Oracle Apps R12: How To Renew SSL Certificate on Apps Tier in 5 minutes

1.      Set Your Environment

·         Logon to the application middle tier as the OS user who owns the middle tier files.

·         Source your middle tier environment file.

·         Navigate to the $INST_TOP/ora/10.1.3 and source the .env file to set your 10.1.3 ORACLE_HOME variables.

Note:- When working with wallets and certificates you MUST use the 10.1.3 executables.

2.      Deploy Certificate across Environment

export SYSTEM=ajiebs

export SSLDIR=/u01/app/applmgr${SYSTEM}/ssl_renew

export SSLENV=ajiebs.lab.com

mkdir -p $SSLDIR

chmod 700 $SSLDIR

3.      Copy new certificate and the CA certificate to the $SSLDIR directory e.g.

-rw-r--r--  1 applmgr oinstall 4198 Jul 26 10:30 chain.cer

-rw-r--r--  1 applmgr oinstall 1794 Jul 26 10:30 ajiebs.lab.com.cer

-rw-r--r--  1 applmgr oinstall  887 Jul 26 10:30 ajiebs.lab.com.key

4.      Create the wallet

cd $SSLDIR

$ORACLE_HOME/Apache/Apache/bin/ssl2ossl -cert ${SSLENV}.cer -key ${SSLENV}.key -cafile ./chain.cer -wallet . -ssowallet yes

5.      The content of wallet can be listed e.g.

orapki wallet display -wallet $SSLDIR

Requested Certificates:

Subject:        CN=ajiebs.lab.com,OU=Information Technology,O=Lab Inc.,L=Bangalore,ST=India,C=IN

User Certificates:

Trusted Certificates:

Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Subject:        CN=ajiebs.lab.com,OU=Information Technology,O=Lab Inc., L=Bangalore,ST=India,C=IN

Subject:        CN=Lab Inc. Enterprise Issuing CA1,O=Lab Inc.

Subject:        CN=Lab Inc. Enterprise CA,O=Lab Inc.

6.      Determine the current Apache's wallet directory

·         Which is the value of s_web_ssl_directory + Apache, by default it's $INST_TOP/certs/Apache

·         Create a new directory named BAK and move the default wallet's files to there

·         Install the new wallet

cd $SSLDIR/../

mv ssl ssl_bak_`date +%Y`

mv ssl_renew ssl

Some features of XML Publisher and BI Publisher require the server certficate to be present in cacerts file.

7.      Backup the existing cacerts file.

cp $OA_JRE_TOP/lib/security/cacerts $OA_JRE_TOP/lib/security/cacerts.bak.`date +%Y`

8.      Add new server cert to cacerts:

chmod u+w $OA_JRE_TOP/lib/security/cacerts

keytool -importcert -keystore $OA_JRE_TOP/lib/security/cacerts -alias ${SSLENV}.`date +%Y`.lab.com -file ${SSLENV}.cer -v

9.      When prompted enter the keystore password.

10.  Restart APP Web Tier

11.  Restart oacore, forms, web listener processes

How to configure Postfix SMTP relay office365 on Centos

 

Postfix:

Postfix is a flexible mail server that is available on most Linux distribution. Though a full featured mail server, Postfix can also be used as a simple relay host to another mail server, or smart host. This tutorial will describe how to configure Postfix as a relay through Office365.

 

Requirement:

CentOS  or Red Hat Enterprise Linux 
Valid Office365 email credentials.

Installation:

Install Postfix using command below

[root@localhost ~]# yum install postfix cyrus-sasl-plain mailx

 

Configuration changes:

Postfix main configuration file is main.cf, let's make the required change as follow:

[root@localhost ~]# vi /etc/postfix/main.cf

 Append the following line

relayhost = [smtp.office365.com]:587

mynetworks = 127.0.0.0/8

inet_interfaces = loopback-only

smtp_use_tls = yes

smtp_always_send_ehlo = yes

smtp_sasl_auth_enable = yes

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

smtp_sasl_security_options = noanonymous

smtp_sasl_tls_security_options = noanonymous

smtp_tls_security_level = encrypt

smtp_generic_maps = hash:/etc/postfix/generic

#smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

sender_canonical_classes = envelope_sender, header_sender

sender_canonical_maps =  regexp:/etc/postfix/sender_canonical_maps

smtp_header_checks = regexp:/etc/postfix/header_check




Rewrite envelope address from email originating from the server itself

/etc/postfix/sender_canonical_maps:

/.+/    newsender@address.com

Rewrite from address in SMTP relayed e-mail

/etc/postfix/header_check:

/From:.*/ REPLACE From: newsender@address.com

 

Save and exit from the file.

The configuration of postfix SASL credentials:

[root@localhost ~]# vi /etc/postfix/sasl_passwd

Add a line below

[smtp.office365.com]:587 user@domainname:password

Save and exit from file

 

A Postfix lookup table must now be generated from the sasl_passwd text file by running the following command.

[root@localhost ~]# postmap /etc/postfix/sasl_passwd

Now change permission for this file

[root@localhost ~]# chown root:postfix /etc/postfix/sasl_passwd

[root@localhost ~]# chmod 640 /etc/postfix/sasl_passwd

 

 

Next let's correct the file permission.

[root@localhost ~]# chown root:root /etc/postfix/generic

[root@localhost ~]# chmod 0600 /etc/postfix/generic

[root@localhost ~]# postmap /etc/postfix/generic

 

/etc/postfix/main.cf:

 

Let's restart Postfix service.

[root@localhost ~]# systemctl restart postfix

 

Now try to send a test email using the command below:
FOR  Centos:

echo "This is the body of the email"| mail -r"Sender-Display-Name<sender@domain.com>" -s "This is the subject(E-Mail from SMTP Relay) line" recipeat@gmail.com