Beruflich Dokumente
Kultur Dokumente
2
1) Patch 17545215 CONSOLIDATED JRI FIXES FOR 12.2
NO NEED TO APPLY THIS PATCH IF YOU HAVE latest AD RUP 4
Type: ADOP patch
2) Patch 17766337: R12.AD.C.delta.4 or higher
Type: ADOP patch
Before we apply above Consoldated JRI Patch, we need to run the adgrants.sql script
as a user that can connect as SYSDBA to grant privileges to selected SYS objects and
create PL/SQL profiler objects.
1)StoptheEBSapplicationservices.
2)Createthedirectory$ORACLE_HOME/appsutil/adminonthedatabaseserver
ifitdoesnotalreadyexist.
3)SettheenvironmenttopointtoORACLE_HOMEonthedatabaseserver.
4)Ifyoualreadyhaveaversionofadgrants.sqlunderyourORACLE_HOME
thatisalaterversionthantheonesuppliedinthepatch,gotostep4.
Ifnot,copy<patch_dir>/admin/adgrants.sql(UNIX)fromthispatch
directoryto$ORACLE_HOME/appsutil/admin.
YouwillfindithereforR12.1>17191279/admin/adgrants.sql,ForR12.2>
17545215/admin/adgrants.sql
5)UseSQL*Plustorunthescript:
$sqlplus/nolog
SQL>@$ORACLE_HOME/appsutil/admin/adgrants.sql<APPSschemaname>
EntertheAPPSusername:apps
EntertheAPPSpassword:<GIVE_APPS_PASSWORD>
EntertheNameofyourCompany(usedforbothCNandORGANIZATIONNAME)
[CN/ORGANIZATIONNAME]:<PUTCORPORATIONNAME>
Enterthedepartmentorgroupthatwillusethecertificate[ORGANIZATION
UNIT]:<PUTORGANIZATIONUNIT>
Enterthefullnameofthecitywhereyourorganization'sheadofficeis
located[LOCALITY]:<PUTCITY>
EnterthefullnameoftheState,ProvinceorCountywhereyour
organization'sheadofficeislocated[STATE]:<PUTSTATE>
EnterthetwoletterISOabbreviationforyourcountry(forexample,USfor
theUnitedStates)[COUNTRY]:<PUTCOUNTRY>
This will back up your existing keystore (adkeystore.dat to adkeystore.bak) and also
create the following files under the $APPL_TOP/admin directory):
adkeystore.bak
JavaVersionFile
adsign.txt
adkeystore.dat
The caerts file is system wide keystore used by Java which needs to store the
Public Root Certificate of your CA provider. Add your root certificate to
cacerts so that the jarsigner program trusts it.
Note for future consideration: Whenever you upgrade your jdk version on
the server any additional certificates you have added to your cacerts file will
be lost. You will need to re-import the root certificate or keep a copy of your
original cacerts file which you can copy back in.
Copy your Root Certificate to above directory and Rename to say javarootca.crt
Note: The default Java <cacerts_password> for the cacerts keystore certificates file is
usually changeit.
$cd$OA_JRE_TOP/lib/security/
$keytoolimportaliasjavarootcafilejavarootca.crttrustcacertsv
keystorecacerts
Enterkeystorepassword:<cacerts_password>
Trustthiscertificate?[no]:y
CertificatewasaddedtoKeystore
[Storingcacerts]
$chmodawcacerts
$cd$APPL_TOP/admin
$adjkeyimportfileadkeystore.crttrustcacerts
EntertheAPPSusername:apps
EntertheAPPSpassword:<input_apps_password>
Your keystore (adkeystore.dat) should now contain your private key and a corresponding
CA-signed code-signing certificate. AD tools can now sign the JARs served to clients
using this information.
$adstpall.shapps_user/apps_pwd
$adstrtal.shapps_user/apps_pwd
Navigate to Control Panel -> Java -> Security (tab) -> Manage Certificates (button)
-> Certificate Type: Trusted Certificates
Select your new certificate from the list and click the Export button, save the file
as <hostname>.crt, e.g. myhost.crt
Double click on the <hostname>.crt file to display the certificate.
Click the Details tab and verify the following values correspond to the values you gave
earlier:
Valid from displays the date and time that you created the certificate
Subject contains values for CN, OU, O, L, S, C
namely [CN], [ORGANIZATION UNIT], [ORGANIZATION NAME], [LOCALITY], [STATE],
[COUNTRY]
Public Key displays RSA (XXXX Bits) e.g. RSA (2048 Bits)