Configuring SSL on Enterprise Manager and the SLB (Release 12.1.0.2 and later)

Source: Internet
Author: User
Tags ssl certificate

from:http://docs.oracle.com/html/e24089_42/ha_setup.htm#sthref833

If The SLB is configured-Third-party/custom SSL certificates, you must ensure the CA certificates is properly Configured in order for the trust relationship to be maintained between the Agent, SLB, and the OMS. Specifically, the following must is carried out:

    • Import the CA certificates of the SLB into the OMS Trust store.

    • Copy the Enterprise Manager CA certificates to the Trust store of the SLB

Enterprise Manager uses the default Enterprise Manager certificates and not the Custom certificates. In order for Agents to upload information successfully to the OMS through the SLB, these custom trusted certificates need To being copied/imported to the Trust store, the OMS and agentsthe following procedures illustrate the process used to SECU Re the 12c OMS and Agent when a SLB is configured with third Party/custom SSL certificates.

Verifying The SSL Certificate used at the SLB

Perform the following steps to determine whether the SLB is using different certificates than the OMS:

  1. To check the certificate chain used by any URL, run the following command:

    <oms_home>/b In>./emctl secdiag openurl-url

    To check the certificates used by the SLB URL, run the F ollowing command:

    <oms_home>/bin>./emctl secdiag openurl-url Https://<SLB Hostname>:

    To check the certificates used by the OMS URL, run the FO llowing command:

    <oms_home>/bin>./emctl secdiag openurl-url Https://<OMS Hostname >:

  2. If The default Enterprise Manager self-signed certificates is used in the SLB, the output of both the commands would APPEA R as follows:

    Issuer:cn=<oms Hostname>, C=us, St=ca, L=enterprisemanager on <oms Hostname>, Ou=enterprisemanager on <OM S Hostname>, O=enterprisemanager on <oms hostname>

  3. If a custom or self-signed SSL certificate is used in the SLB and then output of the command executed with the SLB Name would Provide details shown here:

    Issuer:cn=entrust certification authority-l1c, ou= "(c) Entrust, Inc.", Ou=www.entrust.net/rpa was incorporated by Reference, o= "Entrust, Inc.", C=us

    In this example, the SLB is using the custom certificate (cn=entrust certification authority-l1c, ou= "(c) Entrust, Inc. "), which needs to being imported as trusted certificate into the OMS.

  4. If OpenSSL is available on the OS, you can also check the value of GB by running the following command:

    $openssl s_client -connect <HOSTNAME>:<PORT>

Importing the SSL Certificate of the SLB to the Trust Store of the OMS and Agent

    1. Export the SLB Certificate in base64 format to a text file named: customca.txt .

    2. Secure the OMS:

      CD <oms_home>/bin>

      ./emctl Secure Oms-host <SLB host name>-secure_port


      emctl secure Oms command.

      The CA Certificate of the OMS is present in The <em_instance_home>/em/emgc_oms1/sysman/ Config/b64localcertificate.txt  file and needs to being copied to the SSL Trust store of the SLB.

    3. Restart all the OMS:

      cd <OMS_HOME>/bin

      emctl stop oms -all

      emctl start oms

    4. Secure all the Agents pointing to this Enterprise Manager setup:

      cd <AGENT_HOME>/bin

      ./emctl secure agent –emdWalletSrcUrl <SLB Upload URL>

Configuring SSL on Enterprise Manager and the SLB (Release 12.1.0.2 and later)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.