Weak Ciphers in Weblogic Application Server

Filed under Application Server, howto, Linux, Tips, Ubuntu, Weblogic by on February 15, 2012 at 10:37 am {no comments}

In cryptography, a cipher is an algorithm for performing encryption or decryption i.e a series of well-defined steps that can be followed as a procedure. In SSL cipher suits are responsible for encryption.

To configure SSL in Weblogic follow this post

In Weblogic Application Server by default following ciphers are supported

Cipher Suite : TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Symmetric Key Strength (Bits): 168

Cipher Suite : TLS_DHE_RSA_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
Symmetric Key Strength (Bits): 168

Cipher Suite : TLS_DH_anon_WITH_RC4_128_MD5
Symmetric Key Strength (Bits): 128

Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_WITH_RC4_128_SHA
Symmetric Key Strength (Bits): 128

Cipher Suite : TLS_RSA_WITH_RC4_128_MD5
Symmetric Key Strength (Bits): 128

Cipher Suite : TLS_RSA_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_RSA_EXPORT_WITH_RC4_40_MD5
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_WITH_3DES_EDE_CBC_SHA
Symmetric Key Strength (Bits): 168

Cipher Suite : TLS_RSA_WITH_NULL_SHA
Symmetric Key Strength (Bits): 0

Cipher Suite : TLS_RSA_WITH_NULL_MD5
Symmetric Key Strength (Bits): 0

Cipher Suite : TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_RSA_WITH_AES_128_CBC_SHA
Symmetric Key Strength (Bits): 128

Cipher Suite : TLS_RSA_WITH_AES_256_CBC_SHA
Symmetric Key Strength (Bits): 256

In the above list there are some cipher which are vulnerable. To close this ciphers we have do following:
Step 1 Stop weblogic Admin / Managed Server

Step 2 Go to Domain Home
For eg
cd /app/Oracle/Middleware/user_projects/domains/vidyadhar/

Step 3 Now we have to modify config file.

cd /app/Oracle/Middleware/user_projects/domains/vidyadhar/config

First we will take a backup of existing config.xml file

cp config.xml config.xml.orig

Step 4 To disable weak ciphers you have to add following under ssl tag in config.xml

<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>
<ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>

See the screenshot for better understanding

In my scenario I am having only single Admin Server which is running on https 7002 port. If you have managed server which is running on https port then you have to add above values in the SSL tag of managed server also.

Step 5 Now do the start the weblogic services.

You can test the cipher suites using SSLDigger

Installing Websphere Application Server 7 on Ubuntu

Filed under Application Server, howto, Linux, Software, Tips, Ubuntu, Websphere by on February 6, 2012 at 4:10 pm {no comments}

Officially IBM do not support installing Websphere Application Server (WAS) on Ubuntu. There are so many user like me who just want to evaluate the product by installing it on their desktop OS.

This is a how-to for installing IBM Websphere Application Server 7 on Ubuntu 11.10 (more…)

How to Reset / change ias_admin password

Filed under Application Server, howto, Oracle Application Server, Tips by on January 30, 2012 at 10:59 am {no comments}

Today one of our client has forgot his Application Server Console password. We have used following method to reset his password.

Please Note : This method also work on following

  • Oracle Fusion Middleware Version 9.0.4.0.0 to 10.1.3.5.0
  • Enterprise Manager Base Platform Version 10.1.0.2 to 10.2.0.5
  • Enterprise Manager for Fusion Middleware Version 9.0.4.0.0 to 10.1.3.5.0

Step 1 First shutdown the application server control by running emctl command
For 10.1.2

$ORACLE_HOME/bin/emctl stop iasconsole

On 10.1.3 you need to stop the OC4J instances before performing the password change:

$ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=OC4J

Step 2 Locate and backup the jazn-data.xml (10.1.2) or system-jazn-data.xml (10.1.3) file:
On 10.1.2 File Location would be

$ORACLE_HOME/sysman/j2ee/config/jazn-data.xml

On 10.1.3 File Location would be

$ORACLE_HOME/j2ee/home/config/system-jazn-data.xml

Step 3 Edit the jazn-data.xml / system-jazn-data.xml file depending on the Application Server version in a text editor and locate the line that defines the credentials property for the ias_admin user:

On 10.1.2
The following example shows the section of jazn-data.xml with the encrypted credentials entry in boldface type:

<realm>
     <name>enterprise-manager</name>
      <users>
       <user>
        <name>ias_admin</name>
         <credentials>rJqp85BkhFwAyw9ddl0PnFlUBVaWzbfT</credentials>
       </user>

On 10.1.3
The following example shows the section of system-jazn-data.xml with the encrypted credentials entry in boldface type:

<realm>
  <name>jazn.com</name>
   <users>
    <user>
      <name>oc4jadmin</name>
      <display-name>OC4J Administrator</display-name>
      <description>OC4J Administrator</description>
       <credentials>{903}4L50lHJWIFGwLgHXTub7eYK9e0AnWLUH</credentials>
    </user>

Step 4 Replace the existing encrypted password with the new password
Be sure to prefix the password with an exclamation point (!). For example:
!mynewpassword123

Step 5 Start the Application Server Console:
For 10.1.2 do following

$ORACLE_HOME/bin/emctl start iasconsole

After the restart, the Application Server Control will be using your new Administrator (ias_admin) password, which will be stored in encrypted format within the jazn-data.xml file.

For 10.1.3 do following

$ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=OC4J

After the restart, the Application Server Control will be using your new Administrator (oc4jadmin) password, which will be stored in encrypted format within the system-jazn-data.xml file.

Step 6 Login to the Application Server Console and authenticate with the ias_admin user (10.1.2) or the oc4jadmin user (10.1.3) and the new password.

Install / Upgrade Kernel 3.2 in Ubuntu

Filed under Basic, howto, Linux, System, Tips, Ubuntu, Ubuntu by on January 23, 2012 at 11:00 am {no comments}

In this guide we will upgrade the Ubuntu kernel version. By default Ubuntu 11.10 ships with 3.0 Kernel version. We will install the new kernel 3.2 over existing 3.0 (more…)

How to install Oracle Application Server 10g Release 3 on Windows

Filed under Application Server, howto, Microsoft Windows, Oracle Application Server, Server, Software, System, Tips by on January 18, 2012 at 11:50 am {no comments}

Oracle Application Server is no longer available. The reason is because once “Oracle SOA Suite 10g (10.1.3.1.0)” was released, it contains the same product features and functionality, including some features which are not obtainable without the 10.1.3.1 media. In this tutorial we will see how to install Oracle Application Server 10g R 3(10.1.3.X) on Windows.

Requirements
Windows OS
Oracle Application Server 10.1.3.X

Step 1 Downloading Oracle Application Server 10.1.3.X
Oracle provides 32-bit and 64-bit versions of Oracle Application Server for Windows. The 32-bit version runs on Intel x86, AMD64, and Intel EM64T processors. For additional information, visit OracleMetaLink at http://metalink.oracle.com

I have downloaded the installer files at C:\Downloads\INSTALLABLES\Oracle For 32 bit installer file name would be soa_windows_x86_101310_disk1.zip

I have extracted the same to C:\Downloads\INSTALLABLES\Oracle

Step 2 Starting the installation
Go to extracted folder. In our case it is C:\Downloads\INSTALLABLES\Oracle\soa_windows_x86_101310_disk1\soa_windows_x86_101310_disk1 and double click on setup.exe It will start the Oracle Application Server Universal installer

Step 3 Oracle Application Server 10g 10.1.3.X screen
Enter the installation directory where you want to install Oracle Application Server. In our case I choose D:\product\10.1.3.1\OracleAS_1 Also select Advance Installation mode.

For the Warning please click on yes

Step 4 Select Installation Type screen
In this section choose J2EE server and Web server, as we are going to use only oc4j containers for J2EE and HTTP Server

Step 5 Specify Port Configuration Options screen
In Specify Port Configuration Options screen Select Automatic and click Next

Step 6 Administration Instance Settings screen
In AS administrator settings enter following values:
AS instance Name : techienote
AS Administrator Password : admin_123
OC4J Instance Name : home
Select Configure this as an Administration OC4J instance. This will start EM console as soon as you start the oracle service via OPMN.
Click Next.

Step 7 Cluster Topology Configuration screen

Deselect Configure this instance to be part of an Oracle Application Server cluster topology as this is a simple installation and click on Next

Step 8 Now it will start the installation process

Step 9. Configuration Assistant
At this level installer will configure various service. In case of any failure please see installation logs which are located at C:\Program Files\Oracle\Inventory\logs folder

Step 10 End of Installation
On this screen you will get Oracle Application server EM console URL

Step 11. Access the Oracle Application Server Welcome page to verify that the installation was successful. The URL for the Welcome page is:

http://hostname.domainname:http_port

You can locate the URL for accessing the Welcome Page on the End of Installation Screen text, which is stored in the following file:
ORACLE_HOME\install\readme.txt

The Welcome page provides links to these useful pages:
New features in Oracle Application Server 10g Release 3 (10.1.3)

  • Oracle Enterprise Manager Application Server Control (“Application Server Control”), which is a browser-based administrative tool
  • Release Notes
  • Quick Start
  • Demos

That’s it. You are ready with the application server installation. In next section we will see how to deploy sample application in Oracle Application Server.

Page 1 of 14123456»10...Last »
rss twitter facbook

Categories

Archives