********************************************************************************************* * Description: Oracle FMW Web Tier [OHS] upgrade from 11.1.1.7 to 11.1.1.9 to enable TLS 1.2 * Date: 05:13 PM EST, 11/02/2018 ********************************************************************************************* <1> To enable TLS 1.2 proctol, Oracle FMW Web Tier [OHS] needs to be upgraded to 11.1.1.9: | |__ o. In 11g, patch 20995453 needs to be downloaded and installed to upgrade Oracle HTTP Server to 11.1.1.9. | |__ o. In 12c, the web cache component will be disabled from FMW, so there will be no need to upgrade OHS. <2> After downloading the package, and open the Oracle Universal Installer for implementation: <3> Skip software update: <3> Select updating an existing installation: <4> Prerequisite checking: <5> When fulfilling "Oracle Home Directory", please give ORACLE_HOME, instead of INSTANCE_HOME: <6> Installation Summary: <7> Following error will come up due to permission issue, when upgrading process tries to modifies some webcache configuration file: <8> Modify the permission to give "write - 750", and change back "4750" after installation completed due to there is an "S" enclosed the permission: | |__ $ ls -ltr /u01/Oracle/Middleware/as_1/webcache/bin/ -rwxr-x--- 1 oracle oinstall 3847 May 1 2009 webcache_setuser.sh -rwxr-x--- 1 oracle oinstall 8127304 Aug 11 2012 webcached0 -rwxr-x--- 1 oracle oinstall 6918408 Aug 11 2012 webcachea0 -rwx------ 1 oracle oinstall 751775 Jan 13 2013 webcachectl0 -rwsr-x--- 1 root oinstall 8130584 Nov 17 2017 webcached -rwsr-x--- 1 root oinstall 751700 Nov 17 2017 webcachectl -rwsr-x--- 1 root oinstall 6918408 Nov 17 2017 webcachea <9> GUI installation completed, and remember to change the Webcache configure file permission back: <10> Check the OPatch inventory once from command line: | |__ $ opatch lsinventory Oracle Interim Patch Installer version 11.1.0.11.0 Copyright (c) 2018, Oracle Corporation. All rights reserved. Oracle Home : /u01/Oracle/Middleware/as_1 Central Inventory : /u01/oraInventory from : /u01/Oracle/Middleware/as_1/oraInst.loc OPatch version : 11.1.0.11.0 OUI version : 11.1.0.9.0 Log file location : /u01/Oracle/Middleware/as_1/cfgtoollogs/opatch/opatch2018-07-24_12-59-55PM_1.log OPatch detects the Middleware Home as "/u01/Oracle/Middleware" Lsinventory Output file location : /u01/Oracle/Middleware/as_1/cfgtoollogs/opatch/lsinv/lsinventory2018-07-24_12-59-55PM.txt -------------------------------------------------------------------------------- Installed Top-level Products (4): Oracle Portal, Forms, Reports and Discoverer 11g 11.1.1.2.0 Oracle Portal, Forms, Reports and Discoverer 11g Patchset 11.1.1.3.0 Oracle Portal, Forms, Reports and Discoverer 11g Patchset 11.1.1.7.0 Oracle WebTier and Utilities CD 11.1.1.9.0 There are 4 products installed in this Oracle Home. Interim patches (10) : Patch 20002159 : applied on Tue May 22 15:28:53 EDT 2018 Unique Patch ID: 18257258 Created on 10 Nov 2014, 21:28:48 hrs PST8PDT Bugs fixed: 18112929 -------------------------------------------------------------------------------- OPatch succeeded. <11> After patching installation, when starting OHS process, folloing error will be coming up due to Java Release 6 [1.6.*] could not support OHS 11.1.1.9: | |__ o. java.lang.UnsupportedClassVersionError: com/sun/crypto/provider/SunJCE : Unsupported major.minor version 51.0 <12> Needs to install higher version Java to be compatible: | |__ o. Any Oracle Software installing package includes intergrated JAVA. For OHS 11.1.1.9 patch, the included Java version is 7u79. | |__ $ java -version | | java version "1.6.0_20" | Java(TM) SE Runtime Environment (build 1.6.0_20-b02) | Java HotSpot(TM) 64-Bit Server VM (build 16.3-b01, mixed mode) | | |__ $ cp /shared/oracle/jdk-7u79-linux-x64.rpm /usr/java/ | | |__ $ rpm -Uvh /usr/java/jdk-7u80-linux-x64.rpm | | Preparing... ########################################### [100%] | file /etc/init.d/jexec from install of jdk-1.7.0_80-fcs.x86_64 conflicts with file from package jre-1.6.0_18-fcs.i586 | | |__ $ rpm -e jre-1.6.0_18-fcs.i586 | |__ $ rpm -Uvh /usr/java/jdk-7u80-linux-x64.rpm Preparing... ########################################### [100%] 1:jdk ########################################### [100%] Unpacking JAR files... rt.jar... jsse.jar... charsets.jar... tools.jar... localedata.jar... jfxrt.jar... <13> Environment Variable Update for system user "oracle": | |__ o. $PATH within /home/oracle/.bash_profile $SUN_JAVA_HOME and $JAVA_HOME within /u01/Oracle/Middleware/user_projects/domains/ClassicDomain/bin/setDomainEnv.sh $JAVA_HOME on "set" $JAVA_HOME on /u01/Oracle/Middleware/wlserver_10.3/common/bin/commEnv.sh <14> Due to a bug, after patch installation. When starting up FWM components, the error "libhpi.so" library is missing from Java: | |__ As a work around, creating "nature_threads" folder and copy libhip.so shared object enclosed the folder: a. mkdir /u01/Oracle/Middleware/as_1/jdk/jre/lib/amd64/native_threads b. chmod 775 native_threads c. cp /shared/oracle/libhpi.so . <15> Start each components and processes. <16> Update webcache.xml to accept TLS1.0/1.1/1.2: | |__ o. Login as root, and open /u01/Oracle/Middleware/asinst_1/config/WebCache/webcache1/webcache.xml | |__ o. Change "SSLENABLED ==> TLSV1V1_1V1_2" <17> Reboot WebCache from the FMW OEM: | |__ o. But, in this case, "WebCache Admin" process will fail to startup, and WebCache process would be fine. <18> Reference: | |__ o. https://it-sysoft.com/sysoftexperts/update-oracle-web-tier-ohs-from-11-1-1-7-0-to-11-1-1-9-0-to-support-tls1-2/ | |__ o. https://docs.oracle.com/middleware/11119/webtier/releasenotes-webcache/OWCRN.pdf
Your Comments