Script to configure SSL in EBS R12.2


Note: 
Modify the script as per the environment and test specific to the environment. After SSL configuration, in desired path keep a copy of (s_web_ssl_directory)/Apache directory used in the environment and use the same path for CERT_SSL_DIR_PATH in the script.

##----------------------- Script Starts Here ----------------------
### Script to Configure SSL after Clone in R12.2
### Modify port, hostname as per environment in the script
### Modify the certs path in CERT_SSL_DIR_PATH as per environment

read -s -p "Enter the APPS Username: " APPS_USR
echo $'\n'
read -s -p "Enter the APPS Password: " APPS_PWD
echo $'\n'
read -s -p "Enter the Weblogic Password: " WLS_PWD
echo $'\n'

echo "............................................................"
echo ">>> if script not modified as per environment,stop the script ctrl+c and Change and re-run the script <<<"
echo "............................................................"
sleep 10

#cd $HOME/post_apclone_script/ssl_file/etcc
#sh checkMTpatch.sh

NOW=$(date +"%d_%b_%Y")
CERT_SSL_DIR_PATH=$HOME/post_apclone_script/ssl_file
mkdir $NE_BASE/cert_ap_bkp_ssl

cd $CERT_SSL_DIR_PATH
ls
sleep 10

cp -r $CERT_SSL_DIR_PATH/Apache $NE_BASE/inst/$CONTEXT_NAME/certs

echo ">>>>>>>>>>>>>>> certs file copied <<<<<<<<<<<<<"
echo "..............................................."

cp -r $ORACLE_HOME/sysman/config/b64InternetCertificate.txt $NE_BASE/cert_ap_bkp_ssl/b64InternetCertificate_$NOW.txt
cd $NE_BASE/inst/$CONTEXT_NAME/certs/Apache
cat ca.crt >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt

echo ">>>>>>>> certs imported to home config <<<<<<<<<"
echo "................................................"

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OHS/EBS_web/keystores/default
cp -r cwallet.sso $NE_BASE/cert_ap_bkp_ssl/cwallet_BKP_OHS1_$NOW.sso
cp -r $NE_BASE/inst/$CONTEXT_NAME/certs/Apache/cwallet.sso .

echo ">>>>>>>>>>>> cwallet copied to OHS <<<<<<<<<<<<<"
echo "................................................"

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OPMN/opmn/wallet
cp -r cwallet.sso $NE_BASE/cert_ap_bkp_ssl/cwallet_BKP_OPMN1_$NOW.sso
cp -r $NE_BASE/inst/$CONTEXT_NAME/certs/Apache/cwallet.sso .

echo ">>>>>>>>>>>>>> cwallet copied to OPMN <<<<<<<<<"
echo "..............................................."

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OPMN/opmn
cp -r opmn.xml $NE_BASE/cert_ap_bkp_ssl/opmn_bkp_$NOW.xml
sed -i 's/TLSv1.0/TLSv1.0,TLSv1.1,TLSv1.2/g' opmn.xml
sed -i 's/SSL_RSA_WITH_3DES_EDE_CBC_SHA/SSL_RSA_WITH_AES_256_CBC_SHA/g' opmn.xml

echo ">>>>>>>>>>>>> OPMN xml file modified <<<<<<<<<"
echo ".............................................."

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OHS/EBS_web
cp -r admin.conf $NE_BASE/cert_ap_bkp_ssl/admin_BKP_$NOW.conf
sed -i 's/SSL_RSA_WITH_3DES_EDE_CBC_SHA/SSL_RSA_WITH_AES_256_CBC_SHA/g' admin.conf
sed -i 's/nzos_Version_1_0/nzos_Version_1_0 nzos_Version_1_1 nzos_Version_1_2/g' admin.conf

echo ">>>>>>>>> admin conf file modified <<<<<<<<<<"
echo "............................................."

cd $EBS_DOMAIN_HOME/opmn/EBS_web_OHS1/EBS_web/wallet
cp -r cwallet.sso $NE_BASE/cert_ap_bkp_ssl/cwallet_BKP_OHS2_$NOW.sso
$FMW_HOME/oracle_common/bin/orapki wallet create -wallet ./ -auto_login_only
$FMW_HOME/oracle_common/bin/orapki wallet add -wallet ./ -trusted_cert -cert $NE_BASE/inst/$CONTEXT_NAME/certs/Apache/ca.crt -auto_login_only

echo ">>>>>>> wallet created to EBS Domain <<<<<<<<<"
echo ".............................................."

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OHS/EBS_web/proxy-wallet
cp -r cwallet.sso $NE_BASE/cert_ap_bkp_ssl/cwallet_BKP_OHS3_$NOW.sso
cp -r $EBS_DOMAIN_HOME/opmn/EBS_web_OHS1/EBS_web/wallet/cwallet.sso .

echo ">>>>>>> wallet copied to EBS Domain OHS <<<<<<"
echo ".............................................."

cd $EBS_DOMAIN_HOME/opmn/EBS_web_OHS1/wallet
cp -r cwallet.sso $NE_BASE/cert_ap_bkp_ssl/cwallet_BKP_OPMN2_$NOW.sso
cp -r $NE_BASE/inst/$CONTEXT_NAME/certs/Apache/cwallet.sso .

echo ">>>>>> wallet copied to EBS Domain OPMN <<<<<<"
echo ".............................................."

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OHS/EBS_web
cp -r ssl.conf $NE_BASE/cert_ap_bkp_ssl/ssl_bkp_$NOW.conf
sed -i 's/SSLProtocol all -SSLv2 -SSLv3/SSLProtocol TLSv1 TLSv1.1 TLSv1.2/g' ssl.conf
sed -i 's/SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM/SSLCipherSuite HIGH:MEDIUM:!aNULL:!RC4:!3DES:!SEED:!IDEA:!CAMELLIA:+HIGH:+MEDIUM/g' ssl.conf

echo ">>>>>>>>>>> ssl conf file modified <<<<<<<<<<"
echo "............................................."

### Modify the credentials of apps and weblogic
perl $AD_TOP/bin/adSyncContext.pl contextfile=$CONTEXT_FILE <<EOF
apps
weblogic123
EOF

echo ">>>>>> adsynccontext script completed <<<<<<<"
echo "............................................."
echo "............................................."

cp -r $CONTEXT_FILE $NE_BASE/cert_ap_bkp_ssl
cp -r $CONTEXT_FILE $NE_BASE
#sed -i 's/http<\/url_protocol>/https<\/url_protocol>/g' $CONTEXT_FILE
#sed -i 's/http<\/local_url_protocol>/https<\/local_url_protocol>/g' $CONTEXT_FILE
#sed -i 's/http<\/webentryurlprotocol>/https<\/webentryurlprotocol>/g' $CONTEXT_FILE
sed -i 's/8003<\/activewebport>/4446<\/activewebport>/g' $CONTEXT_FILE
sed -i 's/https:\/\/test.example.com:8003\/OA_HTML\/AppsLogin<\/login_page>/https:\/\/test.example.com:4446\/OA_HTML\/AppsLogin<\/login_page>/g' $CONTEXT_FILE
sed -i 's/https:\/\/test.example.com:8003<\/externURL>/https:\/\/test.example.com:4446<\/externURL>/g' $CONTEXT_FILE
#sed -i 's/http:\/\/test.example.com:8003\/OA_HTML\/AppsLogin<\/login_page>/https:\/\/test.example.com:4446\/OA_HTML\/AppsLogin<\/login_page>/g' $CONTEXT_FILE
#sed -i 's/http:\/\/test.example.com:8003<\/externURL>/https:\/\/test.example.com:4446<\/externURL>/g' $CONTEXT_FILE
echo ">>>>>>>>>>>>> contextfile updated for SSL <<<<<<<<<<<<<<<<<<<"
echo "............................................................."

echo ">>>> Contextfile difference for reference Starts Here <<<<<<<"
echo "............................................................."

diff $CONTEXT_FILE $NE_BASE/$CONTEXT_NAME.xml
echo "............................................................."
echo ">>>>>> contextfile difference for reference Ends Here <<<<<<<"
echo "............................................................."


### Modify the credentials of apps
sh $ADMIN_SCRIPTS_HOME/adautocfg.sh <<EOF
$APPS_PWD
EOF

sleep 10
echo ">>>>>>>>>>>>> autoconfig script completed <<<<<<<<<<<<<<<<<<<"
echo "............................................................."

### Modify the credentials of apps
sh $ADMIN_SCRIPTS_HOME/adstrtal.sh <<EOF
$APPS_USR
$APPS_PWD
$WLS_PWD
EOF

sleep 10
echo ">>>>>>>>>>>>>> adstrtal script completed <<<<<<<<<<<<<<<<<<<"
echo "............................................................"


cd $APPL_TOP_NE/ad/custom
cp -r adop_sync.drv $NE_BASE/cert_ap_bkp_ssl/adop_sync_bkp_$NOW.drv
ex -s -c '63i|
#TLS SECTION - START
# Required for TLS setup migration from RUN to PATCH file-system.
# Please alter the commands in the event that rsync is not available or the platform does not support the example syntax.

#10.1.2 b64InternetCertificate.txt
rsync -zr %s_current_base%/EBSapps/10.1.2/sysman/config/b64InternetCertificate.txt %s_other_base%/EBSapps/10.1.2/sysman/config/b64InternetCertificate.txt

#Oracle HTTP Server Wallet - cwallet.sso
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/keystores/default/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/keystores/default/cwallet.sso

#OPMN Wallet - cwallet.sso
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OPMN/opmn/wallet/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OPMN/opmn/wallet/cwallet.sso

#Fusion Middleware Control Wallets - cwallet.sso
rsync -zr %s_current_base%/FMW_Home/user_projects/domains/%s_wls_domain_name%/opmn/%s_ohs_instance%/%s_ohs_component%/wallet/cwallet.sso %s_other_base%/FMW_Home/user_projects/domains/%s_wls_domain_name%/opmn/%s_ohs_instance%/%s_ohs_component%/wallet/cwallet.sso

rsync -zr %s_current_base%/FMW_Home/user_projects/domains/%s_wls_domain_name%/opmn/%s_ohs_instance%/wallet/cwallet.sso %s_other_base%/FMW_Home/user_projects/domains/%s_wls_domain_name%/opmn/%s_ohs_instance%/wallet/cwallet.sso

rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/proxy-wallet/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/proxy-wallet/cwallet.sso

#JDK keystore
rsync -zr --include=jdk* --include=jdk*/jre --include=jdk*/jre/lib --include=jdk*/jre/lib/security --include=cacerts --exclude=* %s_current_base%/EBSapps/comn/util/ %s_other_base%/EBSapps/comn/util/
#TLS SECTION – END' -c x adop_sync.drv

#echo "#######################################################"
#echo "##### SSL Configuration for Application completed #####"
#echo "#######################################################"
##----------------------- Script Ends Here ----------------------
on
Labels:

1 comment:

Subscribe to: Post Comments (Atom)