Sunday, January 31, 2016

Oracle API Gateway : Getting started with FTPS server

In this blog post I going demonstrate how to create a FTPS server inside the Oracle API Gateway (OAG).

Below are the steps required to create FTPS server:

  • Generate SSL certificate for ftps server
  • Configure SSL certificate in OAG
  • Create ftps Incoming file policy
  • Create Password Authentication Policy
  • Create User in OAG
  • Configure ftps server in OAG
  • Test and verify ftps connection using client

Generate SSL certificate for ftps server

You need openssl to create ssl certificate. you can download the openssl from here : https://www.openssl.org/source/

Please follow below blog post to configure ssl certificate

http://www.codeconfuse.com/2016/01/how-to-generate-ssl-certificate-using.html

Configure SSL certificate in OAG

  • Open policy studio --> Go to Certificates and Keys --> Certificates --> Click on Create/Import



  • Import the certificate that you have created above, click on import certificate



  • Go to Private Key tab and import the private key

  • Click Ok and finish the certificate import wizard.

Create FTPS incoming file policy

This policy is used to handle the incoming file coming from the ftps client and this is required to create ftps server listener.
  • Under Policies --> Create container "File Transfer" --> Right click and Add Policy, give the name of the policy "FTPS Incoming"
  • Open the FTPS Incoming policy, from the right menu go to Routing --> drag n drop "Save to File" filter.


Note: For the demonstration purpose I am saving the file in local server, you can use other filters according to your usecases.

  • Open "Save to File" filter and configure as below
Create Password Authentication Policy

This policy required to authenticate the client using username and password.

  • Add new policy similary created for FTPS Incoming policy, give the name "Password Authentication"
  • Open the policy, from right menu go to Authentication --> drag n drop Attribute Authentication and configure as below

  • Click Finish.

Create a User in OAG
  • Go to Users and Groups --> Users --> Click on Add, add new user weblogic.


  • Click Ok.
Configure FTPS server in OAG
  • Go to Listeners --> Oracle API Gateway --> Right Click and selct "Add File Transfer Service"
  • Configure as shown below

  • Select Password Authentication policy and FTPS Incoming policy as shown in the picture above
  • Select the IA server Cert that you have created above.
  • The directory used above is default directory, you can change this directory by putting folder name like ${environment.VINSTDIR}/file-transfer/in/weblogic

Test FTPS server connection

You can use any client like Filezilla or WinScp to test the FTPS connection. 
Use the user weblogic that is created in Oracle API Gateway.

Reference
  • https://docs.oracle.com/cd/E39820_01/doc.11121/gateway_docs/content/general_file_transfer.html

Friday, January 29, 2016

java.lang.Error: Critical Error. Failed to write transaction file /osb/configfwk/core_wls_osb1/_xact_ctrl.ih

Sometimes when you deployed the osb project using /sbconsole you will get the following exception while activating the project i.e.


Cause: 

The possible reason for this exception is the disk is full

Solution:

Check the disk space using the follwoing command

df -h

if the disk is full, then empty the space by deleting the logs file.

Saturday, January 23, 2016

Oracle API Gateway 12c : Getting started with SFTP server

In this blog post I going demonstrate how to create a SFTP server inside the Oracle API Gateway (OAG).

Below are the steps required to create SFTP server:

  • Generate SSL certificate for sftp server
  • Configure SSL certificate in OAG
  • Create SFTP Incoming file policy
  • Create Password Authentication Policy
  • Create User in OAG
  • Configure SFTP server in OAG
  • Test and verify SFTP connection using client


Generate SSL certificate for sftp server

You need openssl to create ssl certificate. you can download the openssl from here : https://www.openssl.org/source/

Please follow below blog post to configure ssl certificate

http://www.codeconfuse.com/2016/01/how-to-generate-ssl-certificate-using.html

Configure SSL certificate in OAG

  • Open policy studio --> Go to Certificates and Keys --> Certificates --> Click on Create/Import



  • Import the certificate that you have created above, click on import certificate




  • Go to Private Key tab and import the private key

  • Click Ok and finish the certificate import wizard.

Create SFTP Incoming Policy

This policy is used to handle the incoming file coming from the sftp client and this is required to create sftp server listener.
  • Under Policies --> Create container "File Transfer" --> Right click and Add Policy, give the name of the policy "SFTP Incoming"
  • Open the SFTP Incoming policy, from the right menu go to Routing --> drag n drop "Save to File" filter.

Note: For the demonstration purpose I am saving the file in local server, you can use other filters according to your usecases.

  • Open "Save to File" filter and configure as below



Create Password Authentication Policy

This policy required to authenticate the client using username and password.

  • Add new policy similary created for SFTP Incoming policy, give the name "Password Authentication"
  • Open the policy, from right menu go to Authentication --> drag n drop Attribute Authentication and configure as below

  • Click Finish.

Create a User in OAG
  • Go to Users and Groups --> Users --> Click on Add, add new user weblogic.


  • Click Ok.

Configure SFTP server in OAG


  • Go to Listeners --> Oracle API Gateway --> Right Click and selct "Add File Transfer Service"
  • Configure as shown below


  • Select Password Authentication policy and SFTP Incoming policy as shown in the picture above
  • Select the IA server Cert that you have created above.
  • The directory used above is default directory, you can change this directory by putting folder name like ${environment.VINSTDIR}/file-transfer/in/weblogic

Test SFTP server connection

You can use any client like Filezilla or WinScp to test the SFTP connection. 
Use the user weblogic that is created in Oracle API Gateway.

Reference
  • https://docs.oracle.com/cd/E39820_01/doc.11121/gateway_docs/content/general_file_transfer.html


How to generate ssl certificate using openssl

This blog post is about how to create ssl certificate using openssl. you require openssl software to create certificate so you can download the openssl binaries from here
https://www.openssl.org/source/

Below are the steps required to create ssl certificate

  • Create Root CA Key
  • Create Root CA based on the CA Key
  • Create Subordinate certificate key
  • Create subordinate certificate request 
  • Signed the subordinate certificate with the Root CA


Create Root CA Key

genrsa -out ca.key 1024

This command create 1024-bit key with no password







genrsa -des3 -out ca.key 1024

This command generate 1024-bit key with password




Create Self Signed Root CA

req -new -x509 -days 730 -key ca.key -out ca.crt

ca.crt is root ca which is valid for 2 years.

Create subordinate certificate key

genrsa -out ia.key 1024

The key generated is 1024-bit with no password, you can create with password as created above for  Root CA.

Note: Size of the key should be same

Create subordinate certificate request

req -new -key ia.key -out ia.csr


Signed subordinate certificate with Root CA

x509 -req -days 365 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt



This is a signed certificate valid for 1 year and used for actual signing. so use the ia.crt as certificate and ia.key its private key.