Patching Fusion Applications Using Smart Update

PATCHING FUSION APPLICATIONS USING SMART UPDATE

Smart Update is used to Patch the weblogic server's in the fusion application it can be used in the command line as well as the GUI mode to apply the patches in the weblogic server in offline mode
Download the necessary Patches from the  MOS with the Patch catalog ,, once the necessary patches are downloaded from the MOS place it in the cache_dir  <base_dir>/products/fusionapps/utils/bsu/cache_dir

Step 1
Download the necessary patches metalink and place it in the cache_dir
cache_dir is located at the </basedir>/products/fusionapps/utils/bsu/
[orafapp@fahtestapp bsu]$ ls
bsu.jar  bsu.sh  cache_dir  patch-client.jar  smartupdate.ico

Copy the Patch and it's patch_catalog contents to the cache_dir

[orafapp@fahtestapp weblogic]$ cd generic/
7AAZ.jar   9264.jar   patch-catalog_17011.xml  patch-catalog_17300.xml  patch-catalog.xml
7YZB.jar   F6G7.jar   patch-catalog_17066.xml  patch-catalog_18333.xml  README.txt

 copy all the files from the patch_top except README.txt to the cache_dir
[orafapp@fahtestapp generic]$ cp * /<base_dir>/products/fusionapps/utils/bsu/cache_dir

Step 2
Navigate to the  </base_dir>/products/fusionapps/utils/bsu/
Launch the smart update utlity from the ./bsu.sh

Step 2
When we have already Place the patches and the patch_catalog xml files the smart update utility identified the new patches need to be installed

Step 3
Select the necessary Patch and  green arrow mark to apply the patch into the server
 

Step 4

Once the Patch validation is completed it applies the patch to the server

Step 5
 Repeat the steps until all the patches are applied 

Step 6

Step 7
 Conform all the patches are applied

Step 8
 We can use the command lime utility also to apply the patches here we are using the ./bsu to identify the stauts of the applied Patches to the weblogic server
Syntax : ./bsu.sh -view -status=applied -prod_dir=<weblogic_directory>
[orafapp@fahtestapp bsu]$ ./bsu.sh -view -status=applied -prod_dir=/u03/oracle/fa/products/fusionapps/wlserver_10.3
ProductName:       WebLogic Server
ProductVersion:    10.3 MP6
Components:        WebLogic Server/Core Application Server,WebLogic Server/Admi
                   nistration Console,WebLogic Server/Configuration Wizard and
                   Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
                   r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
                    Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
                   erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
                   erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
                   ic Server/Evaluation Database,WebLogic Server/Workshop Code
                   Completion Support
BEAHome:           /u03/oracle/fa/products/fusionapps
ProductHome:       /u03/oracle/fa/products/fusionapps/wlserver_10.3
PatchSystemDir:    /u03/oracle/fa/products/fusionapps/utils/bsu
PatchDir:          /u03/oracle/fa/products/fusionapps/patch_wls1036
Profile:           Default
DownloadDir:       /u03/oracle/fa/products/fusionapps/utils/bsu/cache_dir
JavaVersion:       1.6.0_29
JavaVendor:        Sun

Patch ID:          3BBT
Patch ID:          56MM
Patch ID:          6D9T
Patch ID:          9887
Patch ID:          E9FL
Patch ID:          F89C (13787444)
Patch ID:          IH4D
Patch ID:          JZED
Patch ID:          UDN7
Patch ID:          Z4W7
Patch ID:          7AAZ
Patch ID:          7YZB
Patch ID:          9264
Patch ID:          F6G7 (14261891)
 

Loading RPD File in Fusion Applications

LOADING RPD IN FUSION APPLICATIONS [OTBI]

We can open the Rpd's in the online mode as well as offline mode .. If we need to open the rpd's in offline mode then we need to copy the rpd's from the Server to the local machine where the admin tool is located .. after making the necessary change in the RPD then we need to upload the RPD 's to the server by using the EM of the Bi Domain

Step 1

Login into the Bi Domains Enterprise manager 

http://biinternal.<domainname>:10621/em  

Step 2

Select the Coreapplication from Business Intelligence Folder which is located under the Farm_BIDomain and select the deployment tap and repository

Step 3

Lock and edit the configuration to enable the changes in the configuration and load the repository

Step 4

Choose the repository from the location by clicking the browse button under the upload bi server repository  and provide the Rpd's password And click apply to upload the Rpd

Step 5

Click the apply button to upload the new repository in the server

Step 6

Click the activate changes tab for saving the new rpd

Step 7

Restart the servers [click the restart to apply recent changes ] in the top for Restarting the server]

Step 8

click  restart button to restart all the services belonging to this managed server

Click yes to proceed for restart

Step 9

Check the repository version now u can find the new version of rpd had been uploaded in the server

Unlocking the account which shows as active in OIM and ODSM

UNLOCKING THE ACCOUNT WHICH  SHOWS AS ACTIVE IN OIM AND ODSM

The account status is shown as active and unlocked in the OIM and odsm but the account is locked to verify this we need to check the two parameters in the ODSM  navigate to the particular user account and search the two parameters oblockouttime .oblogintrycount

If the oblockouttime has the value in it then the account is locked .. 

Scenario 

when we are trying to log in to the fusion applications which gives the error and redirecting to the forget password page..

check the account status in the OIM and the account is locked ... we need to unlock the account and reset the password in the OIM and checked the fusion applications log-in ..
But still the fusion applications log-in with the OAM SSO fails .. redirecting  the screen to the forget password
Then follow the steps to unlock the account in ODSM

Step 1 

Log-in to the fusion applications
and gives the message with the account is locked and use the forget password utility

Step 2

Unlock the user account in the OIM
log-in as admin user to the OIM and navigate to the administration tab and search the user name..which the account is locked ..unlock the account by clicking the unlock account symbol on the top

Step 3

Reset the password for the account

we can reset the password through manual  or the system  generated password the New password will be send to the end user through the email if we select the check box email the password to the new user
The notification template for the password reset [reset password]

Once the new password is create then check run the LDAP sync process

Step 4

Run the LDAP User Create and Update Reconciliation  Job from the OIM
Navigate to the advanced tab in the OIM and select the scheduled Jobs
in the scheduled Jobs Search for Ldap* and you will fins all the Ldap related scheduled process Run the Job

Step 5

Check again in the fusion applications but still the user are not able tot log in into the fusion applications and gives the same error
check the status of the account in the of tin the ODSM and OIM in both the consoles it shows as the account is active

Check the account status in the OIM

Check the Account status in the ODSM

In both OIM and ODSM the account is unlocked but it gives the locked message when we try to log in from fusion applications

Step 6

we need to check the two parameters in the ODSM to conform the account is locked or not

[1]oblockouttime
[2]oblogintrycount
These are the two parameters which we need check for the account status 

For the oblockouttime  the value is present then The account is locked 

lock and unlock the account the OIM and check the values for the oblockouttime
once the account is locked and unlocked the values which is present in the parameter for oblockouttime will be erased
But still if the value is not erased then we need to manually  remove the  values for the two parameters remove the value from the oblockouttime and change the oblogintrycount to 0

Step 7

Retrieve Latest LDAP Changes Process from the Fusion Applications 

Navigate to the schedule process in the fusion applications and then select the Retrieve Latest LDAP Changes Process and run it

Select the process from the schedule new process tab

Run the process as soon as possible

Check the process had executed successfully

Out Put of the Process

Starting User Sync
Number of users returned from ldap: 185
User Sync Ended: New User Count = 2, Updated User Count =5
Starting Roles Sync
Number of roles returned from ldap for lang US: 500
Role Sync Ended: New Role Count = 2, Updated Role Count =0
Starting User Role (Granted Roles) Sync
Total Number of Granted Roles were modified = 3

Now try to log-in from the fusion applications with the effected user and the user will be able to log-in 

patching fusion applications through adpatch

adpatch In fusion applications

we can user fapmgr.sh or adpatch or opatch to patching the artifacts of the fusion applications

       Oracle Fusion Applications AutoPatch is used to apply patches that contain fixes or updates to applications database artifacts..

The database artifacts which supported by the ad patch are 

[1]Applications Seed Data (XML,XLF files)
[2]Applications Database schema changes (SXML files)
[3]PL/SQL objects (PDQ, PCB files)
[4]SQL scripts

In fusion applications adpatch is located in two locations 

[1]$ATGPF_HOME/lcm/ad/bin/adpatch.sh [Oracle Fusion Middleware Extensions for Applications (Applications Core)]

[2]$AD_TOP/bin/adpatch.sh [Oracle Fusion Applications Patch Manager]

[1]ATGPF_HOME  adpatch will be located  under your base directory /basedir/products/fusionapps/atgpf/lcm/ad/bin before applying the auto patch we need to conform what ad patch we need to user

[2]AD_TOP  adpatch will be located under the/basedir/products/fusionapps/applications/lcm/ad

Using ATGPF adpatch

Step 1 

adpatch cn be applied in interactive mode and non interactive mode .. to start the adpatch we need to navigate to the $ATGPF_HOME/lcm/ad/bin/ and run the adpatch.sh or you can apply in non- interactive  mode

 To apply adpatch in non interactive Mode

  $ATGPF_HOME/lcm/ad/bin/adpatch.sh \
  patchtop=<location of the patch directory where the patch is stored > \
  driver=<patch driver> \
  interactive=No \

  workers=<no of workers assigned for patching>
  defaultsfile=$ATGPF_HOME/admin/TWO_TASK/defaults.txt \
  logfile=adpatch_<patch_number>.log wait_on_failed_job=yes

Legends

defaultsfile=The file which will be created automatically during the provisioning of the fusion applications and have the information about the particular environment.The file will be located at

$ATGPF_HOME/admin/<database_sid>/defaults.txt

To apply adpatch in interactive mode

start the adpatch from the patch directory and 

[oracle@fah 14794856]$ /u01/oracle/fa/products/fusionapps/atgpf/lcm/ad/bin/adpatch.sh

Your default directory is '/u01/oracle/fa/products/fusionapps/atgpf'.

Is this the correct APPL_TOP [Yes] ? yes 

Provide the appl_top for the atgpf_home .. hit yes to go with the default

Filename [adpatch.log] : 14794856.log     

provide the log file for the adpatch the default location of the logfile will be $ATGPF_HOME/admin/FUSION/log/

*.log = It is the main log file which contains all the details of the particular patch

*.lgi  = This file contains informational messages from your AutoPatch session

Please enter the batchsize [1000] :              --[hit enter to go with default batch size]

In your ORACLE database '<oracle_sid>'
using ORACLE executables in '/u01/oracle/fa/products/dbclient'.
Is this the correct database [Yes] ? --Check the correct database and hit yes

The default directory is [/u01/oracle/fa/Patch/14794856] :

The default directory where the Patch had been unzipped we need to specify until the patch number

Please enter the name of your AutoPatch driver file :  

Enter the driver name starting with u<patch_number>.drv wirh will be located under the patch directory

Two table are created during the patch process 

[1]AD_UTIL_PARAMS 

[2]FND_INSTALL_PROCESS 

Fnd_install_process the table which holds the patch session details which is created during the patch process if  any failed session of the patching is pending then it asks about the dropping the  previous FND_INSTALL_PROCESSES Table.. The table is created during the patch process and then droped after completing the patching session successful

Creating FND_INSTALL_PROCESSES table...
The table FND_INSTALL_PROCESSES created by AD Administration already exists.If you are sure you do not want to keep theinformation from the failed
AD Administration session,you may drop FND_INSTALL_PROCESSES table and
continue with AutoPatch.If you choose not to drop FND_INSTALL_PROCESSES table, AutoPatch cannot continue successfully.
Drop FND_INSTALL_PROCESSES table [No] ? 

If you are continuing from the failed patch session then  drop the Previous Fnd_install_process table and create the new table

Creating the AD_UTIL_PARAMS table...
Table AD_UTIL_PARAMS already exists, so dropping the table and recreating it.

SQL> desc AD_UTIL_PARAMS;
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------
 WORKER_ID                                 NOT NULL NUMBER
 UTILITY_NAME                              NOT NULL VARCHAR2(100)
 TASK                                      NOT NULL VARCHAR2(30)
 STATUS                                    NOT NULL VARCHAR2(100)
 ARGUMENTS                                 NOT NULL VARCHAR2(2000)
 UTILITY_STATUS                            NOT NULL NUMBER
 SYMBOLIC_ARGUMENTS                        NOT NULL VARCHAR2(2560)

Ad_util_params is used to store the worker status while patch is in progress and once the patch is completed it will be purged ..when patch start the Process  it will drop the previous Ad_util_params and the recreate the table...
At the end of the patch process it will purge the ad_util_param table..

Timing report 
Timing report is generate with the execution time for each worker and all the actions of the script the timing report will be  located at the $ATGPF_HOME/admin/FUSION/log
 Jobdependencies
This file lists the jobs to be run After each job,
 this file contains the list of jobs which should run before starting the job's the dependencies of the  job's is listed in this file ..
jobdependencies.txt will  be located at $ATGPF_HOME/admin/FUSION/log

Incompatible Patch
when we try to apply the patch in the wrong oracle home it gives the message in the log file and the ad patch will fail with the below error massage..

[2012-11-22T17:06:39.956+04:00] [apps] [ERROR] [] [AutoPatch] [[Error: Incompatible Patch.Cannot apply ATGPF patch on FA_ORACLE_HOME]]

Configuring SSL [HTTPS] on OHS in fusion applications

Configuring SSL  [HTTPS]  on OHS in  fusion applications with Open ssl and oracle  wallet manager

To enable the fusion applications with the https[encrypted connection between the client and the server] we need to have the vendor ssl [root ca] certificate[ like verisign..etc...] or we can create our own Root certificate by using Open SSL 

once the root ca is created  we need to authorize the usr certificate with the root ca and Place the root ca and user certificate  in the wallet  and link the wallet to the OHS in the fusion application to enable the https..

First we need to create a new empty wallet with the certificate request 

Creating Wallet using OWM[oracle wallet manager]

For creating the empty wallet we can using the GUI tool know as the OWM or Orapki in the command line 

Here we are using OWM for creating the oracle wallet

The location of the OWM in the fusion applications is /base path/products/dbclinet/bin/owm

Step1

Start the OWM 

Step 2

Select wallet and click new to create a new wallet 

Step 3

Click Yes to proceed to choose the location for creating the wallet 

Step4

There are two type's of wallet we can create 

[1] Standard [PKCS#12] 

[2]PKCS #11

The standard wallet [PKCS#12]

In the standard wallet  credentials are store in the file system  which we use for the fusion applications

The PKCS#11

IN PKCS#11 credentials are store in the  hardware security module for servers, private keys on tokens for clients

we are selecting to use the standard wallet for the fusion applications
Provide the password according to the specific condition displayed 

Step 5

Click no as we can create the certificate request later 

Once we click No then the new empty wallet will be create with out [RootCa trusted certificate or user certificate] we need to certificate request For user certificate

Step 6

Creating New certificate request in the wallet 

click the certificate[empty] and Select add certificate request fill the necessary details according to your organization and save the certificate select the certificate key size as 4096 for the strong key  

Save the wallet under the /basepath/config/CommonDomain_webtier/config/OHS/ohs1/keystores/<wallet directoryname>

Step 7

export the certificate request to the file 

give the file name and click save 

Now you will see three files inside the wallet directory

[oracle@fah]$ ls

cwallet.sso  ewallet.p12  user_certificate_request.req

Once the certificate request is create the we need to use the root authority to sign this certificate.. we can get the root ca from the vendors are we can create the root ca from the OPEN SSL

here we are creating the root ca through the open ssl

Creating the RootCa with Open SSL

Step1
Creating the private key by using openssl

Syntax :openssl genrsa -out <private_key_cert_file> <keysize>

[oracle@fah]$ openssl genrsa  -out fa_privkey.prm  4096

Generating RSA private key, 4096 bit long modulus

.........................................................................................................................................................................++

.......................................................................++

e is 65537 (0x10001)

Step 2

Create the root certificate with the privatekey
Syntax opensslreq -new -x509 -keyout <provate key file name> -out <certificate name> -days <number of days the cert lives>

[oracle@fah]$ openssl req -new -x509 -keyout fa_privkey.pem -out fa_root_cert.pem -days 3650

Generating a 1024 bit RSA private key

............++++++

...++++++

writing new private key to 'fa_privkey.pem'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

phrase is too short, needs to be at least 4 chars

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:

State or Province Name (full name) [Berkshire]:

Locality Name (eg, city) [Newbury]:

Organization Name (eg, company) [My Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []

Email Address []:palaneandavar@alshirawi.ae

[oracle@fah]$

Legends
Country Name              [two digit country code for your country]
State or Province Name[name of the state or province where company is located]
Locality Name              [address of the locality]
Organization Name       [Company name]
Common Name             [any name like companyname_rootca]
Email Address               [email id]
x509                               [X.509 is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure]
keyout                           [the file name contains the key]

Step 3

Creating the User certificate and authorizing with Root_Ca

Syntax :openssl x509 -req -in <certificate request file> -CA <root_ca certificate> -CAkey <privatekey> -CAcreateserial -out <usr_certificate_name>


[oracle@fahtestdb alshirawi]$ openssl x509 -req -in user_certificate_request.req -CA fa_root_cert.pem -CAkey fa_privkey.pem -CAcreateserial -out usersert.pem
Signature ok
subject=/CN=*.<domain_name>/OU= <organizational unit >/O=<organazatation>/L=<location>/C=AE
Getting CA Private Key
Enter pass phrase for fa_privkey.pem:

IMPORTING ROOTCA AND USER CETIFICATE INTO WALLET

Step1

Import RootCa to wallet

Navigate to Operations and select import trusted certificate for importing the root ca

Setp 2

Select the location off the root ca cert stored and import 

click ok and select the file from the location to import into the wallet 

Step 3

Now you can see the root certificate had been imported into the wallet

Step 4

Import the user certificate in to the wallet

Click ok and select the file from the location to import into the wallet 

     Step 5

    save the wallet with the option auto login 

CONFIGURE THE NEW WALLET WITH  OHS IN FUSION APPLICATIONS 

The configuration of the OHS server files are in the location of <basepath>/config/CommonDomain_webtier/config/OHS/ohs1/in the fusion applications there will be two files know as the 

[1]ssl.conf

[2]FusionSSL.conf

we need to add the location of the new wallet in this files to take effect

Edit the FusioSSL.conf and modify the location of the wallet

#Path to the wallet

   SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/<you

rwalletfolder>

Edit the ssl.conf 

#Path to the wallet

   SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/<your wallet folder location>"

your wallet folder location =we need to give the location of the Folder name where the new wallet is store the default location is 

<basepath>/config/CommonDomain_webtier/config/OHS/ohs1/keystore

Finally import the RootCa to the end user's desktop and place it on the trusted root authorities the Firefox is the recommended browser for the fusion applications 

NOTE:Place the Rootca in the trusted root authorities in the browsers 

Renewing default-keystore.jks certificate in fusion applications

Renewing the default-keystore.jks certificate 

In fusion applications under each and every domain a  key store is located  and know as default-key store .jks
which hold the two certificates in it for that particular domain
[1] orakey
[2] webcenter_spaces_ws

Check whether this certificats are expaired and if expaired then we need to renew with the new certificate
To Check the status of the certificates we can use key tool a command line utility which helps us to

Syntax : Key tool -list -v -key store < key store_name>
when it is prompting the password enter the key store password to display the certificates in the key store

Step 1

Check the status of the certificates from the keystore 

[oracle@fah fmwconfig]$ keytool -list -v -keystore default-keystore.jks

Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: orakey
Creation date: Mar 5, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=service, DC=domain_name, DC=com
Issuer: CN=service, DC=domain_name, DC=com
Serial number: 4f5430e3
Valid from: Mon Mar 05 07:20:03 GST 2012 until: Sat Sep 01 07:20:03 GST 2012
Certificate fingerprints:
         MD5:  A5:96:92:BA:16:03:B1:6D:60:F0:35:2F:CB:BC:65:B5
         SHA1: 3F:10:5F:A1:17:2A:69:23:2F:E3:9E:A7:C6:B6:99:AB:92:9E:8D:EA
         Signature algorithm name: SHA1withRSA
         Version: 3
*******************************************
*******************************************
Alias name: webcenter_spaces_ws
Creation date: Mar 5, 2012
Entry type: trustedCertEntry

Owner: CN=service, DC=domain_name, DC=com
Issuer: CN=service, DC=domain_name, DC=com
Serial number: 4f5430e3
Valid from: Mon Mar 05 07:20:03 GST 2012 until: Sat Sep 01 07:20:03 GST 2012
Certificate fingerprints:
         MD5:  A5:96:92:BA:16:03:B1:6D:60:F0:35:2F:CB:BC:65:B5
         SHA1: 3F:10:5F:A1:17:2A:69:23:2F:E3:9E:A7:C6:B6:99:AB:92:9E:8D:EA
         Signature algorithm name: SHA1withRSA
         Version: 3

check all the domains in the fusion applications to verify the default key store certificate is expired for all the domains the key-store  will be located under the fmwconfig  directory   in each domain
In the above  example the certificate  is expired on the sep01 so we need to renew the new certificate

Step 2

To create the new certificate we need to use the keytool command and before creating the new keystore backup the current keystore

check the key tool
[oracle@fah ~]$ which keytool
/u01/oracle/fa/products/fusionapps/jdk6/bin/keytool

Create a new certificate in the default-key store

SYNTAX  :keytool -genkey -keyakgRSA -alias <alias_name  -keystore <keystorename> -storepass <password > validity < nof of validity of certificate in days> keysize <size of the key> "cn=service,dc<domain_name>,dc<com"

genkey         -used to generate the new key
keyalgRSA   we are using the rsa algorithm to generate the private key
keystore       we need to specify  the name for the key store
storepass      password for the keystoree
keysize        size of the key from 1024 to 4096
validity         No of days the certificate will be valid [you have to specify the value in days]
dname            your domain name


[oracle@fah]$ keytool -genkey -keyalg RSA -alias orakey -keystore default-keystore.jks -storepass <password>-validity 3560 -keysize 2048 -dname "cn=service,dc=<domain_name>,dc=com"

Enter key password for <orakey>
        (RETURN if same as keystore password):

if we need to keep the same password for the key store and the certificate then pres enter rather if we need to provide the new password for the cert we can give the new password 

Step 3

List the certificates inside the key-store when the key store was generated it will be generated with the single cert 

[oracle@fah]$ keytool -list -v -keystore <keystore_name>-storepass <password>

Keystore type: JKS

Keystore provider: SUN

Your keystore contains 1 entry

Alias name: orakey

Creation date: Oct 25, 2012

Entry type: PrivateKeyEntry

Certificate chain length: 1

Certificate[1]:

Owner: CN=service, DC=orasiserp, DC="com

"

Issuer: CN=service, DC=orasiserp, DC="com

"

Serial number: 50886309

Valid from: Thu Oct 25 01:52:09 GST 2012 until: Mon Jul 25 01:52:09 GST 2022

Certificate fingerprints:

         MD5:  61:36:FB:D6:8D:A8:54:4D:DD:B6:CF:AE:2A:D1:03:22

         SHA1: E8:78:CD:E3:21:91:9D:8B:9C:ED:B3:A6:55:E2:59:57:BA:60:86:05

         Signature algorithm name: SHA1withRSA

         Version: 3

*******************************************

*******************************************

Step 4

Once the new keystore with the certificate is created then we need to add the second certificate in the keystore

TO create a new certificate

SYNTAX: keytool -export  -alias orakey -file <file_name>-keystore <name of the keystore> -storepass<password>


file :where the new certificate will be created will be ending with the .cer
keystore :name of the keystore [default-keystore.jks]

[oracle@fah]$ keytool -export -alias orakey -file webcenter_spaces_ws.cer -keystore default-keystore.jks -storepass <password>
Certificate stored in file <webcenter_spaces_ws.cer>

Now a new certificate file is generated at the location where the keytool command had been executed
check for the new certificate file


[oracle@fah]$ ll webcenter*
-rw-r--r-- 1 oracle oinstall 774 Oct 28 13:19 webcenter_spaces_ws.cer

Step 5

Add the new certificate to the default keystore

SYNTAX: keytool -import -alais <certificate_name> -file <cert_file_name> -keystore<keystore name> -storepass<password>



[oracle@faht]$ keytool -import -alias webcenter_spaces_ws -file webcenter_spaces_ws.cer -keystore default-keystore.jks -storepass  <password>
Certificate already exists in keystore under alias <orakey>
Do you still want to add it? [no]:  yes
Certificate was added to keystore


Enter yes when it is prompting.. because we have already another certificate in the default key store


Step 6

Now check the keystore and you will find try entries

[oracle@fah] keytool -list -v -keystore default-keystore.jks -storepass <passowrd>

Follow this steps in all the default-keystore which is located under the fmwconfig  Directory ...

Launch workspace give the blank page in the fusion applications

Launching the Hyperion Work space from the financial reporting center gives the blank page 

Launching the work space in the fusion applications gives the Blank page .. when we try to go the bi catalog from the launch work space it gives the bank page because of the XUL manager is depreciated in the latest version of the Firefox [from version 7] to 16 as a one time workaround we need to install the Remote XUL manager add on in the Firefox For one time

Step 1

We need to add the Mozilla Firefox remote XUL Manager add on form the add on list

Step 2
Once you download and install restart the Firefox

Step 3
go to the web developer and Select the Remote XULmanager

Step 4

Add the bi external URL to the Remote XUL manager and then start the firebox

Step 5

Go to the financial reporting center and then select the launch the work space from then window

Step 6

Select the applications and the Bi catalog

Step 7

Select The folder and stat working with the reports