This document provides instructions for configuring SSL and certificate-based authentication for an Oracle Application Server. It describes how to create an SSL certificate using the Oracle Certificate Authority (OCA), configure the application server infrastructure for SSL, and enable certificate-based authentication for the single sign-on server. Key steps include using the OCA to generate a certificate signing request and approve it to create an SSL certificate, running the SSLConfigTool to automatically configure the infrastructure for SSL, and updating configuration files to require client certificates for authentication to the single sign-on server.
SQLIOSIM and SQLIO are tools used for stress testing and determining the I/O capacity of disk subsystems. SQLIOSIM simulates SQL Server workloads to test reliability, while SQLIO directly tests disk throughput under different I/O configurations. The presentation provides an overview of what the tools are and are not, how to use them, and how to interpret the results. Key points include how to configure SQLIOSIM, run SQLIO tests in batches, and understand when disk saturation occurs based on latency and throughput metrics.
The document discusses Alfresco security best practices. It covers topics such as hardening the network and operating system, implementing firewall rules, assessing vulnerabilities, and compliance with standards. Best practices for the Alfresco implementation include staying current with patches, enforcing strong permissions, and deleting content when it is removed. The document provides an overview of security considerations for the Alfresco architecture, mobile access, and other deployment aspects.
CloudStack is an open source cloud computing platform that provides infrastructure as a service. It supports various hypervisors (KVM, Xen, VMware), has APIs for self-service provisioning, measures resource usage, and allows for rapid elasticity. CloudStack can be deployed as public, private or hybrid clouds and manages networks, storage, security and high availability of virtual machines.
This document provides an overview and introduction to VMware Virtual SAN (VSAN). It discusses the VSAN architecture which uses SSDs for caching and HDDs for storage. It also covers how VSAN can be configured through storage policies assigned at the VM level. The document outlines how VSAN provides a software-defined storage solution that is hardware agnostic and can elastically scale storage performance and capacity by adding servers and disks.
Kubernetes advanced sheduling
- Taint and tolerant
- Affinity (Node & inter pod)
Learn how to place Pod like (same or different) node, rack, zone, region
日本マイクロソフト株式会社
カスタマーサクセス事業本部 エンタープライズアーキテクト統括本部 クラウドアーキテクト技術本部 クラウドソリューションアーキテクト
牛上 貴司
AVD の導入を検討している方、または、構築に携わる方に向けて、導入する際に肝となるポイントをまとめてみました。
これらのポイントをおさえておくだけで、多くの時間を費やす事や余計なトラブルを回避できると思います。
Windows 365 の登場により、ますます活性化するクラウド VDI 市場に乗り遅れることなかれ!
【Microsoft Japan Digital Daysについて】
Microsoft Japan Digital Days は、お客様が競争力を高め、市場の変化に迅速に対応し、より多くのことを達成することを目的とした、日本マイクロソフトがお届けする最大級のデジタル イベントです。4 日間にわたる本イベントでは、一人一人の生産性や想像力を高め、クラウド時代の組織をデザインするモダンワークの最新事例や、変化の波をうまく乗り切り、企業の持続的な発展に必要なビジネスレジリエンス経営を支えるテクノロジの最新機能および、企業の競争優位性に欠かせないクラウド戦略のビジョンなどデジタル時代に必要な情報をお届けいたしました。(2021年10月11日~14日開催)
How Netflix Tunes Amazon EC2 Instances for Performance - CMP325 - re:Invent 2017Amazon Web Services
At Netflix, we make the best use of Amazon EC2 instance types and features to create a high- performance cloud, achieving near bare-metal speed for our workloads. This session summarizes the configuration, tuning, and activities for delivering the fastest possible EC2 instances, and helps you improve performance, reduce latency outliers, and make better use of EC2 features. We show how to choose EC2 instance types, how to choose between Xen modes (HVM, PV, or PVHVM), and the importance of EC2 features such SR-IOV for bare-metal performance. We also cover basic and advanced kernel tuning and monitoring, including the use of Java and Node.js flame graphs and performance counters.
This document provides an overview of Virtual SAN design and architecture. It discusses Virtual SAN components such as disk groups, datastores, and objects. It describes how data is distributed across disks groups and hosts using techniques like striping and mirroring. It also covers storage policies and how they determine the layout and number of components for distributed objects. Use cases like all-flash configurations, ROBO solutions, and stretched clusters are explained at a high level.
CloudStack has a monolithic architecture and medium difficulty installation. It offers good administration through a web UI and EC2 API compatibility. High availability is achieved through load balancing multiple controller nodes. Eucalyptus closely mimics AWS with 5 main components and medium difficulty installation. It is administered primarily through EC2 compatible CLIs. High availability relies on failover between primary and secondary component nodes. OpenStack has a fragmented architecture into many services and difficult installation due to choices and lack of automation. Administration uses a web UI, EC2 tools, and native CLIs. Security uses Keystone authentication. High availability is achieved primarily through Swift's disk replication "ring", otherwise manual configuration is needed.
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
With KeyCloak you can setup multiple identity providers from existing social networks or setup user-defined authentication servers and use it to secure all your React applications with ease. In this blog, We elaborate on how to setup KeyCloak server, configure it with Google as its identity provider and use it to secure a simple React application.
The document provides step-by-step instructions for securing an Apache web server with a thawte digital certificate. It covers generating a private key and certificate signing request, using a test certificate, requesting a trusted certificate from thawte, configuring SSL in Apache, and installing the certificate. The goal is to help users set up encryption and authentication on their website to build customer trust and address security issues.
WebLogic in Practice: SSL ConfigurationSimon Haslam
The document provides an overview of SSL configuration in Oracle WebLogic Server. It discusses key SSL concepts like key pairs, certificates, and certificate authorities. It describes how WebLogic uses Java keystores for identity and trust, and the tools like keytool and orapki that can be used to manage keys and certificates. The document also covers best practices for SSL configuration in WebLogic like always enabling hostname verification and not using demo certificates in production.
Tomcat is a web container, not a web server. It uses the HTTPConnector to act as a web server and handle HTTP requests. To enable SSL/HTTPS in Tomcat, one must:
1. Generate a self-signed certificate using keytool to create a keystore file for secure connections.
2. Configure the server.xml file to enable the SSL connector and specify the keystore file location.
3. Add a security constraint to the application's web.xml file to specify "CONFIDENTIAL" transport guarantee and require HTTPS for resources.
SSL can also be enabled on PHP applications running on XAMPP without additional configuration since XAMPP already includes OpenSSL support. HTTPS requests
Learn to Add an SSL Certificate Boost Your Site's Security.pdfReliqusConsulting
Enhance your website's security with Reliqus Consulting's simple guide on how to install an SSL certificate. Our step-by-step instructions make it easy for anyone to boost their site's protection. Learn the importance of SSL certificates and follow our user-friendly process to ensure a secure connection for your visitors. Safeguard sensitive data and build trust with your audience by implementing this crucial security measure.
The document provides instructions for attending an Oracle Support Advisor Webcast on troubleshooting issues with TCPS configuration and communication on databases, including how to access the recording and ask questions. It lists two options for attending - listening through computer audio or calling in by phone. It also provides the webinar ID and dial-in details needed to join the teleconference.
Configuration of Self Signed SSL Certificate For CentOS 8Kaan Aslandağ
This document provides instructions for configuring a self-signed SSL certificate for an Apache web server on CentOS 8. It explains how to install the mod_ssl module, generate a self-signed certificate and key, configure Apache to use the certificate, and set up redirection from HTTP to HTTPS. While self-signed certificates encrypt communication, they do not validate the server identity to browsers and will result in security warnings for users.
Uploading certificate with oracle wallet manager and orapki utilitiesÖzgür Umut Vurgun
This document provides step-by-step instructions for uploading SSL certificates to an Oracle wallet using Oracle Wallet Manager (OWM) and orapki utilities. It explains how to create and manage wallets, import certificates, define access control lists (ACLs) to grant users access to web services, and call web services securely using UTL_HTTP and stored procedures. The goal is to help database administrators connect to web services over HTTPS and retrieve data from Oracle databases.
The document provides instructions for creating a key pair and public-key certificate for the SAP J2EE Engine to use SSL. It describes opening the Key Storage service, selecting the appropriate view, and using the Key and Certificate Generation dialog to specify properties for the certificate like the organization and common name, then generating the key pair and certificate. It also describes later getting the certificate signed by a Certificate Authority if it is not self-signed.
Net scaler installation and configurationbimalkishore4
The document provides step-by-step instructions for installing and configuring NetScaler ADC VPX 10.1, including uploading the VPX to XenServer, configuring the NetScaler, installing an SSL certificate, setting up the NetScaler Gateway virtual server, installing the Web Interface on NetScaler, and configuring the NetScaler to redirect to the Web Interface. Key steps include downloading the NetScaler VPX and Web Interface components, configuring networking settings on the NetScaler, uploading and installing an SSL certificate from a CA, creating an LDAP server and policy for authentication, and customizing the Web Interface site appearance.
With a complete new Identity/Access Management Suite on the Oracle market,
one might forget the good old SSO server, bundled with each and every IAS server.
Although it has some out-of-the-box capabilities like WNA and X509 certificate support,
it can be quite hard to set up an authentication scheme just the way you (or your customers) like it.
Using a case study, this presentation discusses how you can extend Oracle’s Single
Sign On (SSO) server to your needs. It will discuss :
- Integration & authentication with smartcard passports (eID)
- Authentication with digital certificates
- Implementing fallback authentication schemes
- Integration with SSL terminators and reverse proxies
- DIY federated authentication
- writing your own SSO plugin
The solutions presented are part of AXI NV/BV's portfolio.
This document discusses SSL certificates and code signing. It begins by explaining how SSL certificates encrypt sensitive information during HTTPS connections and help gain customer trust. It then covers the basics of symmetric and asymmetric cryptography used in SSL. The document also discusses code signing certificates and how they help protect users by verifying the integrity of downloaded files. It provides examples of installing SSL certificates and lists additional resources on related topics like certificate authorities and Java code signing.
How To Install and Configure Apache SSL on CentOS 7VCP Muthukrishna
This document provides instructions on how to install and configure Apache SSL on CentOS 7. It includes steps to install the httpd package and enable the service, create a self-signed SSL certificate, configure the SSL settings in the Apache configuration file including the certificate and key files, open firewall ports, and validate the SSL configuration. The goal is to securely serve HTTPS traffic from the Apache web server using the newly created SSL certificate.
This document provides steps to install and configure mod_ssl on CentOS/Fedora/Redhat to enable HTTPS on the Apache web server. It describes generating a self-signed certificate, editing the ssl.conf and httpd.conf configuration files to specify the certificate details and enable SSL, and restarting the Apache server to apply the changes.
SSL, more strictly called Transport Layer Security (TLS), is a means to encrypt data that is in flight between software components, whether within your data center or between that and your end users' devices. This prevents eavesdroppers seeing confidential information, such as credit card numbers or database passwords, and ensures that components are communicating with who they they think they are. So why isn't SSL/TLS used for all electronic communications? Firstly it is, almost by definition, "slightly tricky" to configure and errors are not terribly informative when things don't work (why would you help a hacker?!). Secondly there is a performance overhead for running TLS, although with modern hardware this is probably less of a concern than it used to be.
This session describes how to configure TLS at all layers within a Fusion Middleware stack - from the front-end Oracle HTTP Server, right through to communications with the database.
This platform was first given by Simon Haslam (eProseed UK) and Jacco Landlust (ING) at the OGh Fusion Middleware Experience event in February 2016.
How to get secure web services ssl apex-convertedSyed SadathUllah
This document provides steps to configure an Oracle APEX environment to make secure web service calls using SSL/HTTPS. It involves:
1) Allowing external database connections by granting privileges to a user.
2) Configuring the wallet location in sqlnet.ora to store and use digital certificates.
3) Creating a wallet directory and wallet using orapki to manage certificates.
4) Downloading certificates and exporting them to the wallet location.
5) Testing the secure web service call by logging in as the configured user.
This document provides steps to configure SSL communication in WebSphere Message Broker on AIX. It discusses generating a keystore, creating a certificate signing request, importing certificates, and configuring the broker registry and properties to enable HTTPS. The key steps are:
1. Generate a keystore and CSR for the broker instance
2. Import root/intermediate CA and signed certificates to the keystore
3. Configure the broker registry to specify the keystore and truststore files
4. Modify broker properties to enable SSL, associate the keystore, and set ports for HTTP and HTTPS requests
This document discusses using the AngularJS framework within Oracle Application Express (APEX) applications. It provides background on the presenter and his company, which focuses on Oracle technologies. It then explains some key aspects of integrating AngularJS and APEX, such as linking Angular asset files, modifying the page template, and standardizing Ajax processes. While AngularJS is powerful and feature-rich, it also has a steep learning curve and is more complex than standard APEX development.
This document summarizes techniques for controlling execution plans in Oracle without modifying SQL code. It discusses reasons why plans may be bad, such as bad statistics or optimizer limitations. It then describes four Oracle hint-based mechanisms - outlines, SQL profiles, SQL patches, and SQL baselines - that can apply hints behind the scenes to influence the optimizer. While helpful in some cases, these mechanisms are not intended for widespread or systemic plan issues. The document cautions that profiles in particular may become invalid over time.
This document discusses Accenture's Environment-as-a-Service (EaaS) solution for provisioning and managing application environments on Oracle Engineered Systems. Key points include:
- EaaS allows cloning of application environments like Oracle ERP and SAP ERP in minutes instead of weeks/months.
- It provides automated provisioning, cloning, and monitoring of database and application environments on Exadata and Exalogic.
- Accenture demonstrates EaaS capabilities like cloning SAP environments in 10 minutes and cloning environments using mobile devices.
The document discusses Exadata and database migration strategies. It provides information on an Oracle consulting partner called Enkitec that specializes in Exadata implementations. The document discusses reasons for migrating databases to Exadata, such as hardware end of life. It also summarizes strategies for migrating databases to Exadata, such as lift and shift migrations with minimal changes or more optimized migrations after analyzing the workload. The document further discusses Exadata features like Smart Scan and Hybrid Columnar Compression that provide performance and storage benefits.
In Memory Database In Action by Tanel Poder and Kerry OsborneEnkitec
The document discusses Oracle Database In-Memory option and how it improves performance of data retrieval and processing queries. It provides examples of running a simple aggregation query with and without various performance features like In-Memory, vector processing and bloom filters enabled. Enabling these features reduces query elapsed time from 17 seconds to just 3 seconds by minimizing disk I/O and leveraging CPU optimizations like SIMD vector processing.
This document discusses plan stability in Oracle databases and different techniques for stabilizing query plans. It begins by defining plan flexibility and stability, and describes why plans may perform inconsistently or "flip" between different executions. The document then covers various Oracle features for improving plan flexibility like SQL profiles and improving plan stability like hints, stored outlines, and SQL plan management. It provides an example of using SQL profiles and Automatic Workload Repository data to capture and apply a previously high-performing plan to stabilize a query that saw performance degradation after an upgrade.
This document provides an introduction to using the GNU debugger (GDB) for profiling C function sequences in Oracle databases. It discusses how GDB can be used to attach to running Oracle processes and set breakpoints to pause execution when specific functions are entered. This allows analyzing function call flows and identifying performance bottlenecks. The document also covers limitations of using GDB due to Oracle binaries not containing debug symbols and being dynamically linked.
This document provides instructions for using the gdb debugger to profile C function sequences in Oracle. It outlines the goals of learning how to use gdb for profiling and lists prerequisites. It then provides step-by-step instructions for tracing an Oracle query using native Oracle tracing mechanisms and the Linux strace utility to include system call information.
The document discusses various tools that can be used for monitoring and tuning Oracle database performance. It describes tools like Oracle Enterprise Manager (OEM), Automatic Workload Repository (AWR), Automatic Database Diagnostic Monitor (ADDM), Active Session History (ASH), Snapper, and EDB360. These tools provide capabilities like monitoring database health and performance metrics over time, diagnosing performance bottlenecks, and capturing session-level activity. The presentation provides examples and demonstrations of using these tools to analyze performance and health check a sample Exadata database.
Any DBA from beginner to advanced level, who wants to fill in some gaps in his/her knowledge about Performance Tuning on an Oracle Database, will benefit from this workshop.
This document discusses and compares SQL tuning tools including standalone scripts, SQLHC, and SQLTXPLAIN. Standalone scripts provide specialized diagnostics but require no database installation. SQLHC provides common diagnostics needed for SQL tuning without installation. SQLTXPLAIN provides the most robust set of diagnostics and test case extraction but requires installing two schemas. The tools take a SQL statement as input and output diagnostic files used for SQL tuning.
Using SQL Plan Management (SPM) to Balance Plan Flexibility and Plan StabilityEnkitec
This presentation is about understanding all 3 components of SPM and how we can use this technology to efficiently migrate "good" Execution Plans from one Release to another, or from one System to another.
This document discusses tuning Oracle GoldenGate for optimal performance. It begins with an overview of GoldenGate architecture and use cases, then discusses the importance of baseline monitoring. Key metrics to monitor are identified as lag times, checkpoint information, CPU usage, memory usage, and disk I/O. The document provides examples of commands to gather baseline data on these metrics. It then discusses configuring GoldenGate for parallel processing using multiple process groups to optimize performance. Overall it provides guidance on setting baselines and configuring GoldenGate to minimize lag times and resource utilization.
This document provides an overview and agenda for a presentation on tuning Oracle GoldenGate performance. It discusses measuring baseline GoldenGate performance metrics like lag times and checkpoints. It also covers tuning GoldenGate configurations like using multiple process groups. The document recommends tuning the operating system by monitoring CPU, memory, and disk I/O performance and addressing any bottlenecks found. The goal of these tuning efforts is to reduce lag times and optimize GoldenGate throughput.
How Many Ways Can I Manage Oracle GoldenGate?Enkitec
This document provides information about an upcoming E4 conference, including registration details, location information, and post-conference training days. It also contains tables describing Oracle GoldenGate parameters and commands for processes like EXTRACT, REPLICAT, and Manager. Bugs encountered with various Oracle GoldenGate components are also listed along with their corresponding MOS Note IDs for resolution. The document emphasizes properly monitoring data and evaluating any scripts used.
Understanding how is that adaptive cursor sharing (acs) produces multiple opt...Enkitec
The document discusses Adaptive Cursor Sharing (ACS) in Oracle databases. ACS allows a SQL statement to have multiple optimal execution plans depending on the selectivity of bind variables. This helps avoid plan flipping that can occur with regular cursor sharing. The document explains how ACS works, how statements become bind sensitive and bind aware to take advantage of ACS, and how execution plans and rows processed are monitored to build selectivity profiles for statements.
Sql tuning made easier with sqltxplain (sqlt)Enkitec
SQLTXPLAIN (SQLT) is a free tool that provides comprehensive diagnostics for SQL tuning. It takes a single SQL statement as input and outputs a compressed file containing a main HTML report and other files. The document discusses installing and using SQLT to extract diagnostic information for a SQL statement using its SQL_ID or by executing the SQL text. It also recommends practicing with SQLT and reading a book on mastering SQLTXPLAIN.
Profiling the logwriter and database writerEnkitec
The document provides information about profiling the log writer (LGWR) and database writer (DBWR) processes in Oracle. It begins with introductions and an overview of goals and prerequisites. It then discusses the behavior of LGWR in an idle database, showing that it sleeps for 3 seconds intervals. When a transaction is committed, LGWR is notified and will write the redo log buffer to disk without waiting if the data has already been written, or will wait up to 100ms if not. The document reveals that the wait may sometimes be absent depending on progress of LGWR and foreground processes.
This document summarizes a presentation about leveraging in-memory storage to overcome Oracle PGA memory limits. The presenter is a senior consultant with experience designing and implementing clustered and high availability Oracle solutions. They discuss how data volumes and processing power have increased while database designs have decreased over time. They cover Oracle's PGA memory structure and limits, including how manually and automatically managing work areas. The document also summarizes how using techniques like Linux tmpfs or ZFSSA can dramatically improve temporary I/O performance by 10x to 50x times for large queries that hit PGA limits.
Are you interested in learning about creating an attractive website? Here it is! Take part in the challenge that will broaden your knowledge about creating cool websites! Don't miss this opportunity, only in "Redesign Challenge"!
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsLinda Zhang
This brochure gives introduction of MYIR Electronics company and MYIR's products and services.
MYIR Electronics Limited (MYIR for short), established in 2011, is a global provider of embedded System-On-Modules (SOMs) and
comprehensive solutions based on various architectures such as ARM, FPGA, RISC-V, and AI. We cater to customers' needs for large-scale production, offering customized design, industry-specific application solutions, and one-stop OEM services.
MYIR, recognized as a national high-tech enterprise, is also listed among the "Specialized
and Special new" Enterprises in Shenzhen, China. Our core belief is that "Our success stems from our customers' success" and embraces the philosophy
of "Make Your Idea Real, then My Idea Realizing!"
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
How to Avoid Learning the Linux-Kernel Memory ModelScyllaDB
The Linux-kernel memory model (LKMM) is a powerful tool for developing highly concurrent Linux-kernel code, but it also has a steep learning curve. Wouldn't it be great to get most of LKMM's benefits without the learning curve?
This talk will describe how to do exactly that by using the standard Linux-kernel APIs (locking, reference counting, RCU) along with a simple rules of thumb, thus gaining most of LKMM's power with less learning. And the full LKMM is always there when you need it!
What's Next Web Development Trends to Watch.pdfSeasiaInfotech2
Explore the latest advancements and upcoming innovations in web development with our guide to the trends shaping the future of digital experiences. Read our article today for more information.
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
Quality Patents: Patents That Stand the Test of Time
SSL Setup for Oracle 10g AS
1. 10gAS SSL / Certificate Based Authentication Configuration
I. Overview
This document covers the processes required to create a self-signed certificate or to import a 3rd
party certificate using the Oracle Certificate Authority. In addition, the steps to configure the App
Server for SSL and Certificate Base Authentication are included.
II. SSL Certificate Creation
An SSL certificate is required in order to enable encryption between the web server and client.
Oracle’s Application Server is delivered with a Server Certificate that is meant only for testing.
This section of the document explains how to use Oracle’s Certificate Authority (OCA) to create a
Certificate Signing Request (CSR) and then use that CSR to create a real Server Certificate. This
CSR can also be used to obtain a Server Certificate from a Trusted Authority like Verisign.
Because the Server Certificate will be created and “signed“ by OCA, a standard browser will not
recognize it as a “trusted” certificate. Trusted Certificates are pre-loaded in the browser and are
available at all times. So if you request a Server Certificate from Verisign, your browser already
recognized it as being trusted. You can, however, load the OCA created certificate in your
browser permanently and effectively “trust” it. From that point on, the browser will not display a
trust warning when you connect to a site that uses the OCA certificate.
A. Certificate Creation
The default wallet directory should be named : /etc/ORACLE/WALLETS/<user>
By default, a directory called /etc/oracle may already exist and will likely be owned by root
so the ownership of the directories must be changed to oracle. The name of the directory
must be changed to /etc/ORACLE before doing anything else.
Once the name has been changed, add the following subdirectories :
/WALLETS/<user that installed the app server>
The finished directory should look like this:
/etc/ORACLE/WALLETS/oracle
Change to the /etc directory and modify the owner/group of
/etc/ORACLE/WALLETS/oracle to oracle/dba using the following command:
chown oracle:dba ORACLE
2. 10gAS SSL / Certificate Based Authentication Configuration
B. Run the Oracle Wallet Manager (owm) from <ORACLE_HOME>/bin
If the process in step 1 is not done correctly, owm will tell you that the default wallets directory
does not exist and asks if you would like to create it. If any of the directories under
/etc/ORACLE are still owned by root, this will also fail. If everything works correctly, the “New
Wallet” window will appear asking for a password for the new wallet.
1. Click the <Wallet> menu and then <New>
2. Enter the password : enk1tec1
Passwords must be at least 8 chars and contain both alpha and numeric characters.
2. Leave the wallet type set to <Standard>
3. The next popup asks if you want to create a new Certificate Signing Request
(CSR). Answer <Yes>.
4. For the parameters of the CSR, use the following values
Common Name : specify the name or alias of the site that will be configured for
HTTPS support. (bart.enkitec.com)
Organizational Unit : IT
Organization : enkitec
Locality / City : grapevine
State / Province : TX
Country : US
Key Size : 2048
3. Click <Ok>
If the CSR (Certificate Signing Request) was created correctly, a window will pop up
telling you that it was created successfully.
4. Click <Ok>
3. 10gAS SSL / Certificate Based Authentication Configuration
C. Creating a Certificate Signing Request (CSR)
Once the CSR has been created, a certificate can be created either by using Oracle Certificate
Authority (OCA) or by sending the CSR to another Certificate Authority (CA) like Verisign or
Thawte. If using a public CA, skip the next section which describes how to use OCA to create
the certificate.
1. Check the status of the OCA. Run the following command on the machine where the
infrastructure is installed:
<$ORACLE_HOME>/oca/bin/ocactl status
You will be prompted for the OCA password (enk1tecoca)
If it shows that the OCA is not running, start it using the following command:
<$ORACLE_HOME>/oca/bin/ocactl start
You will be prompted for the OCA password (enk1tecoca)
2. Run the OCA Administration Interface
Note - Don’t try this with FireFox. Use IE here.
The OCA Administrator requires that you get the Administrator Certificate before you
can use any of the tools. This is done the first time you log in. This cert is used to
encrypt the traffic between you and the OCA administration interface.
The OCA Admin page is accessed via URL. The port number used in this URL is listed
in portlist.ini as the following:
Oracle Certificate Authority SSL Server Authentication port = 6600
Check .../install/portlist.ini for the actual port for oca
The URL is as follows:
https://<host>.enkitec.com:<port>/oca/admin
When the page is displayed, click the “Click Here” link to fill out the enrollment form.
Fill in the fields of this form as follows:
4. 10gAS SSL / Certificate Based Authentication Configuration
Common name The name that you want on the certificate
bart.enkitec.com
Email address Email address of the administrator
oca_admin@enkitec.com
Organization unit Name of the organization unit or division to which the administrator
belongs
IT
Organization Name of the company or organization to which the administrator
belongs
enkitec
Location The city location of the administrator
grapevine
State The state or province of the administrator
TX
Country Two-letter code for the administrator's country
US
Password Password for the oca_admin account. This must be the same
password assigned during the install of OCA.
enk1tecoca
D. Signing the CSR and Creating a Certificate
Now that the CSR has been created and stored in the Wallet Manager on the server, it can be
used to create an actual certificate. To do this, the CSR needs to be exported from the Wallet
Manager and imported into the OCA using the OCA Web Interface.
To Export the CSR from the Wallet Manager and import it into the OCA Admin tool, do the
following:
1. Open the Wallet Manager on the Server. $INFRA_HOME/bin/owm
5. 10gAS SSL / Certificate Based Authentication Configuration
2. Highlight the CSR and click <Operations><Export> from the menu
3. Name and Save the CSR. Give it a recognizable name and “.csr” extension
4. Open the file and copy the entire contents into the clip board
5. Nav to the OCA Web Interface. https://host:port/oca/user
6. If this is the first time this interface is accessed, do the following:
1. Click on “click here to install the certificate authority certificate into
your browser”
Follow the prompts to install the cert in your browser. This will install the
admin cert in your browser. You should export this cert from your browser
to a file immediately since you only have one chance to obtain the cert (don’t
know how OCA knows you have been here before).
2. Click on “click here to save the certificate authority certificate to your
file system”
7. Once the Certificate Authority Certificate is loaded, click on the
<Server / SubCA Certificates> tab
8. In the <PKCS#10 Request> field, paste in the CSR from the Wallet Manager
(obtained in steps 1-4).
9. Supply a Name / eMail address / phone number. These are required but are not
tied to anything in the Certificate.
10. Approve the CSR by going to https://host:port/oca/admin
11. Click the <
The OCA administration interface can now be used to accept CSR’s and create certificates.
2. Send the CSR to OCA to create the new Server Certificate
Either copy the text of the CSR into the clipboard or write it to a file. Depending
on the XWindows system being used, you may or may not be able to copy the
text so that it can be pasted later.
Use the following URL to access the User page of the OCA:
https://bart.enkitec.com:6600/oca/user
6. 10gAS SSL / Certificate Based Authentication Configuration
Click the Server/SubCA certificates tab to access the certificate request form.
Press the Request Certificate button to import the certificate request that you
created with the Oracle Wallet Manager.
Copy the content stored in the clipboard to the Certificate Request field in the
OCA form. Enter the information required on this page and press the Submit
button.
3. Approve the CSR
Open the OCA administration page with a browser that has the OCA
Administrator Certificate installed and click the Certificate Management tab.
The Certificate Management tab shows a list of all pending certificate requests.
Press the View Details button to approve or reject the selected certificate
request. To approve a request, press the Approve button.
This creates the server certificate that must be imported into the Oracle Wallet
Manager. In addition, because OCA is not a commercial certificate authority, you
need to download the root certificate of the OCA instance and add it to the list of
trusted root certificates in Oracle Wallet Manager. This however is the job of the
certificate requestor, which in the Oracle Forms Services case is not necessarily
the same person administering OCA.
4. Obtaining the Root Certificate from OCA
In order to be able to use the certificate that was just created, the root certificate
from OCA must be imported into the wallet. If you don’t have this root certificate
in the wallet, it will not allow you to import the server certificate that was just
created since OCA is not a “trusted certificate authority” like Verisign or Entrust
(the wallet comes with root certs from GTE, Entrust, and others).
To download the OCA root certificate, select the click here link below the Oracle
Wallet Manager or Web server administrators headline.
7. 10gAS SSL / Certificate Based Authentication Configuration
5. Importing the root certificate
6. Importing the server certificate
7. Saving the Wallet
Note - Make sure to check the “Auto Login” checkbox under the <Wallet> menu or you will
not be able to assign this wallet to the web cache.
III. Convert Infrastructure to SSL
In order to configure the Infrastructure Layer to SSL, the SSLConfigTool can be used. This
only works in relase 10.1.2 or later. In addition, the Infrastructure layer must be set up for SSL
in order to use Certificate Based Authentication.
A. Automatic SSL Configuration
This section describes how to set up the Infrastructure component of the App Server 10gR2
to respond to SSL requests. The automated method using a tool called SSLConfigTool
8. 10gAS SSL / Certificate Based Authentication Configuration
1. Set ORACLE_HOME to the Infrastructure home
2. $ORACLE_HOME/bin/SSLConfigTool -config_w_prompt -opwd enk1tec
3. Do you want to configure your site to accept browser requests using SSL protocol?
[y]: y
4. What is the virtual host name for your site? [marge.enkitec.com]: login.enkitec.com
Note – this is a virtual name for this machine. If you have more than one SSL
based App Server on a machine, this name must be unique.
5. What is the virtual port number for your site? [4444]: 4444
6. Does your site have an external load balancer (LBR)?
Note: Do NOT include OracleAS Web Cache as LBR here. [y]: n
7. Does your site have OracleAS Web Cache? [y]: n
8. Do you want to supply your own wallet location for OHS? [n]: n
9. You have supplied all the information. Are you ready to continue? [y]: y
Note : Several scripts will now be run. This can take several minutes to
complete. Be patient.
10. Run the following command to re-register the Portal with Single Sign On
<mid_tier_home>/portal/conf/ptlconfig -dad portal -site -wc -em
B. Testing the SSL Configuration
Check the $ORACLE_HOME/install/portlist.ini to get the SSL port for the Infrastructure layer to
get the HTTPS listen port. It will look something like this:
Oracle HTTP Server Listen (SSL) port = 4444
To test the configuration, access the Portal using the HTTP Server Port. This is the second
port listed in the portlist.ini file named “HTTP Server Listen Port = 9999”.
9. 10gAS SSL / Certificate Based Authentication Configuration
http://server.domain.com:9999/pls/portal
You should be redirected to the SSL based SSO server. You will know this worked if the
browser asks you to accept or view the server’s certificate. Accept the certificate temporarily
and then log in as the “Portal” user. Notice that the Portal pages are not HTTPS (SSL) pages,
only the SSO server is encrypting content at this point.
C. Creating New Users
After converting the OSSO server to SSL, the Create User function in the Portal no longer
works. This issue can be avoided using the one of the following two methods:
Use OIDDAS directly to create users
1. Navigate to https://server:ssl_port/oiddas
2. Click on the <Directory> tab
3. Click on <Create> above the user list
4. Fill in the required fields and click <Submit>
5. Verify that the user was created by clicking on the <Go> button next to “Advanced
Search”
Fix the Portal
Steps TBD
IV. Configuring the SSO Server for Certificate Based Authentication
Certificate Based Authentication allows a user who has a “Client Certificate” pass the SSO Server
without providing a username / password. This section will describe how to set up the SSO Server
for this type of authentication along with how to generate Client Certificates.
These steps are taken almost directly from Appendix E of the Oracle Certificate Authority
Administration guide.
A. Enabling Certificate Base Authentication for SSO
1. The process of requesting a User Certificate requires authenticating to the OCA via
browser. By default, OCA expects the user to already have a user certificate. This step
10. 10gAS SSL / Certificate Based Authentication Configuration
negates that requirement and allows the user to request a certificate using their Single
Sign-On id.
Edit $ORACLE_HOME/sso/conf/policy.properties
Add or Edit the following lines:
DefaultAuthLevel = MediumHighSecurity
MediumHighSecurity_AuthPlugin =
oracle.security.sso.server.auth.SSOX509CertAuth
MediumSecurity_AuthPlugin =
oracle.security.sso.server.auth.SSOServerAuth
Oca_hostname:port = MediumSecurity
2. Restart the SSO Server
$ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=OC4J_SECURITY
$ORACLE_HOME/opmn/bin/opmnctl startproc process-type=OC4J_SECURITY
B. Changing the OCA Wallet Password
Stop oca
ocactl setpasswd –type CASSL <Enter>
Start oca
C. Update the ssl.conf file
SSLWallet
The location, or path, of the server wallet. The default location is
ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default.
Note:The actual location of the Oracle home must be substituted for the variable.
If OracleAS Certificate Authority is installed in the same Oracle home as OracleAS Single Sign-On,
and you want to use this CA to issue certificates, the wallet location is
ORACLE_HOME/oca/wallet/ssl. See "Choosing a Certificate Authority" for details.
SSLWalletPassword
Password for the server wallet
SSLVerifyClient
The verification type for client certificates. These are the three types:
11. 10gAS SSL / Certificate Based Authentication Configuration
• none—SSL without certificates
• optional—server certificate and optionally client certificate
• require—server and client certificates
You must choose either optional or require.
3.
D. Restart everything on both tiers
E. Request a user certificate
Here are my revised notes:
- Brian
MARGE
=======
Infrastructure:
--------------------
From http://download-west.oracle.com/docs/cd/B14099_19/core.1012/b13995/ssl_config_tool.htm#BABIAHEB:
1) Set ORACLE_HOME to the Infrastructure home
2) $ORACLE_HOME/bin/SSLConfigTool -config_w_prompt -opwd enk1tec
3) Do you want to configure your site to accept browser requests using SSL protocol? [y]: y
4) What is the virtual host name for your site? [marge.enkitec.com]: login.enkitec.com
5) What is the virtual port number for your site? [4444]: 4444 ***I recommend using the Oracle HTTP Server
Listen (SSL) port from $OH/install/portlist.ini!!!***
6) Does your site have an external load balancer (LBR)?
Note: Do NOT include OracleAS Web Cache as LBR here. [y]: n
12. 10gAS SSL / Certificate Based Authentication Configuration
7) Does your site have OracleAS Web Cache? [y]: n
8) Do you want to supply your own wallet location for OHS? [n]: n
9) You have supplied all the information. Are you ready to continue? [y]: y
NOTE: This will cause Enterprise Manager to indicate that the "Single Sign-On:orasso" component is down.
Need to import the root CA certificate into the EM wallet.
***
If this causes HTTP-403 "Forbidden" "You don't have permission to access /sso/auth on this server" when trying
to login to Portal, see MetaLink Note:334172.1
***
Middle Tier:
-----------------
From http://download-west.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_secur.htm#CHDEAJAC:
When choosing the SSL port #, I recommend using the Oracle HTTP Server Listen (SSL) port from
$OH/install/portlist.ini! Otherwise, you will have to change the listen port in Apache (and maybe other places).
1) Web Cache
a) From Web Cache Admin, add a port: IP Address=*, Port=4446, Protocol=HTTPS, Require Client-Side
Certificates for HTTPS=Not Required, Wallet for
HTTPS=/opt/oracle/product/oas/10.1.2/mid/Apache/Apache/conf/ssl.wlt/default
b) From Web Cache Admin:
1) Add a site: Host=portal.enkitec.com, Port=4446, Prefix=<blank>, Selected Origins
Servers=marge.enkitec.com:7782
2) Click "OK"
3) Select the new site and click "Set as Default Site"
c) Restart Web Cache
2) PPE
a) Backup and edit $ORACLE_HOME/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF/web.xml
b) Add the following lines to the section for the "page" servlet:
<init-param>
<param-name>useScheme</param-name>
<param-value>http</param-value>
</init-param>
<init-param>
<param-name>usePort</param-name>
<param-value>7781</param-value>
</init-param>
<init-param>
<param-name>httpsports</param-name>
<param-value>4446</param-value>
</init-param>
c) Save and exit
3) Re-Register HTTP Server Partner Application
13. 10gAS SSL / Certificate Based Authentication Configuration
a) Execute:
$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path $ORACLE_HOME -site_name portal.enkitec.com
-config_mod_osso TRUE
-mod_osso_url https://portal.enkitec.com:4446 -config_file
$ORACLE_HOME/Apache/Apache/conf/osso/osso.conf -admin_info cn=orcladmin
4) Specify the OracleAS Portal Published Address and Protocol
a) From EM console, click "Portal:portal"
b) Click "Portal Web Cache Settings" in the Administration section
c) Change Listening Port to "4446"
d) Change Listening Port SSL Enabled to "Yes"
e) Click "Apply"
f) Edit httpd.conf
g) Add the following lines to the bottom of the file:
LoadModule certheaders_module libexec/mod_certheaders.so
NameVirtualHost 192.168.10.58:7782
<VirtualHost 192.168.10.58:7782>
ServerName portal.enkitec.com
Port 4446
SimulateHttps On
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
h) Apply the changes and restart the HTTPS Server
i) $ORACLE_HOME/opmn/bin/opmnctl stopall
j) $ORACLE_HOME/opmn/bin/opmnctl startall