ENABLE TLS EBS 12.

1 and JRE Upgrade

Author: Venkata Gogineni

Creation Date: Mar 24th 2020
Last Updated: Jun 27th 2020
Control Number:
Version: 3.2

Approvals:

Rackspace Project Bhargava Chakravarthy

Manager

Client Project Manager

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 1
Document Control

Change Record

Date Author Version Change Reference

Mar 24th Venka
Venkata 3.0 initial
2020 Gogineni
Mar 29th Venkata 3.1 Updated JRE upgrade steps.
2020 Gogineni
Jun 27th 2020 Venkata 3.2 Updated JDK known issue fix
Gogineni

Reviewers

Name Position

Venkat Jagannathan Project Manager, Tricore Solutions

Distribution

Copy No. Name Location

1
2
3
4

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 2
TABLE OF CONTENTS

NETWORK TEAM STEPS.......................................................................................................................... 4

JDK UPGRADE.............................................................................................................................................. 5
IMPORT CERT TO DB WALLET............................................................................................................ 15
JRE UPGRADE:........................................................................................................................................... 17

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 3
Enabling TLS in Oracle E-Business Suite Release 12.1 (Doc ID 376700.1)

Stop All the services and take backup of DB OH, Data Base and APPS FS – This is required for
PRODUCTION.

Network Team steps

Please request Network team to update LBR changes. As per instance, Please update the sheet. TJTAI
file attached.

Please update network team to “Need to update Persistence type to SOURCEIP”

After network team LBR update, output should be like as below.

++++++++++++++++++++++++++++++++++++++++
jta-V_ebstst.tcs.jtafl.com_tcp4444 (10.177.154.10:4444) - SSL Type: ADDRESS
State: UP
Last state change was at Tue Mar 24 14:46:30 2020
Time since last state change: 0 days, 00:00:20.10
Effective State: UP
Client Idle Timeout: 180 sec
Down state flush: ENABLED
Disable Primary Vserver On Down : DISABLED
Appflow logging: ENABLED
No. of Bound Services : 2 (Total) 2 (Active)
Configured Method: LEASTCONNECTION
Current Method: Round Robin, Reason: Bound service's state changed to UP BackupMethod:
ROUNDROBIN
Mode: IP
Persistence: NONE
Vserver IP and Port insertion: OFF
Push: DISABLED Push VServer:
Push Multi Clients: NO
Push Label Rule: none
L2Conn: OFF
Skip Persistency: None
Listen Policy: NONE
IcmpResponse: PASSIVE

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 4
 RHIstate: PASSIVE
New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0
Mac mode Retain Vlan: DISABLED
DBS_LB: DISABLED
Process Local: DISABLED
Traffic Domain: 0
TROFS Persistence honored: ENABLED
Retain Connections on Cluster: NO

Bound Service Groups:

1) Group Name: jta-G_ebstst.tcs.jtafl.com_tcp4444

1) jta-G_ebstst.tcs.jtafl.com_tcp4444 (10.177.154.6: 4444) - SSL State: UP Weight: 1

2) jta-G_ebstst.tcs.jtafl.com_tcp4444 (10.177.154.7: 4444) - SSL State: UP Weight: 1
Done
+++++++++++++++++++++++++++++++++++++

Please check on both 02 and 03 servers. 10.177.154.10 should be updated. If it is new IP,

Please update network team to update SDNS

Please update SA team to update host file.

[appci@nchljta02 forms_default_group_1]$ grep -i 10.177.154.10 /etc/hosts

10.177.154.10 ebstst.tcs.jtafl.com

[appci@nchljta03 forms_default_group_1]$ grep -i 10.177.154.10 /etc/hosts

10.177.154.10 ebstst.tcs.jtafl.com

Patch location - /u01/app/Patches/1586826

JDK upgrade
Step 1 - Upgrade to latest Java Development Kit (JDK) 7.

Download Latest JDK 7.0 Update ( 1439822.1)

================================

Current version [appti@nchljta02 bin]$ ./java -version

java version "1.7.0_80"

p28916517_170211_LINUX.zip Oracle JDK 7u211

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 5
on 10.1.3 (IAS_ORACLE_HOME)

===========================

1) cd [IAS_ORACLE_HOME]/appsutil

2) mv jdk jdk_old

3) Copy latest JDK to [IAS_ORACLE_HOME]/appsutil

4) mv jdk1.7.0_211 jdk

Rename Existing JRE Directories

=================================

mv [IAS_ORACLE_HOME]/jre/1.4.2 [IAS_ORACLE_HOME]/jre/1.4.2_old

Install Albany (Display) Font

===============================

cd $FND_TOP/resource

cp ALBAN* $IAS_ORACLE_HOME/appsutil/jdk/jre/lib/fonts

Upgrading to Latest JDK 7.0 in OracleAS 10.1.2 Oracle_Home

============================================================

Replace JDK Home Used With Oracle E-Business Suite Release 12

====================================================

1) cd $ORACLE_HOME (10.1.2)

2) mv jdk jdk_old

3) Copy latest JDK to $ORACLE_HOME

4) mv jdk1.7.211 jdk

[appti@nchljta02 ~]$ . .bash_profile

TJTAI Instance env set

*****Note: Please download patches at /u01/app/Patches******

[appti@nchljta02 ~]$ java -version

java version "1.7.0_211"

Java(TM) SE Runtime Environment (build 1.7.0_211-b07)

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 6
Java HotSpot(TM) Server VM (build 24.211-b07, mixed mode)

[appti@nchljta02 ~]$

Rename The Following Directories

===============================

cd $ORACLE_HOME/jre

mv 1.4.2 1.4.2_old

Rebuild Forms and Reports Executables (For Unix/Linux Only)

================================================

cd $ORACLE_HOME/forms/lib

$ make -f ins_forms.mk sharedlib install

cd $ORACLE_HOME/reports/lib

$ make -f ins_reports.mk install

Re-generate Oracle E-Business Suite Forms and Reports

======================================================

Run ADAdmin and select the Forms and Reports regeneration.

Apply the Oracle Fusion Middleware 10.1.3.5 OpenSSL patches.

cd /u01/app/Patches/1586826/27208670 – opatch

opatch apply

Step 6 - Apply product-specific patches.

Oracle Workflow - Upgrade Java Mail API to 1.5.4 using patch 22322938 and OWF patch
27881758:R12.OWF.B to address Oracle Workflow Mailer issue with Outlook Office365 connection
and TLS 1.2.

If a conflict is reported with patch 8999551 allow opatch to roll it back when applying patch 22322938.

cd /u01/app/Patches/1586826/22322938 - opatch apply

Source the environment.

cd /u01/app/Patches/1586826/28779647 ( Latest patch for 27881758) -- adpatch

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 7
===================

Oracle iProcurement - Apply the patches mentioned in My Oracle Support Knowledge Document
1937220.1

cd /u01/app/Patches/1586826/21473055 - adpatch

Confirm the following file version:

Release 12.1: HttpsURL.java 120.1.12010000.6

Release 12.1 (CLM): HttpsURL.java 120.3.12010100.3

The following command can be used to verify the proper file version installation:

strings -a $JAVA_TOP/oracle/apps/icx/punchout/util/HttpsURL.class | grep -i header:

5. Clear the cache on the server.

a. Responsibility: Functional Administrator

b. Click the Core Services tab.

c. Click the Caching Framework subtab.

d. Click the Global Configuration link on the left side of the page.

e. Click the Clear All Cache button, then click "Yes" to confirm the deletion of the java cache on the
server. Allow this to complete.

f. Log out of the applications.

5.2 Configure Inbound Connections

No need to perform this.. Goto page 10 , copy all files as we did CSR and cert export

Step 1 - Create a PKI key pair and certificate signing request. Ignore below

Create a new directory if it does not already exist (for example, $INST_TOP/certs/Apache) and create a
host-specific OpenSSL configuration file in that directory as the following:

% cat new.cnf

[req]

prompt = no

default_md = sha256

distinguished_name = dn

req_extensions = ext

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 8
[dn]

CN = www.example.com

O = Example Inc

OU = Key Team

L = San Diego

ST = California

C = US

[ext]

subjectAltName = DNS:www.example.com,DNS:example.com

Step 2 - Backup directories and update your PATH. Ignore below

Backup your $INST_TOP/certs/Apache directory.

Prepend the OpenSSL binary directory (for example: <10.1.3 OH>/Apache/open_ssl/bin) to your PATH so
that the OpenSSL binary that came from the Oracle Fusion Middleware patches above will be used. You
may also need to enable the execute permissions on the openssl binary.

export PATH=<10.1.3 OH>/Apache/open_ssl/bin:$PATH

chmod 755 openssl

3. Set the OPENSSL_CONF environment parameter to the path of the new.cnf file created above.
Ignore below

export OPENSSL_CONF=$INST_TOP/certs/Apache/new.cnf

Step 3 - Create a 2048 RSA private key and a CSR signed using sha256WithRSAEncryption.

Ignore below

1. Make sure LD_LIBRARY_PATH contains a path to your Oracle Fusion Middleware 10.1.3
ORACLE_HOME/lib.

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:< FMW 10.1.3 ORACLE_HOME>/lib

2. Now, run the following command:

openssl req -newkey rsa:2048 -nodes -keyout server.key -sha256 -out new.csr -config new.cnf

3. Then submit your certificate request (CSR) to your certificate authority (CA).

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 9
 Note: If you are migrating to TLS 1.2 from a prior version of SSL or TLS and have a current, valid server
certificate, you can request that your CA rekey or reissue your certificate.

Step 4 - Receive server certificate and certificate chain files from the CA.

Ignore below

From the CA, you will receive the following:

. A CA signed server certificate

. The certificate of the root CA

. The certificates of any required intermediate CAs

1. Place the above files in the same directory that contains your server private key: server.key.

2. Rename the server certificate file to server.crt, rename the root CA file to ca.crt, and rename any
intermediate certificate file to intermediate.crt.

If you do not have an intermediate certificate, run the following command to create an empty
intermediate.crt file:

echo -n > intermediate.crt

Note: Use the specified names for the files to ensure that the configuration directives used later in this
document will reference the correct files.

3. Verify that your $INST_TOP/certs/Apache directory contains the following files: Ignore below

. server.key

. new.csr

. server.crt

. intermediate.crt

. ca.crt

4. Create a certificate file for OPMN containing the server certificate and any intermediate certificate by
executing the following: Ignore below

cat server.crt intermediate.crt ca.crt > opmn.crt

Steps for other instance:

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 10
Cert Location:

[appti@nchljta02 1586826]$ pwd

/u01/app/Patches/1586826
[appti@nchljta02 1586826]$ ls Apache.tar.gz
Apache.tar.gz

cd $INST_TOP/certs
mv Apache Apache_TLS
tar -xvzf /u01/app/Patches/1586826/Apache.tar.gz
cd Apache
ls

Step 5 - Update the context file. OHS as the TLS Termination Point

Below table based on TJTAI parameters. Please set the same values on 02 and 03 servers.

Changes When Using End-to-End TLS (Please replace as per instance values)

Parameter TLS Value

s_url_protocol
https
s_local_url_protocol
https
s_webentryurlprotocol
https
s_webssl_port 4444

s_https_listen_parameter 4444

s_active_webport
4444
s_webentryhost
ebstst
s_webentrydomain
tcs.jtafl.com
s_enable_sslterminator Remove the '#' to use ssl_terminator.conf

https://ebstst.tcs.jtafl.com:4444/OA_HTML/
s_login_page
AppsLogin

s_external_url https://ebstst.tcs.jtafl.com:4444

Step 6 - Perform additional configuration. (Please update on 02 server)

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 11
Copy the original files from <FND_TOP>/admin/template to <FND_TOP>/admin/template/custom, if the
custom directory or any of the customized template files do not already exist. Update these custom files
as documented below.

1) <FND_TOP>/admin/template/custom/opmn_xml_1013.tmp

Replace this line in the template:

<ssl enabled="true" wallet-file="%s_web_ssl_directory%/opmn"/>

With the following:

<ssl enabled="true" openssl-certfile="%s_web_ssl_directory%/Apache/opmn.crt" openssl-

keyfile="%s_web_ssl_directory%/Apache/server.key" openssl-password="dummy" openssl-
lib="%s_weboh_oh%/lib" ssl-versions="TLSv1.0,TLSv1.1,TLSv1.2"/>

2) <FND_TOP>/admin/template/custom/httpd_conf_1013.tmp (Please update on 02 server)

The instructions here are to comment out one line and to add a new line to reference mod_ssl.so.
Separate instructions are listed for UNIX/Linux and Windows.

Modify the following

<IfDefine SSL>

LoadModule ossl_module libexec/mod_ossl.so

</IfDefine>

To the following:

<IfDefine SSL>

#LoadModule ossl_module libexec/mod_ossl.so

LoadModule ssl_module libexec/mod_ssl.so

</IfDefine>

(Please update on 02 server)

3) <FND_TOP>/admin/template/custom/ssl_conf_1013.tmp

Step 1 - Comment out the following line in the template:

#SSLWallet file:%s_web_ssl_directory%/Apache

Step 2 - Add the following 3 lines into the template:

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 12
SSLCertificateFile %s_web_ssl_directory%/Apache/server.crt

SSLCertificateKeyFile %s_web_ssl_directory%/Apache/server.key

SSLCertificateChainFile %s_web_ssl_directory%/Apache/intermediate.crt

Step 3 - Replace the following:

SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

With the following:

SSLCipherSuite ECDHE:!NULL:!3DES:!RC4:+aRSA:AES128-SHA

Step 4 - Replace the following:

SSLProtocol -all +TLSv1 +SSLv3

With the following:

SSLProtocol all -SSLv2 -SSLv3

5.3 Configure Loopback and Outbound Connections (Please update on 02 server)

<FND_TOP>/admin/template/custom/oc4j_properties_1013.tmp

Add:

https.protocols=TLSv1,TLSv1.1,TLSv1.2

Disabling the HTTP Port

Perform the required configuration.

Copy the original template file, <FND_TOP>/admin/template/httpd_conf_1013.tmp, to
the <FND_TOP>/admin/template/custom directory, if the custom directory or the customized template
file does not already exist. Update the custom file by commenting out the following line:

Please comment the below line.

#Listen %s_http_listen_parameter%

OC4J Service Management May Fail After Update To Java JDK1.6.0_181 Or JDK1.7.0_171 With Oracle
E-Business Suite Release 12.1.3 (Doc ID 2353710.1)

add -Djdk.crypto.KeyAgreement.legacyKDF=true to below parameters in context file

oafm_jvm_start_options

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 13
oafm_jvm_stop_options

forms_jvm_start_options

forms_jvm_stop_options

forms-c4ws_jvm_start_options

forms-c4ws_jvm_stop_options

oacore_jvm_stop_options

oacore_jvm_start_options

Step 7 - Run AutoConfig.

Run AutoConfig using the adautocfg.sh script in the application tier $ADMIN_SCRIPTS_HOME directory.

Step 1 - Update the b64InternetCertificate.txt TrustStores.

Add the contents of the ca.crt file to b64InternetCertificate.txt file located in the 10.1.2
ORACLE_HOME/sysman/config directory:

$ cat ca.crt >> <10.1.2 ORACLE_HOME>/sysman/config/b64InternetCertificate.txt

++++++++++ TJTAI output++++++++++++++++++

[appti@nchljta02 custom]$ cd $ORACLE_HOME/sysman/config

[appti@nchljta02 config]$ cp /u01/app/appti/TJTAI/inst/apps/TJTAI_nchljta02/certs/Apache/ca.crt .

[appti@nchljta02 config]$ cat ca.crt >> b64InternetCertificate.txt

++++++++++++++++++++++++++++++++++++++++++++

Step 2 - Update the cacerts TrustStore.

If you purchased your server certificate from a commercial CA, you will most likely not have to perform
this step as the root CA certificate will already be present in cacerts. The keytool command will let you
know if you attempt to add a certificate already present in cacerts.

Update the JDK cacerts file.

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 14
Oracle Web Services requires the Certificate of the Certifying Authority who issued your server
certificate (ca.crt from the previous step) to be present in the JDK cacerts file.

Navigate to the $OA_JRE_TOP/lib/security directory.

Follow these steps to ensure these requirements are met:

Backup the existing cacerts file.

Copy your ca.crt file to this directory and issue the following command to ensure that cacerts has write
permissions:

$ chmod u+w cacerts

Add your Apache ca.crt to cacerts:

$ keytool -importcert -alias ApacheRootCA -file ca.crt -v -keystore cacerts

When prompted, enter the keystore password (default password is "changeit").

When you have completed the modifications to the cacerts, reset the permissions:

$ chmod u-w cacerts

Note: Whenever you upgrade your JDK version on the server, any additional certificates you have added
to your cacerts file will be lost. You will need to re-import the root certificate or keep a copy of your
original cacerts file which you can copy back in.

++++++++++ TJTAI output++++++++++++++++++

[appti@nchljta02 security]$ cp /u01/app/appti/TJTAI/inst/apps/TJTAI_nchljta02/certs/Apache/ca.crt .

[appti@nchljta02 security]$ chmod u+w cacerts

[appti@nchljta02 security]$ keytool -importcert -alias ApacheRootCA2020 -file ca.crt -v -keystore cacerts

Enter keystore password:

Certificate already exists in keystore under alias <apacherootca>

Do you still want to add it? [no]: Yes

Certificate was added to keystore

[Storing cacerts]

[appti@nchljta02 security]$ chmod u-w cacerts

++++++++++++++++++++++++++++++++++++++++++

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 15
Import cert to DB Wallet
After setting your environment for the database tier, navigate to
the $ORACLE_HOME/appsutil directory.

Create a new wallet directory named wallet.

Navigate to the newly created wallet directory.

Create an Auto Login wallet.

orapki wallet create -wallet . -auto_login -pwd <PASSWORD>

Import Trusted CA cert ca.crt into the wallet.

orapki wallet add -wallet . -trusted_cert -cert ca.crt -pwd <PASSWORD> -jsafe

Restart DB.

+++++++++++++Steps on TJTAI ++++++++++++++

cd $ORACLE_HOME/appsutil

mkdir wallet

cd wallet

Copied root.cer, Intermediate.crt from external server

ca.crt from 02 server.

[orati@nchljta01 wallet]$ orapki wallet create -wallet . -auto_login -pwd oracle123

Oracle PKI Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

[orati@nchljta01 wallet]$ ls

cwallet.sso ewallet.p12 intermediate.crt root.cer ca.crt

[orati@nchljta01 wallet]$ orapki wallet add -wallet . -trusted_cert -cert intermediate.crt -pwd oracle123

Oracle PKI Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

[orati@nchljta01 wallet]$

[orati@nchljta01 wallet]$ orapki wallet add -wallet . -trusted_cert -cert root.cer -pwd oracle123

Oracle PKI Tool : Version 11.2.0.4.0 - Production

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 16
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

[orati@nchljta01 wallet]$ pwd

/u01/app/orati/TJTAI/db/tech_st/11.2.0.4/appsutil/wallet

[orati@nchljta01 wallet]$ orapki wallet add -wallet . -trusted_cert -cert ca.crt -pwd oracle123

Oracle PKI Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

[orati@nchljta01 wallet]$ pwd

/u01/app/orati/TJTAI/db/tech_st/11.2.0.4/appsutil/wallet

[orati@nchljta01 wallet]$ orapki wallet display -wallet

/u01/app/orati/TJTAI/db/tech_st/11.2.0.4/appsutil/wallet

Oracle PKI Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:

User Certificates:

Trusted Certificates:

Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE

Corporation,C=US

Subject: CN=thawte Primary Root CA,OU=(c) 2006 thawte\, Inc. - For authorized use
only,OU=Certification Services Division,O=thawte\, Inc.,C=US

Subject: OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: CN=Thawte TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US

Subject: OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Subject: OU=Secure Server Certification Authority,O=RSA Data Security\, Inc.,C=US

[orati@nchljta01 wallet]$

+++++++++++++++++++++++++++++++++++++++++++++++++

Restart DB

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 17
JRE upgrade:
Deploying JRE (Native Plug-in) for Windows Clients in Oracle E-Business Suite Release 12 (Doc ID
393931.1)

Step 1) mv $FND_TOP/bin/txkSetPlugin.sh $FND_TOP/bin/txkSetPlugin-4377566.sh

Step 2) Apply the patch 26100397 to get 3 digit point release as we have two digit point release now.

cd /u01/app/Patches/1586826/26100397 – adpatch

after applying the patch file version should be like below. If not please coy the file manually.

[appci@nchljta02 custom]$ strings -a $FND_TOP/bin/txkSetPlugin.sh|grep Header

header_string="$Header: txkSetPlugin.sh 120.6.12010000.6 2019/09/05 11:07:58 tmervyn ship $"

[appci@nchljta02 custom]$

cp /u01/app/Patches/1586826/26100397/fnd/bin/txkSetPlugin.sh $FND_TOP/bin/txkSetPlugin.sh

Step 3) Download the JRE plugin from below.

http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

Step 4) Rename the JRE Plugin File to j2se18241.exe by moving it to following location.

$[COMMON_TOP]/webapps/oacore/util/jinitiator/

mv jre-8u241-windows-i586.exe j2se18241.exe

cp -r /u01/app/Patches/1586826/j2se18241.exe $COMMON_TOP/webapps/oacore/util/jinitiator/

Step 5 ) Run the JRE Upgrade Script

$ $FND_TOP/bin/txkSetPlugin.sh 18241 dyn

The script will prompt you for the following values if it does not find them automatically.

If this is the case ensure you have correctly sourced your environment and run the script again:

Location of APPSORA.env file, if not present in the default location $APPL_TOP

Location of the AutoConfig Context File.

Password for the APPS user in the database (If the correct value is returned by the script you may
press the return key at the prompt).

Note: Upgrade Plug-in in all nodes.

Please check all the context files and output should be like this.

[appti@nchljta02 scripts]$ grep -i plugin $CONTEXT_FILE

<!-- JDK plugins -->

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 18
 <sun_plugin_ver oa_var="s_sun_plugin_ver">1.8.0_241</sun_plugin_ver>

<sun_plugin_type oa_var="s_sun_plugin_type">jdk</sun_plugin_type>

[appti@nchljta02 scripts]$

step 6 ) Run autoconfig on 04,03 and 02.

Post Steps

========

Step 4.1. Enable the Java Console and Check Version

Enable the Java Console on your desktop client through the 'Java Control Panel' by setting:

'Control Panel' -> 'Java' (icon) -> 'Advanced' -> 'Java Console' -> 'Show Console'

Start OPMN and verify all post Autoconfig check

Stop All services

Restart All Application Tier Services

Issues and fixes:

Java PATH issue fix.

old value
<ADPERLPRG oa_var="s_adperlprg" osd="unix">/usr/bin/perl</ADPERLPRG>
New Value
<ADPERLPRG oa_var="s_adperlprg"
osd="unix">/u01/app/appci/CJTAI/apps/tech_st/10.1.3/perl/bin/perl</ADPERLPRG>
ran auto config

Enable_TLS_EBS_12._And_Java_Upgrade_V3.2 Page 19