EM 11g: Using ORAPKI Utility to Create a Wallet with Third Party Trusted Certificate and Import into the Enterprise Manager 11g Grid Control OMS
(Doc ID 1367988.1)
Last updated on OCTOBER 28, 2019
Applies to:Enterprise Manager Base Platform - Version 22.214.171.124 to 126.96.36.199 [Release 11.1]
Information in this document applies to any platform.
This document explains how to use ORAPKI Utility for creating a wallet with third party trusted certificate that can be imported into the Enterprise Manager (EM) 11g Grid Control OMS setup.
This certificate will be used for the following channels of communication:
- Grid Console to OMS
- Grid Control Agent to OMS.
Steps involved are:
1. Creating an auto-login (cwallet.sso) wallet using ORAPKI.
2. Securing the Console access to use new wallets.
3. Configuring OMS with new wallet and the trusted certificates.
4. Securing all the Grid Control Agents.
<Note 2202569.1> EM 13c, 12c: How to Configure the Enterprise Manager Management Service (OMS) with Secure Socket Layer (SSL) Certificates
For importing third party trusted certificated into OMS using Oracle Wallet Manager, refer the following note:
Grid Control 11g
<Note:1208949.1> - Using Oracle Wallet Manager to Create a Wallet with Third Party Trusted Certificate and Importing into OMS
<Note:1357140.1> - Steps to Import Third Party Certificate into the Grid Agent URL.
1. There are multiple tools / methods such as orapki, OWM, etc available for creating a wallet with third party / self-signed certificates. The scope of this document is only the steps for ORAPKI. The steps for importing the wallet and certificates into the OMS / Console / Agent remain the same irrespective of the tool used to create the wallet.
2. Wildcard certificates and SAN (subject alternate name) certificates are not supported.
3.Certificates signed with SHA2 Algorithm(SHA 256, SHA 512) are supported only with OEM 12c . OEM 11g does not support certificates signed with SHA2 algorithm
Grid Control Administrators who wish to use third party certificates which are signed by well-known Certificate Authority, in the Grid Control product.
When the OMS is secured, the SSL certificates are self-generated (signed by Oracle Certificate Authority) by default and not signed by a trusted third party Certificate Authority. Accessing the OMS with the self-signed certificate will result in 'Certificate Errors' in the browser as described in following note:
<Note:437660.1> - Accessing the Grid Console / DBConsole / Metric Browser shows Certificate Errors".
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|1. Creating an auto-login (cwallet.sso) wallet using ORAPKI|
|2. Secure the Console to use the new wallet|
|3. Import the new wallet and the trusted certificates into the OMS|
|4. Secure all the Agents communicating with this OMS|
|6. How to rollback the OMS to default EM demo certificates|