How to create an AQ (Advanced Queue) on Oracle DB

Keywords: Advanced Queue, AQ, AQ Creation, Queue, Queue Creation, How to create a queue, Queue in SOA, SOA, OSB, BPEL

--------------------------------------------------------------------
Following are the steps to follow:-
--------------------------------------------------------------------

/* Creating a RAW type queue table and queue: */

BEGIN
DBMS_AQADM.CREATE_QUEUE_TABLE (
queue_table          => 'RawMsgs_mahi_qtab',
queue_payload_type   => 'RAW');

DBMS_AQADM.CREATE_QUEUE (
queue_name          => 'raw_msg_queue_mahi',
queue_table         => 'RawMsgs_mahi_qtab');

DBMS_AQADM.START_QUEUE (
queue_name          => 'raw_msg_queue_mahi');
END;

--------------------------------------------------------------------
Script to Stop and Drop the Queue:
--------------------------------------------------------------------
EXECUTE dbms_aqadm.stop_queue (queue_name => 'aq_user.msg_queue');
EXECUTE dbms_aqadm.drop_queue (queue_name => 'aq_user.msg_queue');
EXECUTE dbms_aqadm.drop_queue_table (queue_table => 'aq_user.msg_qt');

DROP TYPE aq_user.message_type;

Keywords: Advanced Queue, AQ, AQ Creation, Queue, Queue Creation, How to create a queue, Queue in SOA, SOA, OSB, BPEL

Custom Identity and Custom Trust

Keywords: Custom Identity and Custom Trust, Keystore, Identity Store, Trust Store, Identity and Trust Store, Weblogic, SSL, 1-way SSl, 2-way SSL, one-way ssl, two-way ssl, security, keystores, java keystore, weblogic keystore

In this document we will learn step by step to create a custom identity keystore and custom trust 

keystore.

I will generate:-

•  myIdentity.jks (This is my Identity Keystore to hold the private key)
•  myTrust.jks (This is my Trust Keystore to hold the trusted certificates)

In this exercise my java is pre-set and I can run ‘keytool’ command being at any directory location. So I am going to the directory where I have to generate the keystores.

1.       Go to a directory where you want to generate the keystores (identity and trust keystores)

Example:-

Suppose In command prompt, I am currently in the directory ‘E:\’ and I want to create my keystores at the directory location ‘E:\_CreateKeystore_WithKeytool’. So I will have to go as below:-

E:\>cd E:\_CreateKeystore_WithKeytool

E:\_CreateKeystore_WithKeytool>

2.       Now, run below keytool command to create an identity keystore 'myIdentity.jks' with a private key with alias 'mykey':-

keytool -genkey -alias mykey -keyalg RSA -keysize 1024 -validity 1825 -keypass password -keystore myIdentity.jks -storepass password

(All the things highlighted above in yellow can be changed as per your need. But in this exercise we are keeping these as above.)

It will ask few questions like below, just answer them and go ahead:-

It will generate the file ‘myIdentity.jks’ at your folder location as below:-

3.       Now, export this private key 'mykey' with a name 'root.cer' on the same folder as below:-

keytool -export  -alias mykey -file root.cer -keystore myIdentity.jks -storepass password

The file is exported with the name ‘root.cer’ in the same folder location as below:-

4.       Now, create a trust store with the name of 'myTrust.jks' and import the file 'root.cer' into it:-

keytool -import -alias mykey -file root.cer -keystore myTrust.jks -storepass password

When you run the above command, just write ‘y’ and press enter when it asks ‘Trust this certificate?’

When you run the above command, just write ‘y’ and press enter when it asks ‘Trust this certificate?’

5.       Now, copy the AXIOM (or any other third party certificate) on the same folder to import it into trust store ‘myTrust.jks’

Now, import the axiom certificate into the same 'myTrust.jks'. Also, similarly you can import any number of certificates into the same trust store

keytool -import -alias myaxiomcert -file uat.axiom.acledabank.local.cer -keystore myTrust.jks -storepass password

It will again prompt for ‘Trust this certificate?’. Type ‘y’ and press enter as below:-

In above command I am importing the AXIOM’s certificate (from the same folder location) having the file name ‘uat.axiom.acledabank.local.cer’.

NOTE: If your certificate is at different location then you will need to give full path also.

Now, Axiom’s certificate is imported into the trust store ‘myTrust.jks’ file.

Now, you must see all these files present in your directory as below:-

Now, you will need to set up these keystores in weblogic console.

6.    Before doing this, you need to make sure that below pre-requisites should already been there

Prerequisite 1:

Enable SSL listen port on Admin Server and all managed servers.

In Our case we have an ‘AdminServer’ and a managed server ‘Osb_Server1’ in our domain:-

Prerequisite 2:

Your domain must have the nodemanager folder and this folder must have the nodemanager.properties file.

For example see below:-

Because after configuring the ‘Custom Identity And Custom Trust’ in weblogic, we need to add these information into the above property file (nodemanager.properties) as well, so that your managed servers can read these keystores at the time of restart and your keystores can work properly.

So please make sure that your domain must have both the pre-requisites already.

7.       Now, start the managed servers and admin servers of your domain and login to admin console

Once you log-in to the admin console. Go to:-

Home >newosb_domain >AdminServer

And open ‘Keystore’ Tab

Now, Click on ‘Change’ button and select ‘Custom Identity and Custom Trust’ as below:-

Now set ‘Keystore’ tab as below:-

IDENTITY
Custom Identity Keystore:	C:\app\oracle\product\fmw12211\MyKeystores\myIdentity.jks
Custom Identity Keystore Type:	jks
Custom Identity Keystore Passphrase:	Password
Confirm Custom Identity Keystore Passphrase:	password
TRUST
Custom Trust Keystore:	C:\app\oracle\product\fmw12211\MyKeystores\myTrust.jks
Custom Trust Keystore Type:	jks
Custom Trust Keystore Passphrase:	Password
Confirm Custom Trust Keystore Passphrase:	password

Now, go to ‘SSL’ tab and configure as below:-

Private Key Alias:	mykey
Private Key Passphrase:	password
Confirm Private Key Passphrase:	password

Now, on the same ‘SSL’ page, click on ‘advanced’ at the bottom of the page to see advanced settings

Now, set ‘Hostname Verification:’ as ‘None’. See as below:-

8.       Similarly we will repeat the Step 7 for the managed server ‘Osb_Server1’ under it’s ‘Keystore’ tab and ‘SSL’ tab

9.     If there are more managed servers, then we have to do the similar configuration for those managed servers as well, which we are doing in Step 7

10.       Now, open the folder where your domain is existing and then go to node manager folder

In, our case it is:-

‘C:\app\oracle\product\fmw12211\user_projects\domains\newosb_domain\nodemanager'

Go to ‘nodemanager’ folder and open the file ‘nodemanager.properties’ in notepad

By default, this property file looks like as below:-

11.       Now add below lines at the bottom of the above property file:-

KeyStores=CustomIdentityAndCustomTrust CustomIdentityKeyStoreType=jks CustomIdentityKeyStoreFileName=C\:\\app\\oracle\\product\\fmw12211\\MyKeystores\\myIdentity.jks CustomIdentityKeyStorePassPhrase=password CustomIdentityPrivateKeyPassPhrase=password CustomIdentityAlias=mykey CustomTrustKeyStoreType=jks CustomTrustKeyStoreFileName=C\:\\app\\oracle\\product\\fmw12211\\MyKeystores\\myTrust.jks CustomTrustKeyStorePassPhrase=password

Now, start your nodemanager and restart your managed servers and admin server to reflect the change.

Once you do it, the file ‘nodemanager.properties’ look like as below:-

You can see that the passwords automatically get’s encrypted/hidden after restarting nodemanager of your domain.

Now, your domains starts reading your custom identity and custom trust keystores.

Keywords: Custom Identity and Custom Trust, Keystore, Identity Store, Trust Store, Identity and Trust Store, Weblogic, SSL, 1-way SSl, 2-way SSL, one-way ssl, two-way ssl, security, keystores, java keystore, weblogic keystore