Yes Lisa, that’s a valid point. I agree we should not change the common package only for ~30 RAC databases if it creates risk for the wider estate.
My only concern is that we should also not lose useful RAC metrics from LGTM. Maybe we can keep the existing package unchanged for non-RAC and handle RAC through a specific conditional logic / separate metrics file, so both sides are covered safely.
Thank you for the kind note and recognition.
I am truly grateful for the support, encouragement, and learning opportunities provided by the organisation and the team. Working in this environment has helped me learn from real enterprise database challenges, collaborate with experienced colleagues, and continuously grow as a professional.
Being part of the Oracle ACE community allows me to share these learnings and practical experiences with the wider Oracle community outside the organisation. It also helps me stay connected with Oracle product updates, technical overview sessions, community discussions, and opportunities to engage with Oracle product teams.
I hope this also encourages more team members to stay connected with the Oracle ecosystem, as these learnings and engagements can bring useful value back to our database and engineering work.
Thank you again for the encouragement and support.
Impact:
Some scripts/docs may currently depend on Confluence pages owned by other applications or PODs. If those pages are moved, restricted, renamed, or decommissioned, our documentation or operational references may break.
Bringing required references into the Emerging DB space will improve ownership, accessibility, consistency, and long-term maintainability.
Hi Tarun,
Thank you for the detailed inputs.
I have a few follow-up questions to understand the correct approach before we proceed further across the estate.
Do we know since when the process moved from STID:WRAPPER / STID:RENEW:WRAPPER to PEM:PISABASEID? Also, do we have the exact documented steps for the PEM:PISABASEID based renewal process? I found something similar here for reference:
For estate-wide validation, do we have any specific command or known check to confirm whether a host is correctly using PEM:PISABASEID? For STID:WRAPPER, I am currently using the below command/check, but when I try a similar check for PEM:PISABASEID, it does not return anything.
<add your wrapper command/check here>
Do we already have any provision or arrangement available to scan the estate for this? If not, could you please advise the exact Tanium command/query we should use to identify hosts with STID:WRAPPER, STID:RENEW:WRAPPER, and PEM:PISABASEID?
I also have two sample hosts with me for comparison:
Could you please help confirm the expected state for such hosts and the correct remediation path?
Regards,
Nikhil
1
sudo find /etc/pki /usr/share/pki -type f \( -name "*.crt" -o -name "*.pem" -o -name "*.cer" \) 2>/dev/null | grep -i standard
2.
openssl x509 -in /path/to/standardID.crt -noout -subject -issuer -serial -fingerprint -sha256 -enddate
-
New ##
1
echo | openssl s_client -connect server01:443 -servername server01 -showcerts 2>/dev/null
2 check issuer / subject
echo | openssl s_client -connect server01:443 -servername server01 -showcerts 2>/dev/null \
| openssl x509 -noout -subject -issuer -fingerprint -sha256 -enddate
3.
servers.txt
&
#!/bin/bash
PORT=443
HOSTLIST="servers.txt"
OUTPUT="standardid_port_check_$(date +%F_%H%M).csv"
echo "HOST,PORT,STATUS,DETAIL" > "$OUTPUT"
while read -r HOST
do
[ -z "$HOST" ] && continue
echo "Checking $HOST:$PORT ..."
CERT_INFO=$(timeout 10 bash -c "echo | openssl s_client -connect ${HOST}:${PORT} -servername ${HOST} -showcerts 2>/dev/null \
| openssl x509 -noout -subject -issuer -fingerprint -sha256 -enddate 2>/dev/null")
if [ -z "$CERT_INFO" ]; then
echo "$HOST,$PORT,NO_TLS_OR_CONNECTION_FAILED,\"No certificate returned on this port\"" >> "$OUTPUT"
continue
fi
if echo "$CERT_INFO" | grep -iq "standard"; then
DETAIL=$(echo "$CERT_INFO" | tr '\n' ' ' | sed 's/"/""/g')
echo "$HOST,$PORT,FOUND,\"$DETAIL\"" >> "$OUTPUT"
else
DETAIL=$(echo "$CERT_INFO" | tr '\n' ' ' | sed 's/"/""/g')
echo "$HOST,$PORT,NOT_FOUND,\"$DETAIL\"" >> "$OUTPUT"
fi
done < "$HOSTLIST"
echo "Report generated: $OUTPUT"
#
openssl x509 -in /etc/pki/ca-trust/source/anchors/standardID.crt -noout -fingerprint -sha256
sudo find /etc/pki /usr/share/pki -type f \( -name "*.crt" -o -name "*.pem" -o -name "*.cer" \) 2>/dev/null | grep -i standard
Oracle ACE End-of-Year Highlights 2025 🤞
Hello Friends! I am aliena part time blogger from Bihar. I am a student and I manage my study as well as my blog. I am 14 years old and I want to help those people who really want to do something on internet.
Copyright © 201. Metro UI Theme. Designed by: Templateism
