT=”512″

export XMX_JROCKIT_32BIT



XMS_SUN_64BIT=”1024″

export XMS_SUN_64BIT

XMS_SUN_32BIT=”512″

export XMS_SUN_32BIT

XMX_SUN_64BIT=”2048″

export XMX_SUN_64BIT

XMX_SUN_32BIT=”1024″

export XMX_SUN_32BIT

XMS_JROCKIT_64BIT=”512″

export XMS_JROCKIT_64BIT

XMS_JROCKIT_32BIT=”512″

export XMS_JROCKIT_32BIT

XMX_JROCKIT_64BIT=”1024″

export XMX_JROCKIT_64BIT

XMX_JROCKIT_32BIT=”1024″

export XMX_JROCKIT_32BIT



Increasing JVM Size of Managed Server

JVM size of Managed Server can be increased from Weblogic console. This can be achieved by adding Xmx and Xms values start tab in Managed server shown as below



Servers>>Server-0>>Start Tab>> Arguments

WLST to connect to Admin Server SSL Enabled

Issue :

Not able to connect to admin server .which is SSL enbaled

Command :

java -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/JAVA_HOME/jre/lib/security/cacerts -Dweblogic.security.CustomTrustKeyStorePassPhrase=pwd  -Dweblogic.security.CustomTrustKeyStoreType=JKS -Dweblogic.security.SSL.allowSmallRSAExponent=true weblogic.WLST


wls:/offline> connect('weblogic',welcome1','t3s://abcd:35909')

Error :

Traceback (innermost last):


File "", line 1, in ?

File "", line 22, in connect

File "", line 648, in raiseWLSTException

WLSTException: Error occured while performing connect : Error getting the initial context. There is no server running at t3s://ngmlx476:25913

Use dumpStack() to view the full stacktrace

Troubleshoot :

Check the WLST SSL arguments :

Solution  :

Give the belwo command for invoking WLST :
java -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.seceblogic.security.CustomTrustKeyStoreFileName=/var/domain/abc/keystore/WebLogicTrustKeyStore.jks -Dweblogic.security.CustomTrustKeyStorePassPhrase=wltkpassword -Dweblogic.security.CustomTrustKeyStoreType=JKS -Dweblogic.security.SSL.allowSmallRSAExponent=true weblogic.WLST

 wls:/offline> connect('weblogic',welcome1','t3s://abcd:35909')


Successfully connected to Admin Server 'AdminServer01' that belongs to domain 'soa__Domain'.


Keep Thinking  :-)
Ashraf TP

Managed Server Not Reachable Failed to start

Hi Guys

One of my firiend reported this issue ...

While trying to start the managed server after configuring data_source and db adapter ,I faced this issue.

So I checked NodeManager ....which is working fine..

Admin server also working fine

But Managed server is not coming up ..and no there is no error reported in the logs ..

So while trouble shooting ,found that ....config.xml file permission was changed to root in the admin server machine ...

RCA :

Before creating the data sournce and db adpater ,the engineer has taken the backup of config.xml ...and while running the pbrun (switch user ) command he logged in as the root user and took the backup ..

So while starting the managed server..managed server is not able to get the config.xml from the admin server and this caused the issue


After changing the permission of the config.xml to the app user ..Managed Server started working :-)

Configuring DB Adapter in SOA11g

Outbound connection pools in a resource adapter are configured in the ra.xml and weblogic-ra.xml deployment descriptors. You can also use the Administration Console to modify the pool's properties. Properties you modify in the console will be saved in a deployment plan.

1.  Create  data source
2..  Create outbound connection
3.Assign the newly created outbound connection to the data source .

* Follow below steps to create a Data Source to point to your database.


* Example:

- Name: myDS

- JNDI Name: jdbc/myDS


1. Login Admin Console.


* In Domain Structure pane, click soa_domain -> Services -> Data Sources.

* In Summary of JDBC Data Sources -> Configuration page, click New -> Generic Data Source.


* In JDBC Data Source Properties screen, enter:

- Name: myDS

- JNDI Name: jdbc/myDS

- Database Type: Oracle

  * Click Next

* Select

- Database Driver: Oracle's Driver (Thin XA) for Instance connections; Verions:9.0.1 and later

- Click Next.

* Click Next on Transaction Options screen.

* On Connection Properties screen, enter:

- Database Name: orcl

- Host Name: localhost

- Port: 1521

- Database User Name: scott

- Password: tiger

- Click Next.

* On Test Database Connection screen, click Test Configuration button. Make sure the response is Connection test succeeded.



* Click Next.

* On Select Targets screen, select the target server instance. For example,



Click Finish...

2) Create an Outbound Connection Pool:


* Click soa_domain > Deployments in Domain Structure pane.

* Click DBadapter in Summary of Deployments pane.

* Click Configuration -> Outbound Connection Pools tab.

* Click New button.



* Select javax.resource.cci.ConnectionFactory and click Next

Enter

JNDI Name: eis/DB/myDB


Click Finish

Assign Data Source to Connection Pool:


* Click Configuration tab -> Outbound Connection Pools tab.

* Expand javax.resource.cci.ConnectionFactory.

* Click the newly created outbound connection pool, e.g eis/DB/myDB.



* Click Properties tab and enter

xADataSourceName: jdbc/myDS

* Hit Enter key.

* Click Save button.



3) Redeploy DbAdapter :

* Click soa_domain > Deployments in Domain Structure pane.

* Click thecheckbox to select DBAdapter.

* Click Update button.


* Select Redeploy this application using the following deployment files

* Check deployment plan file is correct:

- Deployment plan path:/opt/oracle/Middleware/home_11gr1/Oracle_SOA1/soa/DBPlan/Plan.xml



Click Next ..Finish

click Activate Changes...