A Straight-forward Two-way Client-Server Self-Signed Certificate using Keytool

The following set of commands will generate:

• Two (2) .jks files: clientKeystore.jks and serverKeystore.jks. 
• Two (2) .cer files: clientcert.cer and servercert.cer

Replace the following accordingly:
{FULL_PATH} - the path where you want to place all the generated files
{NUMBER_OF_DAYS} - specify number of days the certificates will be valid (e.g. 2 years = 730, 5 years = 1825)
{CLIENT_STORE_PASS} - password for accessing the clientKeystore.jks
{CLIENT_KEY_PASS} - password for the self-signed certificate alias myclientkey
{SERVER_STORE_PASS} - password for accessing the serverKeystore.jks
{SERVER_KEY_PASS} - password for the self-signed certificage alias: myserverkey
{DN} - the distinguished name e.g. cn=Example, ou=ExmapleUnit, o=ExampleOrg, c=PH

Additional details you may wish to replace:
myclientkey - alias name for client self-signed certificate
myserverkey - alias name for server self-signed certificate
clientKeystore.jks - name of the client keystore
serverKeystore.jks - name of the server keystore
clientcert.cer - name of the exported client certificate
servercert.cer - name of the exported server certificate

For more details please see: http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html

keytool -genkey -keystore {FULL_PATH}/clientKeystore.jks -alias myclientkey -keyalg rsa -keysize 2048 -dname "{DN}" -validity {NUMBER_OF_DAYS} -storepass {CLIENT_STORE_PASS} -keypass {CLIENT_KEY_PASS}

keytool -genkey -keystore {FULL_PATH}/serverKeystore.jks -alias myserverkey -keyalg rsa -keysize 2048 -dname "{DN}" -validity {NUMBER_OF_DAYS} -storepass {SERVER_STORE_PASS} -keypass {SERVER_KEY_PASS}

keytool -exportcert -keystore {FULL_PATH}/clientKeystore.jks -alias myclientkey -storepass {CLIENT_STORE_PASS} -file {FULL_PATH}/clientcert.cer

keytool -exportcert -keystore {FULL_PATH}/serverKeystore.jks -alias myserverkey -storepass {SERVER_STORE_PASS} -file {FULL_PATH}/servicecert.cer

keytool -importcert -keystore {FULL_PATH}/clientKeystore.jks -storetype JKS -alias myserverkey -file {FULL_PATH}/servicecert.cer -storepass {CLIENT_STORE_PASS} -keypass {CLIENT_KEY_PASS}

keytool -importcert -keystore {FULL_PATH}/serverKeystore.jks -storetype JKS -alias myclientkey -file {FULL_PATH}/clientcert.cer -storepass {SERVER_STORE_PASS} -keypass {SERVER_KEY_PASS}

(BAM) Using Oracle RAC Connection String in Cognos BI DataSource

I was configuring Cognos BI Data Source for IBM Business Monitor (BAM) and followed the technote:

http://www-01.ibm.com/support/docview.wss?uid=swg21506481

I had to configure Cognos BI to connect to an Oracle RAC dataase and it says I should use the following connection string when using Service Name:

^User ID:^?Password:;LOCAL;OR;ORACLE@%s@<database_alias>/%s@COLSEQ=IBM_JD_CNX_STR:^User ID:^?Password:;LOCAL;JD-OR;URL=jdbc:oracle:thin:@//<database_host>:<database_port(e.g.1521)>/<database_service_name>;DRIVER_NAME=oracle.jdbc.driver.OracleDriver

The DBA provided me with the following Oracle RAC connection string:

(DESCRIPTION =
    (ADDRESS_LIST =
      (LOAD_BALANCE = yes)
      (ADDRESS = (PROTOCOL = TCP)(HOST = ORADB01.mydomain.com)(PORT = 1521))
      (ADDRESS = (PROTOCOL = TCP)(HOST = ORADB02.mydomain.com)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = ORADB.mydomain.com)
      (FAILOVER_MODE =
        (TYPE = SELECT)
        (METHOD = BASIC)
        (RETRIES = 180)
        (DELAY = 5)
      )
    )
  )

I was trying to figure out what <database_alias> means until it hit me and realized the answer is the alias I used in the TNSNAMES.ORA for the oracle client (instant client) I installed previously.

TNSNAMES.ORA

PROD_ORADB = (DESCRIPTION =
    (ADDRESS_LIST =
      (LOAD_BALANCE = yes)
      (ADDRESS = (PROTOCOL = TCP)(HOST = ORADB01.mydomain.com)(PORT = 1521))
      (ADDRESS = (PROTOCOL = TCP)(HOST = ORADB02.mydomain.com)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = ORADB.mydomain.com)
      (FAILOVER_MODE =
        (TYPE = SELECT)
        (METHOD = BASIC)
        (RETRIES = 180)
        (DELAY = 5)
      )
    )
  )


After setting PROD_ORADB to the <database_alias> parameter, it worked perfectly:

^User ID:^?Password:;LOCAL;OR;ORACLE@%s@PROD_ORADB/%s@COLSEQ=IBM_JD_CNX_STR:^User ID:^?Password:;LOCAL;JD-OR;URL=jdbc:oracle:thin:@(DESCRIPTION = (ADDRESS_LIST = (LOAD_BALANCE = yes) (ADDRESS = (PROTOCOL = TCP)(HOST = ORADB01.mydomain.com)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = ORADB02.mydomain.com)(PORT = 1521)))(CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = ORADB.mydomain.com) (FAILOVER_MODE = (TYPE = SELECT) (METHOD = BASIC) (RETRIES = 180) (DELAY = 5))));DRIVER_NAME=oracle.jdbc.driver.OracleDriver

Installing Oracle 11g Express Edition on RHEL 5

There are times in your life that you will need to work with software that you do not represent. In this case, I needed to install an Oracle database on a VM so that I can try to make it work with IBM Business Process Manager V8.0 first on my local machine before doing it on the actual servers.

I'm using a Red Hat Enterprise Linux version 5.6 and setting up an Oracle 11g Express Edition on it is quite simple.

Prepare the operating system

Open a terminal and run the following commands using root

groupadd -g 550 dba

groupadd -g 551 oinstall

useradd -c "Oracle software owner" -g oinstall -G dba -u 550 oracle -d /opt/oracle

chown oracle:oinstall /opt/oracle

passwd oracle

Open up /etc/sysctl.conf in a text editor or  using vi command add the following lines

kernel.sem = 250 32000 100 128

fs.file-max = 6815744

net.core.rmem_default = 262144

net.core.wmem_default = 262144

net.core.rmem_max = 4194304

net.core.wmem_max = 1048576

fs.aio-max-nr = 1048576

Download and transfer the software into the VM

Download Oracle 11g Release 2 from the Oracle product site.

Create /opt/installers directory in your VM and transfer the downloaded zip file to that directory. (via WinSCP or FTP)

Using the terminal, list the /opt/installers directory

ls /opt/installers

oracle-xe-11.2.0-1.0.x86_64.rpm.zip

Unzip and install the rpm

Unzip the archive file inside /opt/installers

cd /opt/installers

unzip oracle-xe-11.2.0-1.0.x86_64.rpm.zip

Use the rpm command to uninstall

rpm -ivh oracle-xe-11.2.0-1.0.x86_64.rpm

Preparing…

########################################### [100%]

  1:oracle-xe

########################################### [100%]

Post installation steps

Execute the /etc/init.d/oracle-xe configure command

/etc/init.d/oracle-xe configure

Oracle Database 11g Express Edition Configuration

————————————————-

This will configure on-boot properties of Oracle Database 11g Express  Edition.  The following questions will determine whether the database should  be starting upon system boot, the ports it will use, and the passwords that  will be used for database accounts.  Press <enter> to accept the defaults.

Ctrl-C will abort.

Specify the HTTP port that will be used for Oracle Application Express [8080]: {HIT ENTER}

Specify a port that will be used for the database listener [1521]: {HIT ENTER}

Specify a password to be used for database accounts.  Note that the same  password will be used for SYS and SYSTEM.  Oracle recommends the use of  different passwords for each database account.  This can be done after

initial configuration: {INPUT A PASSWORD}

Confirm the password: {INPUT A PASSWORD}

Do you want Oracle Database 11g Express Edition to be started on boot (y/n) [y]: {HIT ENTER}

Starting Oracle Net Listener…Done

Configuring database…Done

Starting Oracle Database 11g Express Edition instance…Done

Installation completed successfully.

When the installation completes, the installation directory can be located under /u01. We then set the required Oracle environment variables using the oracle_env.sh script located in /u01/app/oracle/product/11.2.0/xe/bin. To do this, we need to add the . /u01/app/oracle/product/11.2.0/xe/bin/oracle_env.sh to the .bashrc or .bash_profile of the user whom you want to have access to the database:

(using vi)

su - oracle

vi .bash_profile

Append the following line at the end of the file:

. /u01/app/oracle/product/11.2.0/xe/bin/oracle_env.sh

(to save and exit press [ESC], Q, wq, [ENTER])

Finally, you should be able to access the SQL*Plus. If not, try restarting your session.

sqlplus / as sysdba

SQL*Plus: Release 11.2.0.2.0 Production on Thu Aug 9 23:47:08 2012

Copyright (c) 1982, 2011, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production

SQL>

Do let me know if you have questions, but, also remember that I don't really know a lot about this product so you might be better off Googling if in case I can't answer your question.