Different ways to take thread dumps in WebLogic Server

Filed under Application Server, howto, Linux, Software, Ubuntu, Weblogic by on February 20, 2012 at 10:56 am {no comments}

We can find out the reason behind application slowness by analyzing the Thread Dump in Java world. Thread dumps are also very useful to analyze and troubleshoot performance related issues such as server hang, deadlocks, slow running, idle or stuck applications, slow database interactions etc.

The thread dump is a snapshot of exactly what’s executing at a moment in time. (more…)

Weak Ciphers in Weblogic Application Server

Filed under Application Server, howto, Linux, Tips, Ubuntu, Weblogic by on February 15, 2012 at 10:37 am {no comments}

In cryptography, a cipher is an algorithm for performing encryption or decryption i.e a series of well-defined steps that can be followed as a procedure. In SSL cipher suits are responsible for encryption.

To configure SSL in Weblogic follow this post

In Weblogic Application Server by default following ciphers are supported

Cipher Suite : TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Symmetric Key Strength (Bits): 168

Cipher Suite : TLS_DHE_RSA_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
Symmetric Key Strength (Bits): 168

Cipher Suite : TLS_DH_anon_WITH_RC4_128_MD5
Symmetric Key Strength (Bits): 128

Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_WITH_RC4_128_SHA
Symmetric Key Strength (Bits): 128

Cipher Suite : TLS_RSA_WITH_RC4_128_MD5
Symmetric Key Strength (Bits): 128

Cipher Suite : TLS_RSA_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_RSA_EXPORT_WITH_RC4_40_MD5
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_WITH_3DES_EDE_CBC_SHA
Symmetric Key Strength (Bits): 168

Cipher Suite : TLS_RSA_WITH_NULL_SHA
Symmetric Key Strength (Bits): 0

Cipher Suite : TLS_RSA_WITH_NULL_MD5
Symmetric Key Strength (Bits): 0

Cipher Suite : TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_RSA_WITH_AES_128_CBC_SHA
Symmetric Key Strength (Bits): 128

Cipher Suite : TLS_RSA_WITH_AES_256_CBC_SHA
Symmetric Key Strength (Bits): 256

In the above list there are some cipher which are vulnerable. To close this ciphers we have do following:
Step 1 Stop weblogic Admin / Managed Server

Step 2 Go to Domain Home
For eg
cd /app/Oracle/Middleware/user_projects/domains/vidyadhar/

Step 3 Now we have to modify config file.

cd /app/Oracle/Middleware/user_projects/domains/vidyadhar/config

First we will take a backup of existing config.xml file

cp config.xml config.xml.orig

Step 4 To disable weak ciphers you have to add following under ssl tag in config.xml

<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>
<ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>

See the screenshot for better understanding

In my scenario I am having only single Admin Server which is running on https 7002 port. If you have managed server which is running on https port then you have to add above values in the SSL tag of managed server also.

Step 5 Now do the start the weblogic services.

You can test the cipher suites using SSLDigger

Resetting lost password of Admin server in Weblogic

Filed under Application Server, howto, Linux, Tips, Ubuntu, Weblogic by on July 14, 2011 at 11:42 am {no comments}

Recently one of our client forgot weblogic username and password, and the weblogic is in production mode. He was not having boot.properties set to start weblogic automatically, so my task is
1. Reset the admin server password
2. Create boot.properties, so client not need to enter passoword every time they start weblogic.

About Setup
Client was having single domain, for our refrence purpose we will call it techienote.
Our ORACLE or MIDDLEWARE HOME is at /app/Oracle/Middleware
Weblogic version 10.3.5.0

PROCESS
NOTE : All the weblogic releated services should be shut.

1.Setting Enviournment

cd $ORACLE_HOME/user_projects/domains/techienote/bin
source setDomainEnv.sh

2.Change to security directory and rename DefaultAuthenticatorInit.ldift file.

cd $ORACLE_HOME/user_projects/domains/techienote/security
mv DefaultAuthenticatorInit.ldift DefaultAuthenticatorInit.ldift.bak

3.Create DefaultAuthenticatorInit.ldift file in security folder

cd $ORACLE_HOME/user_projects/domains/techienote/security
java weblogic.security.utils.AdminAccount weblogic admin .

Remember there is DOT at the end of command it indicated generate DefaultAuthenticatorInit.ldift in current directory,
syntax of the command is
java weblogic.security.utils.AdminAccount .
So our username is weblogic and password is admin

4.Rename ldap directory

cd $ORACLE_HOME/user_projects/domains/YourDomainName/servers/AdminServer/data/
mv ldap ldap.bak
mkdir ldap

5.If your are having boot.properties rename it first

cd $ORACLE_HOME/user_projects/domains/techienote/servers/AdminServer/security
mv boot.properties boot.properties.bak

6.Start the weblogic server

cd $ORACLE_HOME/user_projects/domains/techienote/bin
./startWebLogic.sh

7.Now our weblogic server should start, so now we need to create boot.properties to start Weblogic without entering user name and password.

cd $ORACLE_HOME/user_projects/domains/techienote/servers/AdminServer/
mkdir security
cd $ORACLE_HOME/user_projects/domains/techienote/servers/AdminServer/security/
echo "username=weblogic" >> boot.properties
echo "password=admin" >> boot.properties

Self Signed Certificate Weblogic

Filed under Application Server, howto, Linux, Ubuntu, Weblogic by on July 7, 2011 at 11:52 am {no comments}

Recently I need to test SSL in weblogic. For the same I have to generate a self signed certificate for Weblogic. We can use keytool command to generate self signed certificate.

Generating Certificate
1. Create a directory to store certificate. Remember do not delete this directory, you may need to use generated files for future use also.

mkdir ~/csr
cd ~/csr

2. Create a key pair

keytool -genkey -alias techienote -keyalg RSA -keypass privatepassword -keystore identity.jks -storepass password -validity 365

The above command will ask following information. Feel it carefully.

What is your first and last name?
  [Unknown]:  ubuntu.home.network                                                                                              
What is the name of your organizational unit?
  [Unknown]:  IT
What is the name of your organization?
  [Unknown]:  TECHIENOTE
What is the name of your City or Locality?
  [Unknown]:  MUMBAI
What is the name of your State or Province?
  [Unknown]:  MAHARASHTRA
What is the two-letter country code for this unit?
  [Unknown]:  in
Is CN=ubuntu.home.network, OU=IT, O=TECHIENOTE, L=MUMBAI, ST=MAHARASHTRA, C=IN correct?
  [no]:  yes

3. Export the certificate from identity keystore into a file, say root.cer

keytool -export -alias techienote -file root.cer -keystore identity.jks

OUTPUT

Enter keystore password:  
Certificate stored in file <root.cer>

Enter keystore password specified in step 2

4. Import the certificate you exported into trust.jks

keytool -import -alias techienote -trustcacerts -file root.cer -keystore trust.jks

OUTPUT

Enter keystore password:  
Re-enter new password: 
Owner: CN=ubuntu.home.network, OU=IT, O=TECHIENOTE, L=MUMBAI, ST=MAHARASHTRA, C=IN
Issuer: CN=ubuntu.home.network, OU=IT, O=TECHIENOTE, L=MUMBAI, ST=MAHARASHTRA, C=IN
Serial number: 4e05c41e
Valid from: Sat Jun 25 16:48:54 IST 2011 until: Fri Jun 24 16:48:54 IST 2011
Certificate fingerprints:
	 MD5:  1D:BF:62:CA:A1:72:88:83:BE:CA:CB:D5:E2:60:22:43
	 SHA1: E7:7C:6B:01:63:33:CD:37:1E:2F:D8:3A:01:E2:15:C3:97:2A:4E:52
	 Signature algorithm name: SHA1withRSA
	 Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore

Enter keystore password specified in step 2

Installing Certificate in Weblogic
Now we need to specify certificare in Weblogic server. We are going to set SSL for AdminServer as well as for Node Manager

5. Login to weblogic administration Console

http://admin_server_ip:admin_server_port/console

6. Go to Domain Structure > techienote > Environment > Servers And click on AdminServer

7. In AdminServer click on keystores > Change

8. Choose Custom Identity and Custom Trust in Keystores and click on save.

9. Now we need to specify certificate details.
We copy our generated certificate to weblogic directory

mkdir /MIDDILEWARE_HOME/user_projects/domains/techinote/csr
cp ~/csr/* /MIDDILEWARE_HOME/user_projects/domains/techinote/csr

In weblogic, enter following details

Custom Identity Keystore: /app/Oracle/Middleware/user_projects/domains/techienote/csr/identity.jks
Custom Identity keystore Type: jks
Custom Identity keystore Passphrase: password
Confirm Custom Identity Keystore Passphrase: password
Custom Trust Keystore: /app/Oracle/Middleware/user_projects/domains/techienote/csr/trust.jks
Custom Trust Keystore Type: jks
Custom Trust Keystore Passphrase: password
Confirm Custom Trust Keystore Passphrase: password

PN Enter keystore password specified in step 2

Save the configuration and click on Activate Changes

10. We also need to specify ssl details in SSL tab, so click on SSL tab

Private Key Alias: techienote
Private Key Passphrase: privatepassword
Confirm Private Key Passphrase: privatepassword

PN Enter Private keystore password specified in step 2

Save the configuration and click on Activate Changes

11. Now here is one tip I don’t want ssl hostname verification. For that I need to edit weblogic startup script and nodemanager startup script
Weblogic startup script

cd /MIDDILEWARE_HOME/user_projects/domains/techinote/bin
vi startWebLogic.sh

In JAVA_OPTIONS insert -Dweblogic.security.SSL.ignoreHostnameVerification=true
Here is the sample file

JAVA_OPTIONS="${SAVE_JAVA_OPTIONS} -Dweblogic.security.SSL.ignoreHostnameVerification=true"

nodemanager startup script

cd /MIDDILEWARE_HOME/wlserver_10.3/server/bin
vi startNodeManager.sh

In JAVA_OPTIONS insert -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false
Here is the sample file

cd "${NODEMGR_HOME}"
set -x
if [ "$LISTEN_PORT" != "" ]
 then
   if [ "$LISTEN_ADDRESS" != "" ]
    then
     "${JAVA_HOME}/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false -Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy" -Dweblogic.nodemanager.javaHome="${JAVA_HOME}" -DListenAddress="${LISTEN_ADDRESS}" -DListenPort="${LISTEN_PORT}" weblogic.NodeManager -v
    else
     "${JAVA_HOME}/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false -Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy" -Dweblogic.nodemanager.javaHome="${JAVA_HOME}" -DListenPort="${LISTEN_PORT}" weblogic.NodeManager -v
   fi
 else
   if [ "$LISTEN_ADDRESS" != "" ]
    then
     "${JAVA_HOME}/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false -Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy" -Dweblogic.nodemanager.javaHome="${JAVA_HOME}" -DListenAddress="${LISTEN_ADDRESS}" weblogic.NodeManager -v
    else
     "${JAVA_HOME}/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false -Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy" -Dweblogic.nodemanager.javaHome="${JAVA_HOME}" weblogic.NodeManager -v

12. Now we need to modify nodemanager.properties

vi /MIDDILEWARE_HOME/wlserver_10.3/common/nodemanager/nodemanager.properties

Insert following line at end

KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeyStoreFileName=/app/Oracle/Middleware/user_projects/domains/techienote/csr/identity.jks
CustomIdentityAlias=techienote
CustomTrustKeyStoreFileName=/app/Oracle/Middleware/user_projects/domains/techienote/csr/trust.jks
CustomIdentityPrivateKeyPassPhrase=privatepassword

13. Now you need to refresh Admin server and Node Manager by taking restart of NodeManager and AdminServer

Start Weblogic in Production mode without user name & password

Filed under Application Server, howto, Linux, Tips, Ubuntu, Weblogic by on June 27, 2011 at 10:23 am {no comments}

Earlier we have seen how to install weblogic on Ubuntu. After installation is done you need to start weblogic AdminServer.
To start AdminServer, i run

MIDDLEWARE_DIR/user_projects/domains/techienote/bin/startWebLogic.sh

Above command will ask weblogic username and password. To avoid this we can create boot.properties.
1. Go to AdminServer directory

cd /MIDDLEWARE_DIR/user_projects/domains/techienote/servers/AdminServer

2. Create security folder

mkdir security

3. In that folder you need to create boot.properties.

cd /MIDDLEWARE_DIR/user_projects/domains/techienote/servers/AdminServer/security
vi boot.properties

Content of boot.properties will be username & password to start weblogic

cat /MIDDLEWARE_DIR/user_projects/domains/techienote/servers/AdminServer/security/boot.properties
username=weblogic
password=weblogic

That’s it. Next time while starting weblogic it will not ask you username and password. You can also start weblogic vi nohup command.

nohup /MIDDLEWARE_DIR/user_projects/domains/techienote/bin/startWebLogic.sh &

Don’t worry about the clear text password it will get encrypted as soon as you start weblogic server.

Page 1 of 212»
rss twitter facbook

Categories

Archives