My Oracle Support Banner

11g Grid Control: Using Oracle Wallet Manager to Create a Wallet with Third Party Trusted Certificate and Importing into OMS (Doc ID 1208949.1)

Last updated on MARCH 12, 2021

Applies to:

Enterprise Manager Base Platform - Version 11.1.0.1 to 11.1.0.1 [Release 11.1]
Information in this document applies to any platform.

Purpose

This document explains how to use Oracle Wallet Manager (OWM) for creating a wallet with third party trusted certificate that can be imported into the 11g OMS setup. This certificate will be used for the following channels of communication:

- Grid Console to OMS
- Grid Control Agent to OMS.

This document is applicable only to EM 11g Grid Control.For EM 12c/13c, refer to document below
EM 13c, 12c: How to Configure the Enterprise Manager Management Service (OMS) with Secure Socket Layer (SSL) Certificates (Note 2202569.1)

Steps involved are:

1. Creating an auto-login (cwallet.sso) Wallet using OWM.
2. Securing the Console Access with the trusted certificates. 
3. Configuring OMS with new wallet and the trusted certificates.
4. Securing all the Grid Agents.

For importing third party trusted certificates into the Grid Agent URL, refer to the steps in
<Note 1357140.1>: Grid Agent Security: Steps to Import Third Party Certificate into the Grid Agent URL.

Note:

1. There are multiple tools such as orapki, OWM, openssl etc available for creating a wallet with third party  certificates. The scope of this document is only the steps for OWM.
The steps for importing the wallet and certificates into the OMS / Console / Agent remain the same irrespective of the tool used to create the wallet.

2. There is a bug with 11.1.1.2.0 Oracle Wallet Manager (OWM) located in <MW_HOME>/Oracle_WT/bin of a 11g Grid Control installation and 11.2 OWM from a Database Home, which may cause ineffective SSO wallets to be generated. For details refer to
<Note 1221703.1>: Known Issues With Third Party Wallets and Oracle.

If the auto-login wallet (cwallet.sso) is created using these versions but cannot be opened without a password, the as a workaround, use OWM from any 10g or 11.1.0.x Database installation instead. Do not proceed unless you are sure that you have the correct OWM that generates valid SSO wallets.

Scope

Grid Control Administrators who wish to use third party certificates which are signed by well-known Certificate Authority, in the Grid Control product.
When the OMS is secured, the SSL certificates are self-generated (signed by Oracle Certificate Authority) by default and not signed by a trusted third party Certificate Authority. Accessing the OMS with the self-signed certifcate will result in 'Certificate Errors' in the browser as described in
<Note 437660.1>: Enterprise Manager Console UI: Accessing the Grid Console / DBConsole / Metric Browser shows Certificate Errors".

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 1. Creating an auto-login (cwallet.sso) Wallet using OWM
 2. Secure the Console to use the new Wallet
 3. Import the new wallet and the trusted certificates into the OMS
 
 4. Secure all the Agents communicating with this OMS
 Verification
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.