Friday, August 31, 2012

How to Create a Wallet with a Self-Signed Certificate and Export the Certificate

Create a Wallet with a Self-Signed Certificate and Export the Certificate

The following steps illustrate creating a wallet, adding a self-signed certificate to it, viewing the wallet and exporting the certificate:

1. Create a wallet

        orapki wallet create -wallet /private/user/orapki_use/root
                                The wallet is created at the location, /private/user/orapki_use/root.

2. Add a self-signed certificate to the wallet

orapki wallet add -wallet /private/user/orapki_use/root -dn 'CN=root_test,C=US' -keysize 2048 -self_signed -validity 3650
This creates a self-signed certificate with a validity of 3650 days. The distinguished name of the subject is CN=root_test,C=US. The key size for the certificate is 2048 bits.

3. View the wallet

orapki wallet display -wallet /private/user/orapki_use/root
This is used to view the certificate contained in the wallet.

4. Export the certificate

orapki wallet export -wallet /private/user/orapki_use/root -dn 'CN=root_test,C=US' -cert /private/user/orapki_use/root/b64certificate.txt

This exports the self-signed certificate to the file, b64certificate.txt. Note that the distinguished name used is the same as in step 2.
Posted by at No comments:
Labels:

Thursday, August 23, 2012

Weblogic MULTICAST MONITOR & MULTICAST TEST UTILITY


Here we are going to see a WebLogic provided utility to test the Multicast Messages can flow properly in our network or not. These utilities helps us to understand whether there is any N/W issue or not …in out Network.

MultiCastMonitor Utility:

MulticastMontior is a stand-alone Java command line utility that monitors multicast traffic on a specific multicast address and port.

Below is the “MulticastMonitorTest.sh” …Please run this test as well…along with Multicast Test…

WL_HOME="$HOME/bea1032/wlserver_10.3"
JAVA_VENDOR="Sun"
JAVA_HOME="$HOME/java/jdk1.6.2_05"
. ${WL_HOME}/common/bin/commEnv.sh
MULTICAST_ADDRESS=239.252.1.6
MULTICAST_PORT=8888
IDLE_TIMEOUT_SECONDS=120
DOMAIN_NAME=Your_DomainName
CLUSTER_NAME=YourClusterName
#The syntax:
#java weblogic.cluster.MulticastMonitor <multicastaddress> <port> <domainname> <clustername>
${JAVA_HOME}/bin/java -classpath ${WEBLOGIC_CLASSPATH} weblogic.cluster.MulticastMonitor ${MULTICAST_ADDRESS} ${MULTICAST_PORT} {DOMAIN_NAME}  ${CLUSTER_NAME}

Few Points regarding Multicast Address…always need to be taken care…

1). The multicast address must be an IP address between 224.0.0.0 and 239.255.255.255 or a hostname with an IP address in this range.
2). The default multicast address used by WebLogic Server is 239.192.0.0.
3). Do not use any x.0.0.1 multicast address where x is between 0 and 9, inclusive.

MulticastTest

 The MulticastTest utility helps you debug multicast problems when you configure a WebLogic cluster. The utility sends out multicast packets and returns information about how effectively multicast is working on your network.
http://download.oracle.com/docs/cd/E13222_01/wls/docs100/admin_ref/utils.html#wp1199798

Syntax: java utils.MulticastTest -n name -a address [-p portnumber]    [-t timeout]   [-s send]

Arguments                  Meaning
-n name                       Required. A name that identifies the sender of the sequenced messages. Use a different name for each test process you start.
-a address                   The multicast address on which: (a) the sequenced messages should be broadcast; and (b) the servers in the clusters are communicating with each other. (The default is 237.0.0.1.)
-p portnumber            Optional. The multicast port on which all the servers in the cluster are communicating. (The multicast port is the same as the listen port set for WebLogic Server, which defaults to 7001 if unset.)
-t timeout                    Optional. Idle timeout, in seconds, if no multicast messages are received. If unset, the default is 600 seconds (10 minutes). If a timeout is exceeded, a positive confirmation of the timeout is sent to stdout.
-s send                        Optional. Interval, in seconds, between sends. If unset, the default is 2 seconds. A positive confirmation of each message sent out is sent to stdout.

Always Remember:
Do NOT run the MulticastTest utility by specifying the same multicast address (the -a parameter) as that of a currently running WebLogic Cluster. The utility is intended to verify that multicast is functioning properly in out network or not….So basically it is a N/W related utility. Ususlly this should be done before starting your clustered WebLogic Servers or when we face Multicast related issues in server logs

Posted by at No comments:
Labels:

Heap Dump Using Jhat for WebLogic Server Heap Analysis

Heap Dump Using Jhat for WebLogic Server Heap Analysis

Many times we want to Generate the Heap Dump to see what all objects are created inside the JVMs Heap space. The Heap Dump tells us that what all objects are created inside the JVM and what is the size of those Objects. Based on this analysis we can find out that what all objects (Application Objects/Platform Objects) are consuming more memory inside the heap.

Here is a Basic Step to enable the Jhat tool to generate the Heap Dump of our WebLogic Server and a brief intro of using this Great and wonderful tool.

Jhat tool comes free and available inside the “<JAVA_HOME>\bin” directory (from JDK1.6 onwards only). If you are using Jdk 1.5 or Lower version then u need to separately download the Jhat tool.from “https://hat.dev.java.net/“

Step1). Open the “startWebLogic.sh”(Unix Based OS) or “startWebLogic.cmd”(Windows OS) and then add the JAVA_OPTIONS inside it as following:

@REM **********WINDOWS Operating Systems<(startWebLogic.cmd)******************

. 1 @REM

2 @REM Call setDomainEnv here.

3 set DOMAIN_HOME=C:\bea103\user_projects\domains\WS_Security_Domain

4 for %%i in ("%DOMAIN_HOME%") do set DOMAIN_HOME=%%~fsi

5 call "%DOMAIN_HOME%\bin\setDomainEnv.cmd" %*

6 set SAVE_JAVA_OPTIONS=%JAVA_OPTIONS% -Xrunhprof:format=b,file=MyHeapDump.hprof

7 set SAVE_CLASSPATH=%CLASSPATH%

#************Unix Based Operating Systems<(startWebLogic.sh)***********

1 #

2 # Call setDomainEnv here.

3 DOMAIN_HOME="C:/bea103/user_projects/domains/WLST_Domain"

4 . ${DOMAIN_HOME}/bin/setDomainEnv.sh $*

5 SAVE_JAVA_OPTIONS="${JAVA_OPTIONS}" -Xrunhprof:format=b,file=MyHeapDump.hprof

6 SAVE_CLASSPATH="${CLASSPATH}"

Step2). Now restart Your Server. As soon as you will start your Server you will find that “MyHeapDump.hprof” file is created inside your <DOMAIN_HOME> root directory:

clip_image002

clip_image004

Step3). Open the HeapDump using the Jhat tool like following:

C:\bea103\jdk160_05\bin>jhat -J-mx1024m C:\bea103\user_projects\domains\WS_Security_Domain\MyHeapDump.hprof

OR place the file in some other location before opening it…

C:\bea103\jdk160_05\bin>jhat -J-mx1024m C:\myHeapDumps\MyHeapDump.hprof

Step4). As soon as u run the Obove command jhat tool starts a Http Server on default port 7000…Please open a browser with the following URL:

http://localhost:7000

clip_image005

Opening Jhat Console

clip_image006

jhat Histogram Analysis

clip_image007

Jhat Object Query Language Editor

clip_image008

Jhat Non Product Instance Counter

clip_image009

Jhat Platform/Non-Platform Instance Counter

.

***** **** *** **____Advanced Jhat Analysis____ ***** **** *** **

.

Step5). Object Query Language (OQL)

OQL is SQL-like query language to query Java heap. OQL allows to filter/select information wanted from Java heap. While pre-defined queries such as “show all instances of class X” are already supported by HAT, OQL adds more flexibility. OQL is based on JavaScript expression language.

OQL query is of the form

select <JavaScript expression to select>

[ from [instanceof] <class name> <identifier>

[ where <JavaScript boolean expression to filter> ] ]

==================================================

clip_image010

(OQL) Object Query Language Querie

clip_image011

(OQL) Object Query Language Querries

clip_image012

(OQL) Object Query Language Querries

clip_image013

(OQL) Object Query Language Querries

clip_image014

(OQL) Object Query Language Querries

clip_image015

Posted by at No comments:
Labels:

WEBSPHERE APPLICATION SERVER 8.0 INSTALLATION COMPANION

1.0 Introduction


The objective of this work product is to:
  • Provide the installation and configuration instructions for Web Sphere Application Server 8.0

1.1 References

The following documents were referenced in preparation of this document:

2.0 Installation Plan

2.1 Scope

The Software Installation and Configuration Documentation were prepared in order to capture the installation process and configuration of Web Sphere® Application Server in the development environment. This document provides the basic installation process required for development environment. Detail documentation regarding the software is available in the vendor provided installation and administration manuals.
This document does not provide the security, scalability and other configuration requirements that are required for a production or test environment.

2.2 Pre-Installation Activities

The following is a list of tasks to be completed before beginning the installation process:
  • Most IBM and Oracle software do not use the keys for licensing. Licensing should be procured by the client depending on the number of products installed and the number of CPU's used on the server. Some of the products may have other assemblies bundled in it.
  • Purchase a copy of the IBM WebSphere Application Server software from IBM. The license may be purchased for 2 cpu’s. IBM may deliver the software’s either in CD’s or software electronic downloads.

2.4 Security

  1. Matrix of ports containing the Port number, Protocol and URL is shown below in Exhibit 4 below
Exhibit 4: Matrix of Ports
IP, Host Name and Location Port Number Protocol Comment URL
10.233.13.11 9061,9081 http 9061 – admin host, 9081 – default host http://10.233.13.11:9061/ibm/console
10.233.13.11 9044,9444 https 9044 – admin host secure, 9444 – default host secure https://10.233.13.11:9044/ibm/console/logon.jsp
10.233.13.11 9062,9082 http 9062 – admin host, 9082 – default host http://10.233.13.11:9062/ibm/console
10.233.13.11 9045,9445 https 9045 – admin host secure, 9445 – default host secure https://10.233.13.11:9045/ibm/console/logon.jsp

2.5 Software Inventory

The table below provides the list of software required for the installation.
Exhibit 5: Software Inventory
Software Title Release Number
WebSphere® Application Server 8.0.0.0


2.6 Hardware Inventory

The table below provides the list of hardware required for the installation.
Exhibit 6: Hardware Inventory
Software Vendor Model CPU RAM OS
WebSphere® Application Server Vmware VM 2 2 Windows 2008

It is very important to have the minimum amount of required memory to install the product.

2.7 Network Inventory

The table below provides information on the network requirements for installation.
Exhibit 7: Network Inventory
Software Environment IP Address Domain
WebSphere® Application Server DEV XXX.XXX.XXX.XXX GLBS

3.0 INSTALLATION and Configuration

This section outlines the installation and configuration processes for the WebSphere® tools MQ and Eclipse. In addition, this section outlines the installation testing processes for each of the tools.

3.1WebSphere® Application Server Installation

WebSphere® Application server MQ is a messaging framework that provides reliable application integration by passing messages between applications and web services. It reduces the risk of information loss and the need to reconcile IT systems communication. It achieves this by using queuing and transactional facilities to preserve the message integrity across the network. It provides local and remote queuing to support guaranteed delivery, traceability, and error recovery.
The following list provides the installation steps:

3.2WebSphere® Application Server Installation

The following list provides the installation steps:
Download from: 
http://www14.software.ibm.com/webapp/download/preconfig.jsp?id=2010-03-30+14%3A40%3A55.882659R&S_TACT=104CBW71&S_CMP=rss
Click continue to download the software.
clip_image002
Click continue and accept the terms and conditions and say confirm to go next.
clip_image004
clip_image006
Select the following downloads and use the HTTP Download Director so that you downloads can resume if connection is lost.
IBM WebSphere Application Server 8.0 Beta (Part 1 of 3)
beta.was.repo.8000.base_1_Oct22_2010.zip (all 3 parts are required) (841 MB)
IBM WebSphere Application Server 8.0 Beta (Part 2 of 3)
beta.was.repo.8000.base_2_Oct22_2010.zip (all 3 parts are required) (845 MB)
IBM WebSphere Application Server 8.0 Beta (Part 3 of 3)
beta.was.repo.8000.base_3_Oct22_2010.zip (all 3 parts are required) (862 MB)
clip_image008
IBM Installation Manager for Windows on Intel
iim.win32.x86_1.4.2000.20100901_0107.zip (97 MB)
clip_image010
Unzip the IBM Installation Manager into c:/temp and run install
clip_image012
You will then be presented with the loading screen.
clip_image013
Once loaded, “Click Next" as shown below
clip_image015
Accept the license and click Next to continue
clip_image017
Select an appropriate path into which the installer will be installed.
clip_image019
Click install as shown below
clip_image021Tt
Installation has now completed, close and run the Installation Manager
clip_image023
Or click "Restart Installation Manager" button
When the IIM loads it will ask for a username and password to connect to the online IBM repository. We do not want to do this as we have already downloaded the files.
Click File-Preferences to change the location of the repository files
clip_image025
Make sure that you expand all the downloaded files into a known location:
Click Add a repository. In my example I chose the C:\temp\was8_repo\C:\temp\was8_repo\repository.config which is where the installation is located
clip_image027
We can now see that the repository is located
clip_image029
You can now click Install
clip_image030
When you click install you can see the following
clip_image032
Ensure that version 8.0.0.0 is selected
Accept the terms and click next to proceed the installation
clip_image034
Click Next to continue and select an appropriate installation location
clip_image036
Select everything but the samples
clip_image038
Continue until the installation starts
clip_image040
When the application server binaries have been installed, then you have the option to start the Profile Management Tool to create a profile.
Leave the "Profile Management Tool to create a profile" radio-option selected and click Finish
clip_image041
Select Profile Management Tool from the tools list and click Launch Selected Tool
clip_image042
Click Create as shown above
clip_image043
Click Application Server. At this stage we are not creating a management node. On the next step click the advanced profile creation option.
clip_image044
Why Advanced?
Create application server using default configuration settings or specify your own values for settings such as the location of the profile and names of the profile, node and host. You can assign your own ports. You can optionally choose where to deploy the administrative console and sample application and also add web-server definitions if you wish. Web server definitions are used with IBM HTTP Server. You can search my site to learn more.
clip_image045
As shown above I also ensure that snoop is installed as it is a great application for testing that your server is running correctly. You can search my website for SSL secrets and this document will explain how to use snoop as part of workload management.
On the next screen ensure that Development is selected for runtime tuning to allow our server to start quickly, since it is a local test server, not production.
clip_image046
clip_image047
You can override the default assigned node name and hostname, I have left mine defaulted.
clip_image048
I used wasadmin/wasadmin for username/password
clip_image049
I then left the SSL as defaulted for both step 1 and step 2 of the SSL configuration screens
clip_image051
In my case I already had WebSphere 7 installed locally so mu ports where adjusted by and offset of 1.
clip_image053
I personally have limited resources for automatic starting, so I have requested the installer no install the windows service. We can use local bat files to start and stop the server. Up to you to decide. I find the service style takes too long to stop and start.
clip_image055
You can click next until the end where you can select Create to begin the installation of the profile. I skipped the Web Server definition screen as we are not going to install IHS in this example. Look at my SSL articles to understand how to install IHS.
clip_image056
By launching the first step console you can check that the server will run. You will also see that a new profile has been created called AppSrv01
clip_image057
clip_image058
It can be a good idea to run the Installation Verification,the sever will be started automatically using the following command:
cmd.exe /c "C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\startServer.bat" server1 -profile Name AppSrv01
clip_image059
As shown above the server has started successfully, we can now log into the admin console by opening the following URL:
http://localhost::9061/ibm/console
The server will redirect to https://localhost:9044/ibm/console/logon.jsp, the HTTPS port. You will need to accept the security exception since we are using a private SSLcertificate.
clip_image060
You will notice the new login screen, log in using wasadmin/wasadmin and see what the new IBM WebSphere Application Server version 8 Beta has to offer.






































Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)