My Oracle Support Banner

EM 11g: Using ORAPKI Utility to Create a Wallet with Third Party Trusted Certificate and Import into the Enterprise Manager 11g Grid Control OMS (Doc ID 1367988.1)

Last updated on OCTOBER 28, 2019

Applies to:

Enterprise Manager Base Platform - Version 11.1.0.1 to 11.1.0.1 [Release 11.1]
Information in this document applies to any platform.

Purpose

This document explains how to use ORAPKI Utility for creating a wallet with third party trusted certificate that can be imported into the Enterprise Manager (EM) 11g Grid Control OMS setup.
This certificate will be used for the following channels of communication:

- Grid Console to OMS
- Grid Control Agent to OMS.

Steps involved are:

1. Creating an auto-login (cwallet.sso) wallet using ORAPKI.
2. Securing the Console access to use new wallets.
3. Configuring OMS with new wallet and the trusted certificates.
4. Securing all the Grid Control Agents.

This document is applicable only to EM 11g Grid Control. For EM 12c and 13c, refer to this document:

<Note 2202569.1> EM 13c, 12c: How to Configure the Enterprise Manager Management Service (OMS) with Secure Socket Layer (SSL) Certificates

 

For importing third party trusted certificated into OMS using Oracle Wallet Manager, refer the following note:
Grid Control 11g

<Note:1208949.1> - Using Oracle Wallet Manager to Create a Wallet with Third Party Trusted Certificate and Importing into OMS 

 
For importing third party trusted certificates into the 11g Grid Agent URL, refer to the steps in

<Note:1357140.1> - Steps to Import Third Party Certificate into the Grid Agent URL.


Note:

1. There are multiple tools / methods such as orapki, OWM, etc available for creating a wallet with third party / self-signed certificates. The scope of this document is only the steps for ORAPKI. The steps for importing the wallet and certificates into the OMS / Console / Agent remain the same irrespective of the tool used to create the wallet.

2. Wildcard certificates and SAN (subject alternate name) certificates are not supported.

3.Certificates signed with SHA2 Algorithm(SHA 256, SHA 512) are supported only with OEM 12c . OEM 11g does not support certificates signed with SHA2 algorithm 

Scope

Grid Control Administrators who wish to use third party certificates which are signed by well-known Certificate Authority, in the Grid Control product.
When the OMS is secured, the SSL certificates are self-generated (signed by Oracle Certificate Authority) by default and not signed by a trusted third party Certificate Authority. Accessing the OMS with the self-signed certificate will result in 'Certificate Errors' in the browser as described in following note:
<Note:437660.1> - Accessing the Grid Console / DBConsole / Metric Browser shows Certificate Errors".

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 
 1. Creating an auto-login (cwallet.sso) wallet using ORAPKI
 2. Secure the Console to use the new wallet
 3. Import the new wallet and the trusted certificates into the OMS
 4. Secure all the Agents communicating with this OMS
 5. Verification
 6. How to rollback the OMS to default EM demo certificates
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.