Monday, February 14, 2011

Generate Key store 2048 in Websphere application server 6.x

Hello Everyone,

Last week one of my consultant had issues with creating SSL certificate 2048 in Websphere Application server v6.

We had apply some workaraounds for the same.


Problem discription :

The iKeyman utility within IBM HTTP Server V6.0 does not provide the option to create a certificate request (CSR) 2048 key size

After a CMS key database has been created using the iKeyman utility, in the task of creating a certificate request, the key size options listed are 512 and 1024.

After searching on google and IBM site we have found following cause :

By default, the iKeyman utility uses the Java 1.4 version of the gskikm.jar file installed with IBM HTTP Server V6.0. The file is located in the following directory:

/_jvm/jre/lib/ext/

The classes within this version of the gskikm.jar file only supply the key size options of 512 and 1024. By renaming and moving the gskikm.jar file from its default location, the iKeyman utility will load the Global Security Toolkit (GSKit) v7 classes providing an additional key size of 2048.


So for Resolving the problem we had Followed steps:

1. Stop the iKeyman utility.

2. Ensure the GSKit is installed with IBM HTTP Server V6.0, and has a 7.0.3.18 or higher version to support a key size of 2048. Applying the latest available IBM HTTP Server V6.0 fix pack will upgrade the GSKit V7 to a higher version.

OR

From the IBM HTTP Server Fixes web site, download and manually install the latest GSKit V7.0.4.28 ( PM07113 - IHS Version 6). A readme file will be included with instruction on how to install GSKit on a UNIX or Windows platform.

3. Rename and move the /_jvm/jre/lib/ext/gskikm.jar file to a directory that is not detectable to the JDK class path, extdirs, or bootclasspath.

For example:

From:

/_jvm/jre/lib/ext/gskikm.jar

To:

/_jvm/jre/lib/ext/gskfiles/gskikm.jar.org

4. Restart the iKeyman utility.

5. Follow the create a certificate request task and select the Key Size

Now we can see key size 2048 with 512 and 1024, before troubleshooting this problem i was not aware of this reasons.

So finally we resolve the issue and thanks to google and IBM site..... :)

Enjoy wroking with Middleware... Hope it will help you,,,


Regards,
Ajinkya Vichare
Posted by at 1 comment:

How to create E-mail notification in Weblogic using WebLogic Diagnostics Framework (WLDF)

Dear All,


Today we will discuss about Weblogic diagnostics and framework. and how to configure mail notification on Weblogic.
Actually i came across one of the requirement where we configure e-mail notifications for different-different purposes, now will discuss about Heap_size notifications.

WebLogic Diagnostics Framework (WLDF) – Watch & Notification

One of the features of WLDF is Watch and Notification. You can configure server(s) with watch condition and respective notification(s) to be sent if the watch conditions are met. For example, if the number of request waiting on a JDBC Data Source to grab a connection exceeds 10 and if the free heap in the server is less than 5% then you can trigger a notification.

The notification can be one or more of the following types:

* JMX Notification - Application(s) can register notification listener with WLDF to receive notifications.
* JMS Notification - WLDF can post a message to JMS destination to alert the situation which can be consumed by a message listener or MDBs to further processing.
* SNMP Notification - SNMP traps can be sent to alert SNMP managers.
* SMTP Notification - Email notifications through a Java Mail session.
* Image Notification - Generates a server image which contains information from different subsystem during the watch.

Creating JavaMail Session

First step is to make sure that the underlying resources for the notification are setup. In this case we are going to use SMTP notification so let us first create the Java Mail Session to connect to Mail Server.

1. Click "Lock & Edit" to acquire a configuration lock

2. Expand Services > Mail Sessions and click "New" to create a new Java Mail Session.

3. Provide Name, JNDI Name and JavaMail Properties as follow:

4. Name - WL-MailSession

5. JNDI Name - com.test.MailSession

6. JavaMail Properties:

mail.transport.protocol=smtp
mail.host=hostname_smtp
mail.user=admin
mail.password=password
mail.port=(port_number)
mail.from=admin@domain.com

(Note : The port number of the mail server for the specified protocol. If not specified the protocol's default port number is used.
mail.protocol.port=port_number)


So We can use following mail property



7. Click next to target the mail session to a server (Eg. AdminServer or mange_server1) and click finish.

8. Activate the changes by clicking "Activate Changes".



Creating WLDF Module

Next step in configuring watch and notification is to create a diagnostic module and target it to the server. You can use console or WLST to create a diagnostic module. The following steps illustrate the steps to create a WLDF system module:

1. Click "Lock & Edit" to acquire a configuration lock

2. Click Diagnostics > Diagnostics Modules and click "New" to create a new diagnostics module. Provide a name and description.

3. Name - Mail_WLDF_Module

4. Description - This is a WLDF module for testing email notifications

5. Select the newly created module and select targets tab. Select the appropriate server for target as before

6. Click "Save" and "Activate"


Creating Watch & Notification

Each WebLogic Server instance can be configured with only one diagnostic module but you can target the same diagnostic module to multiple servers or clusters. Once the WLDF system module is created and targeted to the appropriate server then watches and notifications can be configured. The following steps illustrate how to create a Watch and a Notification.

To create a watch:

1. Click "Lock & Edit" to acquire a configuration lock

2. Navigate to the diagnostic module created above (Mail_WLDF_Module) and select the "Watches and Notifications" tab and "Watches" sub-tab (if not already selected)

3. Click "New" to create a new Watch. Provide the name and select the type as "Collected Metrics" [Select "Collected Metrics" for inspecting Runtime MBean values, "Server Log" to watch log data and "Event Data" to watch instrumented data]

4. Name - Heap_Notification

5. Watch Type - Collected Metrics

6. Enable Watch - Selected

7. Click "Next"

8. Click "Add Expressions"

9. Ensure that "ServerRuntime" is selected and click "Next"

10. If you are running WebLogic Server on Java HotSpot VM, make sure
"Select an MBean Type from the following list" is selected and select "weblogic.management.runtime.JVMRuntimeMBean" and click "Next".

If you are using JRockit VM, make sure "Select an MBean Type from the following list" is selected and select "weblogic.management.runtime. JRockitRuntimeMBean" and click "Next".

11. Select the instance for the appropriate server from the list for "Instance" and click "Next"

12. For "Message Attribute" select "HeapFreePercent", "<" for "Operator" and type "85" for "Value". Click "Finish" twice to create a Watch 13. Activate the changes The above watch will trigger the configured notification if the percentage of free heap is less than 90. You could make complex rule expression by combining multiple attributes from different MBean. For now we haven't configured any notification for this watch. We will create the notification and will associate it to the watch in the following steps. To create a notification:

1. Click "Lock & Edit" to acquire a configuration lock

2. Navigate to the diagnostic module created above and select the "Watches and Notifications" tab and "Notification" sub-tab

3. Click "New" to create a new Notification

4. Select "SMTP (E-Mail) for Type and click "Next"

5. Provide a name - Email_Notification. Make sure the notification is enabled and click "Next".

6. Configure the following properties for the "Config Notification - SMTP Properties" page

7. Mail Session Name - MailSession01

8. E-Mail Recipients - admin@localhost

9. Click "Finish".

10. Activate the changes



To associate the watch and the notification:

1. Click "Lock & Edit" to acquire a configuration lock

2. Navigate to the diagnostic module created above (Mail_WLDF_Module) and select the "Watches and Notifications" tab and "Watches" sub-tab (if not already selected)

3. Select the watch you created earlier - Heap_Notification

4. Select the "Notifications" tab and move the "Email_Notification" from Available to Chosen

5. Click "Save"

6. Select the "Alarms" tab and select "Use an automatic reset alarm". Set the "Automatic reset period" to 6 and click "Save". This will ensure that the notifications are at least 90 seconds apart.

7. Click "Activate Changes"


As we configured the watch type to be Collected Metrics, the attributes involved in the watch rule will be harvested and tested for watch rule expression(s). The default sampling period for the harvester is 300,000 milliseconds (or 5 minutes). So the time between samples will be 5 minutes. To change the sampling period for metrics collection:

1. Click "Lock & Edit" to acquire a configuration lock

2. Navigate to the diagnostic module created above (Mail_WLDF_Module) and select the "Collected Metrics" tab

3. Ensure that "Enabled' check-box is selected

4. Change the "Sampling Period" as "120000" so that it will collect samples once every two minute


I hope it will help you in creating notifications.


[NOTE : change settings/names and properties as per your requirements. It could have some mismatch in above blogs]


Enjoy working in Middleware...... Cheerzzzz

Regards,
Ajinkya
Posted by at 19 comments:
Subscribe to: Posts (Atom)