1) Log in as the user that owns the application tier installation (this is usually applmgr or oracle)
2) Source the run file system environment and the $FMW_HOME/SetWebtier.env file
Note: For an Oracle E-Business Suite Release 12.2 new installation, all steps must be performed on the run edition file system. Only following needs to be used for sourcing run edition file system (UNIX):
$ source /m001/oracle/PROD/fs1/EBSapps/appl/APPSPROD_ebsapp01.env
3) Set an alias for the correct orapki
$ alias orapki=$FMW_HOME/oracle_common/bin/orapki
4) Create a new wallet with an acceptable self-signed certificate in $HOME/ss. For example:
$ mkdir ~/ss
$ cd ~/ss
$ orapki wallet create -wallet ./ -auto_login_only
$ orapki wallet add -wallet . -dn “CN=FMWSmallCircleOfTrust” -asym_alg RSA -keysize 2048 -sign_alg sha256 -self_signed -validity 3652 -auto_login_only
$ orapki wallet display -wallet .
5) Find the instanceName of this environment and save in variable for later use
$ tr < $CONTEXT_FILE ‘<>’ ‘ ‘ | awk ‘/”s_ohs_instance”/ {print $(NF-1)}’
EBS_web_PROD_OHS1
$ iName=$(tr < $CONTEXT_FILE ‘<>’ ‘ ‘ | awk ‘/”s_ohs_instance”/ {print $(NF-1)}’ )
6) Go to the instance directory
$ cd $FMW_HOME/webtier/instances/$iName
7) Find the default wallets used by this instance
$ find . -name cwallet.sso | fgrep -v /webgate/
./config/OHS/EBS_web_PROD/proxy-wallet/cwallet.sso
./config/OHS/EBS_web_PROD/keystores/default/cwallet.sso
./config/OPMN/opmn/wallet/cwallet.sso
8) Verify that each wallet only contains the self-signed certificate
$ find . -name cwallet.sso | fgrep -v /webgate/ | while read w ;do echo -e “\n$w”; orapki wallet display -nologo -wallet $w ;done
9) Copy the new SHA-256 signed wallet to all default wallet locations.
$ find . -name cwallet.sso | fgrep -v /webgate/ | while read w ; do echo $w; cp -p ~/ss/cwallet.sso $w ; done
10) Prepare to make the changes to the patch file systems by modifying adop_sync.drv located under $APPL_TOP_NE/ad/custom to include the following:
Note: This step is not applicable for Oracle E-Business Suite Release 12.2 new installations.
#Oracle HTTP Server Wallet – cwallet.sso
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/keystores/default/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/keystores/default/cwallet.sso
#OPMN Wallet – cwallet.sso
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OPMN/opmn/wallet/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OPMN/opmn/wallet/cwallet.sso
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/proxy-wallet/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/proxy-wallet/cwallet.sso
The changes will be propagated to the patch file system when you perform the steps in Section 3 during the prepare phase (adop phase=prepare) of online patching and will take effect after a successful cutover (adop phase=cutover).
11) To use the Oracle Fusion Middleware Control Enterprise Manager (EM) Console at http://<app01>:7001/em to manage OHS, you may have to re-register OHS and its new certificate with Fusion Middleware Control. This must be done on both the run and patch file systems.
If you have determined that OHS reports as down in the Oracle Fusion Middleware EM Console, perform these steps to re-register OHS:
a) Obtain the host, port, and user name variables for WLS Admin from CONTEXT_FILE:
$ aHost=$( tr < $CONTEXT_FILE ‘<>’ ‘ ‘ | awk ‘/”s_wls_admin_host”/ {print $(NF-1)}’ )
$ aPort=$( tr < $CONTEXT_FILE ‘<>’ ‘ ‘ | awk ‘/”s_wls_adminport”/ {print $(NF-1)}’ )
$ aUser=$( tr < $CONTEXT_FILE ‘<>’ ‘ ‘ | awk ‘/”s_wls_admin_user”/ {print $(NF-1)}’ )
b) Re-register OHS using the following commands:
$ cd $FMW_HOME/webtier/instances/$iName/bin
$ ./opmnctl unregisterinstance -adminHost $aHost -adminPort $aPort -adminUsername $aUser -instanceName $iName
$ ./opmnctl registerinstance -adminHost $aHost -adminPort $aPort -adminUsername $aUser
12) Start OHS:
$ ./opmnctl status
opmnctl status: opmn is not running.
$ ./opmnctl startall
opmnctl startall: starting opmn and all managed processes…
$ ./opmnctl status
Processes in Instance: EBS_web_PROD_OHS1
———————————+——————–+———+———
ias-component | process-type | pid | status
———————————+——————–+———+———
EBS_web_PROD | OHS | 21838 | Alive
