One day, you may decide using gmail IMAP and SMTP services with your Oracle Workflow Mailer inbound and outbound processing. So if that day comes, here is a key information for you.
As you may know ; gmail operates in ssl. That both gmail smtp and imap services are operating in SSL and if you want to configure Oracle Workflow Mailer with gmail 's imap and smtp services, you need to configure Oracle Workflow Mailer with ssl.
Configuring Oracle Workflow MAiler with ssl , is not a big thing and it is documented already.
Generally, what we do for configuring SSL in imap and smtp processes of Oracle Workflow mailer is; gathering the mail server's certificates from the mail server and making the Oracle Workflow mailer server use them.
We usually gather the certificates using openssl s_client .
For example:
openssl s_client -connect imap.gmail.com:993
openssl s_client -connect smtp.gmail.com:465
Then we copy and paste the ouputs of openssl to cer files and import these cer files to the cacert keystore.
For example:
keytool -import -trustcacerts -keystore $AF_JRE_TOP/lib/security/cacerts -storepass changeit -alias smtpimap -file gmailimap.cer
keytool -import -trustcacerts -keystore $AF_JRE_TOP/lib/security/cacerts -storepass changeit -alias smtpgmail -file gmailsmtp.cer
With this approach, you may download gmail's certificated using openssl and import them in to EBS to make Oracle Workflow Mailer be able to use them.
This method will work normally, but for gmail it will not work stably.
That is; if you are using gmail with your Oracle Workflow Mailer and even if you configure your Workflow mailer with SSL properly using the certificates gathered by accessing imap.gmail.com and smtp.gmail.com, you may encounter the following error randomly.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Actually, this is a certificate problem , which is caused by Google, as Google has many servers spread out to hold the load from everyone connecting to them they would all use different SSL.
As you may know ; gmail operates in ssl. That both gmail smtp and imap services are operating in SSL and if you want to configure Oracle Workflow Mailer with gmail 's imap and smtp services, you need to configure Oracle Workflow Mailer with ssl.
Configuring Oracle Workflow MAiler with ssl , is not a big thing and it is documented already.
Generally, what we do for configuring SSL in imap and smtp processes of Oracle Workflow mailer is; gathering the mail server's certificates from the mail server and making the Oracle Workflow mailer server use them.
We usually gather the certificates using openssl s_client .
For example:
openssl s_client -connect imap.gmail.com:993
openssl s_client -connect smtp.gmail.com:465
Then we copy and paste the ouputs of openssl to cer files and import these cer files to the cacert keystore.
For example:
keytool -import -trustcacerts -keystore $AF_JRE_TOP/lib/security/cacerts -storepass changeit -alias smtpimap -file gmailimap.cer
keytool -import -trustcacerts -keystore $AF_JRE_TOP/lib/security/cacerts -storepass changeit -alias smtpgmail -file gmailsmtp.cer
With this approach, you may download gmail's certificated using openssl and import them in to EBS to make Oracle Workflow Mailer be able to use them.
This method will work normally, but for gmail it will not work stably.
That is; if you are using gmail with your Oracle Workflow Mailer and even if you configure your Workflow mailer with SSL properly using the certificates gathered by accessing imap.gmail.com and smtp.gmail.com, you may encounter the following error randomly.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This problem can be fixed by using the gmail certificates located in "https://pki.google.com/" ; with the title of“ Google's Issuing CA certificate” .
Note that: this certificates are like wildcard certificates(*.) and works with all the gmail servers.
This is direct link : https://pki.google.com/GIAG2.
After downloading the cer file from the link above; we follow the standard Workflow Mailer SSL configuration documents and issue the following commands to import the cer file in to the cacerts file and make the workflow mailer use them.
keytool -import -trustcacerts -keystore $AF_JRE_TOP/lib/security/cacerts -storepass changeit -alias GIAG2 -file GIAG2.cer
Also, both "Outbound SSL Enabled" and "Inbound SSL Enabled" checkboxes located in Workflow Mailer's configuration page should be checked.
Laslty, be sure that your SSL trust store is pointing the cacerts file that you import the gmail certificates.
[applmgr@ermanserver log]$ sqlplus apps/<pass> @$FND_TOP/sql/afsvcpup.sql
SQL*Plus: Release 10.1.0.5.0 - Production on Fri Nov 13 09:35:30 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
Component Id Component Name Component Status Type Containe
------------ ------------------------------ ---------------- --------------- --------
10000 ECX Inbound Agent Listener STOPPED WF_AGENT_LISTEN GSM
10001 ECX Transaction Agent Listener STOPPED WF_AGENT_LISTEN GSM
10002 Workflow Deferred Agent Listen RUNNING WF_AGENT_LISTEN GSM
10003 Workflow Deferred Notification RUNNING WF_AGENT_LISTEN GSM
10004 Workflow Error Agent Listener RUNNING WF_AGENT_LISTEN GSM
10005 Workflow Inbound Notifications RUNNING WF_AGENT_LISTEN GSM
10006 Workflow Notification Mailer RUNNING WF_MAILER GSM
10020 Web Services IN Agent STOPPED WF_JAVA_AGENT_L GSM
10021 Web Services OUT Agent STOPPED WF_DOCUMENT_WEB GSM
10022 Workflow Java Deferred Agent L RUNNING WF_JAVA_AGENT_L GSM
10023 Workflow Java Error Agent List RUNNING WF_JAVA_AGENT_L GSM
10040 WF_JMS_IN Listener(M4U) RUNNING WF_JAVA_AGENT_L GSM
10041 Workflow Inbound JMS Agent Lis STOPPED WF_AGENT_LISTEN GSM
Enter Component Id: 10006
Example path: " /u01/oracle/TEST/fs1/EBSapps/
Note that : Dont use environment variables when specifying this path.
Note that : Dont use environment variables when specifying this path.
No comments :
Post a Comment
If you will ask a question, please don't comment here..
For your questions, please create an issue into my forum.
Forum Link: http://ermanarslan.blogspot.com.tr/p/forum.html
Register and create an issue in the related category.
I will support you from there.