TLS 1.2 Upgrade EBS R12.1.3

In Summary
Source Document: Enabling TLS in Oracle E-Business Suite Release 12.1 (Doc ID 376700.1)

Step 1 : Upgrade to Latest JDK (JDK_7_181_32bit_27411505) & apply 10.1.2 Patches ==> Completed Successfully
Step 2 : Apply the October 2015 CPU (10.1.3) –>21845960 ==> Completed Successfully
Step 3 : Apply the 10.1.3.5 OpenSSL patches. –> All Other 10.1.3 Patches==> Completed Successfully
Step 4 : Apply product-specific patches(ad patches) –Ad patches ==> Completed Successfully

Error Faced:
Only Error , is OPMN Services are timed-out.
ERROR : Timed out( 100000 ): Interrupted Exception - This is JDK Upgrade (10.1.2 Pathes) , this can be safely ignored

One patch needs OUI and needs to be enabled with unix team and using 1301320.1

Pacthes ==> adpacthes , 10.1.2,10.1.3
JDK ==> JDK Pacth Version & Details
Certificates ==> Certificates Required for TLS1.2

Sample Steps (Other)

Enabling TLS in Oracle E-Business Suite Release 12.1 (Doc ID 376700.1)

Using JDK 7.0 Latest Update with Oracle E-Business Suite Release 12.0 and 12.1 (Doc ID 1467892.1)

Apply patches 16545472, 17309237 (EBS patches – adpatch)

Install new JDK version on server

Create new JDK folder in $IAS_ORACLE_HOME/applutil

Copy new JDK folder (jdk1.7.0_181-i586) from installation directory to $IAS_ORACLE_HOME/applutil/jdk1.7.0_181-i586 .

in $IAS_ORACLE_HOME/applutil/ rename existing jdk directory (mv jdk jdk_old)
in $IAS_ORACLE_HOME/applutil/ rename new jdk1.7.0_181-i586 jdk directory (mv jdk1.7.0_181-i586 jdk)

Install Fonts

cp $FND_TOP/resource/ALBANYWT.ttf $IAS_ORACLE_HOME/appsutil/jdk/jre/lib/fonts
cp $FND_TOP/resource/ALBANWTJ.ttf $IAS_ORACLE_HOME/appsutil/jdk/jre/lib/fonts
cp $FND_TOP/resource/ALBANWTK.ttf $IAS_ORACLE_HOME/appsutil/jdk/jre/lib/fonts
cp $FND_TOP/resource/ALBANWTS.ttf $IAS_ORACLE_HOME/appsutil/jdk/jre/lib/fonts
cp $FND_TOP/resource/ALBANWTT.ttf $IAS_ORACLE_HOME/appsutil/jdk/jre/lib/fonts

apply patch 5659594 to 10.1.2 oracle home (opatch)

mv $ORACLE_HOME/jdk $ORACLE_HOME/jdk_old

In ORACLE_HOME:

cp -rp $IAS_ORACLE_HOME/appsutil/jdk .

apply patches (IN THIS ORDER) 16271876, 17907988, 17653437, 17645157, 16241466 to 10.1.2 home (opatch)

ignore conflict on 17653437

ignore conflict on 17645157

refer to 1569998.1 for make commands

Please create the below softlink:

cd $ORACLE_HOME/lib/stubs
ln -s libjvm-1.7-stub.so libjvm.so

cd $ORACLE_HOME/forms/lib
$ make -f ins_forms.mk sharedlib install

cd $ORACLE_HOME/reports/lib
$ make -f ins_reports.mk install

Run ADAdmin and select the Forms and Reports regeneration
1, 2 and 1,3

Enter the number of workers [X] :

take all defaults when asked

apply patches 27078378, 27208670 to 10.1.3 home (opatch)

27208670 could error due to no OUI 10.1 support

OPATCH_JAVA_ERROR=CheckConflict: OPatch cannot process overlay patches because of no OUI support. Please take latest OUI 10.1 patchset from “My Oracle Support” and try again.
Cannot check bug/file conflict and component prerequisite checks.

ERROR: OPatch failed during prerequisite check.

apply 6640838 using UltraVNC, refer to below note

How to patch OUI for installing overlay patches on top of Forms Bundle Patch – 9593176 (Doc ID 1301320.1)

source 10.1.3 home

./runInstaller -ignoreSysPrereqs

Once installed, then apply 27208670

apply patches 23645824, 22974534 (EBS patches – adpatch)

Punchout in Oracle iProcurement and Exchange Fails After Supplier Site Migrates From SSLv3 to TLS Protocol (with SSL Handshake SSLIOClosedOverrideGoodbyeKiss) (Doc ID 1937220.1)

apply patch 21473055 (EBS patch – adpatch)

source 10.1.3

/d01/oracle/SUPPORT1/apps/tech_st/10.1.3

Follow 376700.1 instructions for requesting a new certificate

copy files to $INST_TOP/certs/Apache: ca.crt, intermediate.crt, new.cnf, new.csr, server.crt, server.key

make $PATH and $LD_LIBRARY_PATH per 376700.1

export OPENSSL_CONF=$INST_TOP/certs/Apache/new.cnf

cat server.crt intermediate.crt ca.crt > opmn.crt

Copy files to custom directory and make changes as per 376700.1

cp -rp $FND_TOP/admin/template/opmn_xml_1013.tmp $FND_TOP/admin/template/custom/opmn_xml_1013.tmp

cp -rp $FND_TOP/admin/template/httpd_conf_1013.tmp $FND_TOP/admin/template/custom/httpd_conf_1013.tmp

cp -rp $FND_TOP/admin/template/ssl_conf_1013.tmp $FND_TOP/admin/template/custom/ssl_conf_1013.tmp

make file changes as per 5.2 Step 6 in 376700.1

Copy files to custom directory and make changes as per 376700.1

cp -rp $FND_TOP/admin/template/oc4j_properties_1013.tmp $FND_TOP/admin/template/custom/oc4j_properties_1013.tmp

cp -rp $FND_TOP/admin/template/oafm_oc4j_properties_1013.tmp $FND_TOP/admin/template/custom/oafm_oc4j_properties_1013.tmp

cp -rp $FND_TOP/admin/template/forms_oc4j_properties_1013.tmp $FND_TOP/admin/template/custom/forms_oc4j_properties_1013.tmp

make file changes as per 5.3 Step 1 in 376700.1

Run autoconfig and pray it all works

====================================================================
JDK_7_181_32bit & 10.1.2 Patches
For JDK 7 upgrade, follow the instructions in  (Doc ID 1467892.1)
====================================================================
27411505 --> JDK_7_181_32bit_27411505

1)12848228
2)16271876 -- Follow Read me
3)17907988 -- Follow Read me
4)17653437-- Follow Read me
5)17645157-- Follow Read me
6)16241466--- Follow Read me

====================================================================
10.1.3 Patches
Refer DOc: 376700.1 ,Step 5
====================================================================
1) 21845960-CPUOCT2015--> -- Follow Read me
2) 27078378
3) 22322938-- Support for Oracle Workflow
4) 6640838 -->OUI 10.1 : apply 6640838 using UltraVNC, refer to below note 1301320.1
5) 27208670
====================================================================
AD Pacthes
Refer DOc: 376700.1 ,Step 6
====================================================================

16545472
17309237
23645824
22974534 --NLS
27881758 --NLS
22724663 --NLS

TLS_JDK_Upgrade_7u181_32bit_workflog

http://123.srinalla.com:8011/OA_HTML/AppsLogin

apps4ebsdb
manager

/interface/patches/TLS_1.2_Patches
####################################################################################################################################################

Take backup of 10.1.3 and 10.1.2 Homes

appltst@of223:/ebsdb/tech_st $
cp -pr 10.1.3 10.1.3_bkp_after_jdk_upgrade &
cp -pr 10.1.2 10.1.2_bkp_after_jdk_upgrade &
####################################################################################################################################################
Apply 10.1.3 Oracle Home using Opatch.

====================================================================
10.1.3 Patches
Refer DOc: 376700.1 ,Step 5
====================================================================
1) 21845960-CPUOCT2015–> — Follow Read me
2) 27078378
3) 22322938– Support for Oracle Workflow
4) 6640838 –>OUI 10.1 : apply 6640838 using UltraVNC, refer to below note 1301320.1
5) 27208670

====================================================================
AD Pacthes
Refer DOc: 376700.1 ,Step 6
====================================================================

16545472
17309237
23645824
22974534 –NLS
27881758 –NLS
22724663 –NLS

——————————————————————————————————————>
1) Apply 21845960———————–>

echo $OPATCH_PLATFORM_ID
unset OPATCH_PLATFORM_ID

. $INST_TOP/ora/10.1.3/*.env;echo $ORACLE_HOME;
$ORACLE_HOME/OPatch/opatch lsinventory|grep 21845960
cd /interface/patches/TLS_1.2_Patches/10.1.3/21845960
export OPATCH_PLATFORM_ID=46
$ORACLE_HOME/OPatch/opatch napply
unset OPATCH_PLATFORM_ID

——————-WORKLOG…………………………
Applying patch 9273888…

Patching copy files…

Inventory is good and does not have any dangling patches.

Updating inventory…

Verifying patch…
Backing up comps.xml …

OPatch succeeded.

OPatch succeeded.
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/21845960 $

appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/21845960 $ unset OPATCH_PLATFORM_ID
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/21845960 $

——————————————————————————————————————>
2) 27078378

. $INST_TOP/ora/10.1.3/*.env;echo $ORACLE_HOME;
$ORACLE_HOME/OPatch/opatch lsinventory|grep 27078378
cd /interface/patches/TLS_1.2_Patches/10.1.3/27078378
$ORACLE_HOME/OPatch/opatch apply

——————-WORKLOG…………………………——————-WORKLOG…………………………
OPatch succeeded.
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27078378 $ $ORACLE_HOME/OPatch/opatch lsinventory|grep 27078378

1) Patch 27078378 applied on Fri Dec 07 01:04:10 EST 2018
[ Bug fixes: 22447165 25859264 27078378 24483815 ]
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27078378 $

——————————————————————————————————————>
3) 22322938

. $INST_TOP/ora/10.1.3/*.env;echo $ORACLE_HOME;
$ORACLE_HOME/OPatch/opatch lsinventory|grep 22322938
cd /interface/patches/TLS_1.2_Patches/10.1.3/22322938
$ORACLE_HOME/OPatch/opatch apply

——————-WORKLOG…………………………——————-WORKLOG…………………………

OPatch succeeded.
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/22322938 $ $ORACLE_HOME/OPatch/opatch lsinventory|grep 22322938
1) Patch 22322938 applied on Fri Dec 07 01:30:56 EST 2018
[ Bug fixes: 22322938 ]

——————————————————————————————————————>
4) 6640838

####################################################################################################################################################
OUI Pacth 6880880 ——————————–> GUI Setiings

Invoking fuser to check for active processes.

OPATCH_JAVA_ERROR=CheckConflict: OPatch cannot process overlay patches because of no OUI support. Please take latest OUI 10.1 patchset from “My Oracle Support” and try again.
Cannot check bug/file conflict and component prerequisite checks.
##########################################################
MobaXterm GUI Settings——————————————————————————————–>
[srinalla@of223 ~]$ xauth list
123.srinalla.com/unix:10 MIT-MAGIC-COOKIE-1 6bb0f2dd724792d1fa72abbb87f3c8a6
appltst@of223:~ $ xauth add 123.srinalla.com/unix:10 MIT-MAGIC-COOKIE-1 6bb0f2dd724792d1fa72abbb87f3c8a6
appltst@of223:~ $ xclock
——————————————————————————————–>
##########################################################
Download 32bit 10106 Version=========> p6640838_10106_LINUX.zip
. $INST_TOP/ora/10.1.3/*.env;echo $ORACLE_HOME;
mv $ORACLE_HOME/OPatch $ORACLE_HOME/OPatch.pre_6640838
unzip p6640838_10106_LINUX.zip
appltst@of223:/interface/patches/TLS_1.2_Patches $ cd cd/Disk1/install/
appltst@of223:/interface/patches/TLS_1.2_Patches/cd/Disk1/install $ chmod +x *
appltst@of223:/interface/patches/TLS_1.2_Patches/cd/Disk1/install $ ./runInstaller -ignoreSysPrereqs

Follow (Doc ID 1301320.1) –> for GUI steps

appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $ opatch version

Oracle Interim Patch Installer version 1.0.0.0.62
Copyright (c) 2009 Oracle Corporation. All Rights Reserved..

Oracle recommends you to use the latest OPatch version
and read the OPatch documentation available in the OPatch/docs
directory for usage. For information about the latest OPatch and
other support-related issues, refer to document ID 293369.1
available on My Oracle Support (https://myoraclesupport.oracle.com)

OPatch Version: 1.0.0.0.62
####################################################################################################################################################

5) 27208670

Follow Read me

. $INST_TOP/ora/10.1.3/*.env;echo $ORACLE_HOME;
$ORACLE_HOME/OPatch/opatch lsinventory|grep 27208670
cd /interface/patches/TLS_1.2_Patches/10.1.3/27208670
$ORACLE_HOME/OPatch/opatch apply

–> First time , we had error & rollbacked the patch as per
–> And pacth went fine

—————> Refer Error Details on below of Document

——————-WORKLOG…………………………——————-WORKLOG…………………………

Verifying patch…
Backing up comps.xml …

OPatch succeeded.
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $ $ORACLE_HOME/OPatch/opatch lsinventory|grep 27208670
1) Patch 27208670 applied on Tue Dec 11 10:51:12 EST 2018
[ Bug fixes: 27208670 22458773 24484104 ]

####################################################################################################################################################
Error Details for 27208670
####################################################################################################################################################

appltst@of223:~ $ $ORACLE_HOME/OPatch/opatch lsinventory|grep 27208670

appltst@of223:~ $ cd /interface/patches/TLS_1.2_Patches/10.1.3/27208670/
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $ $ORACLE_HOME/OPatch/opatch apply

Oracle Interim Patch Installer version 1.0.0.0.62
Copyright (c) 2009 Oracle Corporation. All Rights Reserved..

Oracle recommends you to use the latest OPatch version
and read the OPatch documentation available in the OPatch/docs
directory for usage. For information about the latest OPatch and
other support-related issues, refer to document ID 293369.1
available on My Oracle Support (https://myoraclesupport.oracle.com)

Oracle Home : /ebsdb/tech_st/10.1.3
Oracle Home Inventory : /ebsdb/tech_st/10.1.3/inventory
Central Inventory : /im/finupg/oraInventory
from : /etc/oraInst.loc
OUI location : /ebsdb/tech_st/10.1.3/oui
OUI shared library : /ebsdb/tech_st/10.1.3/oui/lib/linux/liboraInstaller.so
Java location : /ebsdb/tech_st/10.1.3/jre/1.4.2/bin/java
Log file location : /ebsdb/tech_st/10.1.3/.patch_storage//*.log

Creating log file “/ebsdb/tech_st/10.1.3/.patch_storage/27208670/Apply_27208670_12-11-2018_10-43-00.log”

Invoking fuser to check for active processes.

Patch “27208670” overlays ” 21845942 “. Conflict check between them is skipped.

Backing up comps.xml …

OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.

Please shut down Oracle instances running out of this ORACLE_HOME
(Oracle Home = /ebsdb/tech_st/10.1.3)
Is this system ready for updating?
Please respond Y|N >
Y
Applying patch 27208670…

Patching copy files…

OPatch encounters the following issues during file patching:
The following files had problems with being patched:
1. /ebsdb/tech_st/10.1.3/opmn/bin/opmn
[ Couldn’t copy /interface/patches/TLS_1.2_Patches/10.1.3/27208670/files/opmn/bin/opmn to /ebsdb/tech_st/10.1.3/opmn/bin/opmn from /interface/patches/TLS_1.2_Patches/10.1.3/27208670. ]

Replying ‘Y’ will terminate the patch installation immediately. It WILL NOT restore any updates that have been performed to this point. It WILL NOT update the inventory.
Replying ‘N’ will update the inventory showing the patch has been applied.
NOTE: After replying either ‘Y’ or ‘N’ it is critical to review:
My Oracle Support Note 312767.1 How to rollback a failed Interim patch installation.
Do you want to STOP?
Please respond Y|N >
N

Inventory is good and does not have any dangling patches.

Updating inventory…

Verifying patch…
Verifying that patch ID is in Oracle Home inventory.
Verifying copy files.

Comparing “/interface/patches/TLS_1.2_Patches/10.1.3/27208670/files/opmn/bin/opmn” and “/ebsdb/tech_st/10.1.3/opmn/bin/opmn”
Source file name is : /interface/patches/TLS_1.2_Patches/10.1.3/27208670/files/opmn/bin/opmn, size is : 501295
Destination file name(from OracleHome) is : /ebsdb/tech_st/10.1.3/opmn/bin/opmn, size is : 509724
Copy failed: failed to update “/ebsdb/tech_st/10.1.3/opmn/bin/opmn” with updated “/interface/patches/TLS_1.2_Patches/10.1.3/27208670/files/opmn/bin/opmn”

Comparing “/interface/patches/TLS_1.2_Patches/10.1.3/27208670/files/opmn/lib/libopmnoraclessl.so” and “/ebsdb/tech_st/10.1.3/opmn/lib/libopmnoraclessl.so”

Comparing “/interface/patches/TLS_1.2_Patches/10.1.3/27208670/files/opmn/lib/libopmnopenssl.so” and “/ebsdb/tech_st/10.1.3/opmn/lib/libopmnopenssl.so”

Comparing “/interface/patches/TLS_1.2_Patches/10.1.3/27208670/files/opmn/lib/libmodapi.so” and “/ebsdb/tech_st/10.1.3/opmn/lib/libmodapi.so”
There are 1 issues copying files to Oracle Home.
FILE PROBLEM: some files are not patched.
OPATCH_JAVA_ERROR: Patch was not successfully applied.
Verification of the patch failed.

ERROR: OPatch failed as verification of the patch failed.
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $ opatch version

Oracle Interim Patch Installer version 1.0.0.0.62
Copyright (c) 2009 Oracle Corporation. All Rights Reserved..

Oracle recommends you to use the latest OPatch version
and read the OPatch documentation available in the OPatch/docs
directory for usage. For information about the latest OPatch and
other support-related issues, refer to document ID 293369.1
available on My Oracle Support (https://myoraclesupport.oracle.com)

OPatch Version: 1.0.0.0.62

appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $ $ORACLE_HOME/OPatch/opatch lsinventory|grep 27208670
1) Patch 27208670 applied on Tue Dec 11 10:48:26 EST 2018
[ Bug fixes: 27208670 22458773 24484104 ]

appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $ opatch rollback -id 27208670

Oracle Interim Patch Installer version 1.0.0.0.62
Copyright (c) 2009 Oracle Corporation. All Rights Reserved..

Oracle recommends you to use the latest OPatch version
and read the OPatch documentation available in the OPatch/docs
directory for usage. For information about the latest OPatch and
other support-related issues, refer to document ID 293369.1
available on My Oracle Support (https://myoraclesupport.oracle.com)

Oracle Home : /ebsdb/tech_st/10.1.3
Oracle Home Inventory : /ebsdb/tech_st/10.1.3/inventory
Central Inventory : /im/finupg/oraInventory
from : /etc/oraInst.loc
OUI location : /ebsdb/tech_st/10.1.3/oui
OUI shared library : /ebsdb/tech_st/10.1.3/oui/lib/linux/liboraInstaller.so
Java location : /ebsdb/tech_st/10.1.3/jre/1.4.2/bin/java
Log file location : /ebsdb/tech_st/10.1.3/.patch_storage//*.log

Creating log file “/ebsdb/tech_st/10.1.3/.patch_storage/27208670/RollBack_27208670_12-11-2018_10-50-20.log”

Invoking fuser to check for active processes.

Backing up comps.xml …

OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.

Please shut down Oracle instances running out of this ORACLE_HOME
(Oracle Home = /ebsdb/tech_st/10.1.3)
Is this system ready for updating?
Please respond Y|N >
Y
Removing patch 27208670…

Restoring copied files…

Updating inventory…
Backing up comps.xml …

Inventory is good and does not have any dangling patches.

OPatch succeeded.
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $ $ORACLE_HOME/OPatch/opatch lsinventory|grep 27208670

appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $ $ORACLE_HOME/OPatch/opatch apply

Oracle Interim Patch Installer version 1.0.0.0.62
Copyright (c) 2009 Oracle Corporation. All Rights Reserved..

Oracle recommends you to use the latest OPatch version
and read the OPatch documentation available in the OPatch/docs
directory for usage. For information about the latest OPatch and
other support-related issues, refer to document ID 293369.1
available on My Oracle Support (https://myoraclesupport.oracle.com)

Oracle Home : /ebsdb/tech_st/10.1.3
Oracle Home Inventory : /ebsdb/tech_st/10.1.3/inventory
Central Inventory : /im/finupg/oraInventory
from : /etc/oraInst.loc
OUI location : /ebsdb/tech_st/10.1.3/oui
OUI shared library : /ebsdb/tech_st/10.1.3/oui/lib/linux/liboraInstaller.so
Java location : /ebsdb/tech_st/10.1.3/jre/1.4.2/bin/java
Log file location : /ebsdb/tech_st/10.1.3/.patch_storage//*.log

Creating log file “/ebsdb/tech_st/10.1.3/.patch_storage/27208670/Apply_27208670_12-11-2018_10-50-53.log”

Invoking fuser to check for active processes.

Patch “27208670” overlays ” 21845942 “. Conflict check between them is skipped.

Backing up comps.xml …

OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.

Please shut down Oracle instances running out of this ORACLE_HOME
(Oracle Home = /ebsdb/tech_st/10.1.3)
Is this system ready for updating?
Please respond Y|N >
Y
Applying patch 27208670…

Patching copy files…

Inventory is good and does not have any dangling patches.

Updating inventory…

Verifying patch…
Backing up comps.xml …

OPatch succeeded.
appltst@of223:/interface/patches/TLS_1.2_Patches/10.1.3/27208670 $ $ORACLE_HOME/OPatch/opatch lsinventory|grep 27208670
1) Patch 27208670 applied on Tue Dec 11 10:51:12 EST 2018
[ Bug fixes: 27208670 22458773 24484104 ]

#notes