Smart Panda Newsletter – November 2014

Smart Thinking Newsletter

This Just In: Cloud ERP Acceptance is Rising!

Smart Panda - Newsletter Postman
It may have taken some time to get underway, but it looks like (according to Enterprise Apps Today) that more businesses are making the switch to Cloud ERP solutions. While there are obvious advantages to cloud hosting, this article from Enterprise Apps Today covers some of the common questions and concerns that organizations should address prior to making a move to the cloud.

MSSQL: Drop All Tables in the Database

I had to recreate a database in SQL Server the other day and my database user did not have privileges to recreate the database, so I found the following code which worked like a charm to drop all the tables in the database.  This example deletes all tables that start with PS, which drops all the PeopleSoft tables:

declare @SQL nvarchar(max)

SELECT @SQL = STUFF((SELECT ‘, ‘ + quotename(TABLE_SCHEMA) + ‘.’ + quotename(TABLE_NAME)
FROM INFORMATION_SCHEMA.TABLES WHERE Table_Name LIKE ‘PS%’
FOR XML PATH(”)),1,2,”)

SET @SQL = ‘DROP TABLE ‘ + @SQL

PRINT @SQL

EXECUTE (@SQL) — uncomment to actually delete the tables

SSL Certificate: Cannot convert identity certificate

Weblogic Web Server SSL Certificate:

Smart Panda - Secure HTTPSA client called today and said they needed to change their wildcard SSL certificate that they were using on one of the external web servers. This seemed like a simple enough request, so:

Step 1:

Get Client to send the new SSL Certificate in pfx format.

Step 2:

Using Portecle “a user friendly GUI application for creating, managing and examining keystores, keys, certificates, certificate requests, certificate revocation lists and more” – Load the PFX SSL Certificate

Step 3:

Convert the new keystore to JKS format.

Step 4:

Reset the password to the SSL Certificate and set the Alias name to the Alias already in use.

Step 5:

Export the PEM encoded certificate to a file and set the file extension to .CRT – This allows the SSL Certificate to be easily opened in Windows.

Step 6:

Export the intermediate and root certificates in base x.509 formats.

Step 7:

Import the intermediate and root trusted certificates (the ones just exported in Step 6) back into the keystore.

Step 8:

Take the SSL Certificate in PEM format and append the SSL Certificate Intermediate PEM format and then the SSL Certificate Root Certificate Authority (CA) in PEM format.  This basically creates a full certificate chain in PEM format.

Step 9:

In Portecle update the CA Reply of the Certificate with the Full Certificate Chain in PEM format.  This step is important so no certificate errors are reported with Firefox Browser.

Results:

The new JKS Keystore has 3 SSL Certificates in the keystore, the Full SSL Certificate private/public key combination, and the SSL Certificate Intermediate and SSL Certificate Root.

Install New SSL Certificate Keystore:

Log into the Weblogic Server and rename the existing SSL Certificate Keystore and upload the new SSL Certificate Keystore using the original SSL Certificate Keystore filename.

Restart the server, and………..

BOOOOOOOM!

ERROR:  <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Cannot convert identity certificate.>

Well, that’s new!  A quick investigation on Google, and some checking turns up that the new certificate was created using SHA256withRSA, while the old one used SHA1withRSA.

As it turns out, Weblogic prior to 10.3.4 cannot use certificates with SHA256withRSA encryption as it uses Certicom SSL implementation.  However, since the web server is version 10.3.6, JSSE SSL needs to be enabled.

Which is under the advanced options of the Weblogic console found under the SSL tab for the Server in question.  Once enabled and the web server restarted, the SSL Certificate & New Keystore worked!

Knowledge Reference:

Smart Panda - IdeaCheck out Wikipedia’s page on SHA-2 Encryption information.