Putty with XMING for OFM installations

Putty with XMING for OFM installations

PuTTY

PuTTY is a free terminal emulator that supports SSH, Telnet and Rlogin network protocols.

PuTTY has a graphical configuration interface with features like; storage of connection data, port forwarding and SCP and SFTP support

URL:     à http://www.putty.org/

           

SUGGESTED CONFIGURATION:

1)   Connection à Data – set Terminal-type = xterm or vt220.

        2)  Connection à SSH – order Blowfish then 3DES
3)    Window à Colours – leave background as black, Modify Default Foreground(text) as desired.
4)    Connection à SSH à X11 – click on Enable X11 forwarding box
5)    Click on Save, then Open

Xming:

Xming is the leading Free Software X Window Server for Microsoft Windows.

URL:        http://www.straightrunning.com/XmingNotes/

FILE LIST –

1.       Xming-6-9-0-31-setup.exe
-Xming 2.15MB Microsoft Windows program installer.
-Standard Xming uses the OpenGL renderer.
-Installs only the absolute minimum fonts and includes the XLaunch wizard as an optional component.

2.       Xming-fonts-7-3-0-15-setup.exe
-Font package
-Xming-fonts 30.0MB optional extra, may be used to supersede the
-absolute minimum 'Bitmap fonts' installed with Xming as well as
-providing the bulk of X Window standard fonts.
àRequired for Oracle GUI
àInstall fonts in the folder where Xming is already installed.

USAGE:

Execute Xming – icon will open in system tray on bottom right of screen.

Execute PuTTY à connect to server à enter xterm – the new window will open.
In the new xterm window start your GUI

OPEN SSL Commands

OPEN SSL to create PKCS12 Keystore

A root certificate is a fundamental component of the Public Key Infrastructure (PKI) that forms the backbone of secure communications on the internet. It is issued by a trusted entity called a Certificate Authority (CA) and is used to establish trust for a chain of certificates.

---

Key Characteristics of a Root Certificate:

1. Self-Signed Certificate:

   • A root certificate is self-signed, meaning it is signed by the Certificate Authority (CA) itself.
   • This makes it the "trust anchor" of the certificate chain.

2. Trusted by Operating Systems and Browsers:

   • Root certificates are pre-installed in the trust stores of operating systems (e.g., Windows, macOS, Linux) and browsers (e.g., Chrome, Firefox).
   • If a root certificate is in the trust store, all certificates signed by it (or intermediates it has signed) are trusted.

3. Top of the Certificate Chain:

   • In the certificate chain, the root certificate is at the top, followed by one or more intermediate certificates, and finally the end-entity certificate (e.g., a website certificate).

---

Structure of a Root Certificate:

A root certificate includes:

• Issuer: The name of the CA that issued the root certificate (usually itself, since it's self-signed).
• Subject: The name of the entity the certificate is issued to (the CA itself).
• Public Key: The CA's public key, used to verify signatures.
• Validity Period: The start and expiry dates of the certificate.
• Signature Algorithm: The cryptographic algorithm used to create the certificate's signature.

---

Why Root Certificates Are Important:

1. Trust Establishment:

   • Root certificates enable secure connections (e.g., HTTPS, email encryption) by creating a chain of trust.

2. Certificate Chain Validation:

   • When you visit a website, your browser validates the website’s certificate by following the chain of trust back to a root certificate in its trust store.

3. Security:

   • Root certificates ensure that only trusted parties (like websites or services) can communicate securely with users.

---

Example of a Certificate Chain:

1. Root Certificate:

   • Issued by "GlobalSign Root CA."
   • Installed in your system/browser's trust store.

2. Intermediate Certificate:

   • Issued by "GlobalSign Intermediate CA" and signed by the root certificate.

3. End-Entity Certificate:

   • Issued to "example.com" and signed by the intermediate certificate.

When you visit example.com, the browser validates the chain:

• The end-entity certificate is trusted because it is signed by the intermediate certificate.
• The intermediate certificate is trusted because it is signed by the root certificate.

1.)Create a Self Signed Certificate
openssl req -x509 -nodes -days 365  -newkey rsa:1024 -keyout selfsigned.pem -out selfsigned.pem

2.) Verify a self-signed certificate
openssl verify selfsigned.pem

3.) Export selfsigned.pem as PKCS#12 file, identity.pfx 
openssl pkcs12 -export -out identity.pfx -in selfsigned.pem -name "selfsigned"

4:) Extract public certificate from url

openssl s_client -showcerts -connect core-integrations.mindtelligent.com:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > certificate.pem

5:) Extract Private Key

If you have a .p7b (PKCS#7) certificate file and need to extract the private key, it’s important to note that .p7b files typically do not include the private key. They usually only contain the certificate chain (public certificates).

If you still want to extract a private key and believe the key is associated with this file, you will need the original private key that was created during the Certificate Signing Request (CSR) process or convert the .p7b to another format like .pem to handle certificates and key extraction.

To extract the private key from a .p12 (PKCS#12) file, you can use the openssl command. Here's how to do it:

 openssl pkcs12 -in ./core-integrations.mindtelligent.com.p12 -out privatekey.pem -nodes -password pass:password123

6:) Extract Certificate Chain

 

 openssl pkcs12 -in core-integrations.mindtelligent.com.p12 -clcerts -nokeys -out  core-integrations-mindtelligent.com.certchain.pem -password pass:password123

Mule ESB 3.4.4: Configure Oracle JDBC driver in Mule Developer Studio

Mule ESB 3.4.4: Configure  Oracle JDBC driver in Mule Developer Studio

A JDBC driver is a software component enabling a Java application to interact with a database. 

To connect with individual databases, JDBC (the Java Database Connectivity API) requires drivers for each database. The JDBC driver gives out the connection to the database and implements the protocol for transferring the query and result between client and database.

• Right Click on Project Explorer
• Right Click on Build Path
• Right Click on Add External Archives

• Choose the location of the Oracle JDBC driver. Press Open.

• You can the driver in the Referenced Libraries .

Create a Data Source

• 1.) Click on Global Elements; 2.) Click on Create; 3.) Click on Data Sources; 4.) Click on Oracle Data Sources;5.)Click on OK

• 1.) Enter JDBC URL;2.) Enter user name; 3.)Enter password.

Create a connector

• 1.) Click on Global Elements; 2.) Click on Create; 3.) Click on Connectors; 4.) Click on Database;5.)Click on OK

• Choose the Data Source and Press OK.

OIAM 11.1.2. / SOA 11.1.1.7 : Reset Expired Passwords for Infrastructure tables

OIAM 11.1.2. / SOA 11.1.1.7 : Reset Expired Passwords for Infrastructure  tables

By default the passwords for OIM and SOA infrastructure tables expire in 180 days. Incase the password expire we need to reset the password so the OIAM and SOA managed servers can be started.

To resolve this issue, following steps can be taken.

1.)  Connect to database using sys users.


2.)  Run the SQL statement select * from dba_profiles;

Here PASSWORD_LIFE_TIME field is responsible for expiring of password after 180 days.

3.  Execute following command to disable this feature:

Sql> ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;

SQL> select * from dba_profiles;

5.) We need to Reset the password of the locked user. We can use the same password or a different password.

SQL> SPOOL PassworrdResetList.sql

SQL> select 'alter user "'||d.username||'" identified by values '''||u.password||''';' c

from dba_users d, sys.user$ u

where u.user# = d.user_id

and  d.username IN (select username from dba_users where account_status like 'EXPIRED%')

SQL>SPOOL OFF

6.) SPOOL file will give a list of ALTER USER commands. execute these commands to reset the passwords.

7.) 

SQL> SPOOL LockedUsers.sql

SQL> select 'ALTER USER ' || username || ' ACCOUNT UNLOCK;' from dba_users where account_status like '%LOCKED%';

SQL> SPOOL OFF

8.) Run all the ALTER USER username ACCOUNT UNLOCK from the spool file. Please ensure that you DO NOT UNLOCK those users which are recommended to remain LOCKED by Oracle.

OFM 10.3.6 Java code to import the certificates in JKS

OFM 10.3.6 Java code to import the certificates in JKS

package mindtelligent.custom.jks;


import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectInputStream;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.util.List;

public class ImportPublicCertificateToJKS {
  public static void main(String args[]) throws Exception {
    FileInputStream f = new FileInputStream("CertificatePath.dat");
    ObjectInputStream b = new ObjectInputStream(f);
    CertPath cp = (CertPath) b.readObject();

    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(null, null);
    List cplist = cp.getCertificates();
    Object[] o = cplist.toArray();
    for (int i = 0; i < o.length; i++) {
      X509Certificate c = (X509Certificate) o[i];
      ks.setCertificateEntry("my" + i, c);
    }
    FileOutputStream output = new FileOutputStream("MyCertPathStore");
    ks.store(output, "mypass".toCharArray());
    output.close();

  }
}