Tuesday, September 18, 2018

PingAccess Windows service will not start


Once Ping Access is installed and configured as Windows service. The service then fails to start.

One possible most common issue is with JAVA_HOME environment variable. 


Check if JAVA_HOME env and set at SYSTEM level not just USER level if not already set. It may be necessary to restart the Windows server to pick up the system variable change.

Then try starting the service again.


Thursday, September 13, 2018

OIM 12C - Design Console alert

Below screenshot refers new and updated alert from OIM 12c:


Monday, September 10, 2018

How to enable HTTPS / SSL in Tomcat with self signed certificate

Below steps tested with Tomcat 9.0.11 on both Windows & Linux machine.

Open command prompt/terminal and execute below keytool command to create a new key store with a self-signed certificate by replacing the alias and keystore values.

keytool.exe -genkey -alias <<certaliasname>>-keyalg RSA -keystore <<location to save keystore>>\<<keystorename>>

provide the details of the certificate as it asks questions.

Open server.xml file from <<TOMCAT_HOME>>/conf/ location

and add below text by replacing keystoreFile and keystorePass values.

 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="<<path to keystore file>>"
       keystorePass="<<keystore password>>" />

then restart the tomcat server and access https://<<hostname>>:8443


Thursday, September 6, 2018

The process cannot access the flie because it is being used by another process exception from HRESULT:0*80070020

Issue:-At times you may notice that one or more Web sites are not started in IIS 7.0. If you try to manually start the Web site, it may fail with the following error message:

Internet Information Services (IIS) Manager - The process cannot access the file because it is being used by another process.
(Exception from HRESULT: 0x80070020)

Environment:-Windows 2012R2 server

Error Cause:-The error code 0x80070020 translates to ERROR_SHARING_VIOLATION (The process cannot access the file because it is being used by another process.)

This issue may occur if TCP port 80 and/or 443 is grabbed by a different service.

Solution:-First check to see what is listening on port 80.
                Open a command prompt and enter the following command:

                 netstat -ano | find ":80"

 netstat -aon | find ":443"
  In this case process ID 4228 was listening on port 80.
                  To check what this process is open task manager and locate that PID.
  (Note you may need to select View -> Select columns -> PID first).

  1.It turns out a developer installed Apache which was listening
                     on port 80 and causing a conflict.To resolve the conflict change one service to run
                     on a different port or uninstall the unnecessary web server.
          2.In Task bar we can select httpd.exe running on  port 80 and end process

Now you can start and stop IIS website.


Keytool & OpenSSL handy commands

OpenSSL command to extract SSL host certificate

openssl s_client -servername <<servername>> -connect <<servername>>:<<portnumber>>

Java Keytool Commands for Creating and Importing

  • Generate a Java keystore and key pair
    keytool -genkey -alias mydomain -keyalg RSA -keystore keystorename.jks -keysize 2048
  • Generate a certificate signing request for an existing Java keystore
    keytool -certreq -alias domainname -keystore keystore.jks -file domainname.csr
  • Import a root or intermediate CA certificate to an existing Java keystore
    keytool -import -trustcacerts -alias root -file serverchain1.crt -keystore keystore.jks
  • Import a signed primary certificate to an existing Java keystore
    keytool -import -trustcacerts -alias mydomainname -file mydomainname.crt -keystore keystore.jks
  • keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking

  • Check a stand-alone certificate
    keytool -printcert -v -file mydomain.crt
  • Check which certificates are in a Java keystore
    keytool -list -v -keystore keystore.jks
  • Check a particular keystore entry using an alias
    keytool -list -v -keystore keystore.jks -alias mydomain
  • Delete a certificate from a Java Keytool keystore
    keytool -delete -alias mydomain -keystore keystore.jks
  • Change a Java keystore password
    keytool -storepasswd -new new_storepass -keystore keystore.jks
  • Export a certificate from a keystore
    keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
  • List Trusted CA Certs
    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
  • Import New CA into Trusted Certs
    keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts