Monthly Archives: August 2016

Install SMP3 with Oracle DB

Posted on by

The following procedure for installing SMP3 with an Oracle DB is for Linux. For tests, you can use Oracle Express. Check your environment/company if you can use that version.

Prerequisites

Ensure that Oracle XE is up and running. It is important that the tnslistener is working! Run the listener and check the status:

/u01/app/oracle/product/11.2.0/xe/bin/lsnrctl status

Configure installation parameters

The steps are documented at SAP Help. You’ll have to edit the SilentInstall_Linux.txt file and adjust the installation parameters.

vim SilentInstall_Linux.txt

For Oracle, you’ll need to change these parameters (at the end, you’ll find a complete example file):

Activate that SMP3 uses an external DB

-V developerInstall="false"
-V productionInstall="true"
-V sqlaEmbeddedDB="false"
-V existDB="true"

Inform the Oracle XE connection parameters

-V existDBType="oracle-sid"
-V dbHostName="localhost"
-V dbPortNumber="1521"
-V dbLogin="gomobile"
-V dbPassword="secret"
-V dbDBName="XE"

Inform the JDBC driver location

-V jdbcDriver="/u01/app/oracle/product/11.2.0/xe/jdbc/lib/ojdbc6.jar"

Prepare Oracle DB

Form the above connection parameters you can see that SMP3 is going to use the user gomobile with the password secret to connect itself to Oracle XE. This means that the user with the password and a schema must be created in the DB. SMP3 comes with a SQL script for Oracle that does exactly that. The script is located at /db_tools/db/oracle/smp3/sql. The file is 001_SMP3_drop_and_create_user.DDL The file contains the SQL statements to create the user with the right permissions:

CREATE ROLE SY365_OBJOWNER;
GRANT CREATE SEQUENCE TO SY365_OBJOWNER;
GRANT CREATE SESSION TO SY365_OBJOWNER;
GRANT CREATE SYNONYM to SY365_OBJOWNER;
GRANT CREATE TABLE TO SY365_OBJOWNER;
GRANT CREATE VIEW TO SY365_OBJOWNER;
GRANT CREATE PROCEDURE TO SY365_OBJOWNER;
GRANT CREATE SEQUENCE TO SY365_OBJOWNER;
GRANT CREATE TRIGGER TO SY365_OBJOWNER;
GRANT CREATE INDEXTYPE TO SY365_OBJOWNER;
DROP USER GOMOBILE CASCADE;
CREATE USER GOMOBILE
IDENTIFIED BY secret
DEFAULT TABLESPACE USERS
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
ACCOUNT UNLOCK;
-- 2 Roles for GOMOBILE
GRANT SY365_OBJOWNER TO GOMOBILE;
GRANT CREATE SESSION TO GOMOBILE;
GRANT CONNECT TO GOMOBILE;
ALTER USER GOMOBILE DEFAULT ROLE ALL;
-- 1 Tablespace Quota for GOMOBILE
ALTER USER GOMOBILE QUOTA UNLIMITED ON USERS;

You’ll have to add the command EXIT; at the end of the file

To run the SQL script, run:

sqlplus system/Sap123 @001_SMP3_drop_and_create_user.DDL > smp3.log
  • Note: Sap123 is the password for the user system.

Output is written to smp3.log

SQL*Plus: Release 11.2.0.2.0 Production on Wed Aug 24 21:37:08 2016
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
Role created.
Grant succeeded.
[…]
DROP USER GOMOBILE CASCADE
ERROR at line 1:
ORA-01918: user 'GOMOBILE' does not exist
User created.
Grant succeeded.
[…]
User altered.
User altered.

The error regarding DROP user is normal, as the user gomobile hasn’t been created before, so there is no user to drop.

Run installer

With the above steps done, SMP3 installer is ready to be run.

./SilentInstall_Linux.sh

The output will contain information regarding the Oracle DB:

dbg, existDBType:oracle-sid
WARNING: Selecting this option confirms SMP database is already created
dbg, jdbcDriver: /u01/app/oracle/product/11.2.0/xe/jdbc/lib/ojdbc6.jar
dbg, jdbcDriver fullFileName: /u01/app/oracle/product/11.2.0/xe/jdbc/lib/ojdbc6.jar
dbg, jdbcDriverFile: /sap/SAP/MobilePlatform3/Util/ojdbc6.jar
dbg, ojdbc6.jar will be renamed to ojdbc.jar in the installation
dbg, queryExit:oracle-sid localhost gomobile [pwd entered] 1521 XE
dbg, Ping succcesful: 0
dbg, smpDataExists:false
dbg, New node install

If everything works fine, you’ll get a confirmation message at the end of the installation.

Installation Successful

Validation

SAP Help contains some information on how to validate the installation. You can search for error message in the installation log, but when an error occurs, normally the installer stops. My preferred way to check SMP3 is to start the server and see if I can log on, create apps, etc. Base test is therefore to start SMP3 and to log on.

Let the world know

Online Certificate Status Protocol

Posted on by

Online Certificate Status Protocol, or short: OCSP, let you obtain the revocation status of a certificate. It has some benefits over certification revocation lists, mainly that you can let the OCSP server do the heavy work of validating a certificate and the client gets some additional security when accepting the answer. To use OCSP in your landscape, you will have to install and configure an OCSP responder. I did this for my sandbox SMP3 system. Here are the links that contain the information on how to set up your own OCSP responder on your Microsoft CA server.

My walkthrough

Hope you find the links useful.

Additional OCSP information

Here are some more links that I consulted when setting up my OCSP responder. All are from Microsoft and treat information regarding OCSP on a Microsoft server and CA.

About

Implementing OCSP responder part 1 – introducing OCSP

OCSP installation and configuration

Designing and implementing a PKI part 2

Designing and implementing a PKI part 3

Designing and implementing a PKI part 4

Designing and implementing a PKI part 5

Windows Server

Online Responder Installation, Configuration, and Troubleshooting Guide

AD CS: Online Certificate Status Protocol Support

Configure a CA to Support OCSP Responders

Let the world know

Deactivating HTTPS for localhost for Chrome

Posted on by

I recently got a new company laptop. While this is generally great news, it means to go through a lot of configurations to adopt the standard image to my needs. One thing I noticed was that after installing a local http server, that Chrome won’t connect to http://localhost:8080, but instead goes to https://localhost:8080. Chrome loves security so much, that is switches to TLS even on a localhost connection. Now, this is not exactly how I can work. I cannot – but would love to – install a valid TLS certificate on all my localhost web servers. This is too much work and most of those servers are short living.

How can you disable the automatic switch to TLS done by Chrome?

It seems that this comes from HTST. Therefore, creating an exception is enough to not let Chrome make this TLS switch again.

First, check if HTST is active for localhost

  1. Access chrome://net-internals/#hsts in Chrome

  2. Go to query domain and search for localhost

  3. Check the result. If you get some results, HTST is active for localhost

Deactivate HTST for Localhost

  1. Access chrome://net-internals/#hsts in Chrome
  2. In the delete domain section, insert localhost

  3. Validate the deletion by searching again for localhost. You should new get not found.

Let the world know

Install Oracle Express 11G R2 on CentOS 7

Posted on by

Preparations

Install some additional packages via yum to ensure that the installation and execution of the database will work. The list may differ, depending on the actual version of CentOS you are using, but the internet gave me back the following packages and you should be on the safe side.

yum update
yum install unzip libaio bc flex

Download

Before using the express edition, make yourself familiar with the license and usage restriction this edition is shipped with. If it still fits your needs, be aware that CentOS is not on the list of officially supported Linux distributions. You are on your own. Download Oracle Express 11G R2 from Oracle. It`s a 308MB file.

The downloaded file is a zipped RPM package; first step is to unzip the file.

unzip oracle-xe-11.2.0-1.0.x86_64.rpm.zip

This gives you a new directory called Disk1. This folder contains the installation RPM.

Installation

Go to the folder and install the RPM via rpm tool.

cd Disk1
rpm -ivh oracle-xe-11.2.0-1.0.x86_64.rpm

After the installation, you`ll be prompted to configure the database.

Configuration

Run the tool /etc/init.d/oracle-xe to configure the database.

/etc/init.d/oracle-xe configure

Configure the port

Specify the port of the listener

Inform the system user password. Be sure to note this down somewhere or to really remember it!!!

Specify if you want the database to be started at boot time.

The configuration should now start automatically and only take a few minutes to complete.

The database is install at /u01/app/oracle/product/11.2.0/xe/

The oracle_env script is in the folder bin.

Oracle Express 11G R2 is also started and using ps –ef you can see the processes running.

That`s it, Oracle Express 11G R2 is now installed on CentOS.

Let the world know