Securing OMS with Custom Certificates fail with error Invalid trusted cert (Doc ID 1938985.1)

Last updated on OCTOBER 26, 2014

Applies to:

Enterprise Manager Base Platform - Version 12.1.0.4.0 and later
Information in this document applies to any platform.

Symptoms

Securing OMS with third party certiifcfates fail and error below is reported in secure.log

$emctl secure oms -wallet /tools/oracle/home/oracle/wallets -trust_certs_loc /tools/oracle/home/oracle/certs/cert2.txt
Oracle Enterprise Manager Cloud Control 12c Release 4
Copyright (c) 1996, 2014 Oracle Corporation. All rights reserved.
Securing OMS... Started.
Enter Enterprise Manager Root (SYSMAN) Password :
Enter Agent Registration Password :
Securing OMS... Failed. Check the log /tools/oracle/product/12.1.0.4/em_1/gc_inst/em/EMGC_OMS1/sysman/log/secure.log

secure.log
-----------

2014-10-21 16:16:34,653 [main] INFO oms.SecureOMSCmds processSecureOMS.757 - Value of -host option: hostname
2014-10-21 16:16:34,653 [main] INFO oms.SecureOMSCmds processSecureOMS.759 - Is securing with virtual hostname? false
2014-10-21 16:16:34,654 [main] INFO oms.SecureOMSCmds processSecureOMS.782 - SSL Protocol : all -SSLv2
2014-10-21 16:16:34,655 [main] INFO oms.SecureOMSCmds processSecureOMS.791 - Key Strength specified: 0
2014-10-21 16:16:34,655 [main] INFO oms.SecureOMSCmds processSecureOMS.826 - OMS Server Name: EMGC_OMS1
2014-10-21 16:16:34,661 [main] INFO oms.SecureOMSCmds processSecureOMS.855 - Custom trust certificates location: /tools/oracle/home/oracle/certs/cert2.txt
2014-10-21 16:16:34,740 [main] ERROR oms.SecureOMSCmds validateCertsFile.1995 - Invalid trusted cert:
-----BEGIN CERTIFICATE-----
MIIEUzCCAzugAwIBAgISESctzBMhxSck/2/58DPTyLwuMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAkZSMRAwDgYDVQQKEwdDRURJQ0FNMRcwFQYDVQQLEw4wMDAyIDcyMzAwMTQ2NzEeMBwGA1UEAxMVQUMgSW50ZXJuZSBDYS1TZXJ2ZXVyMB4XDTE0MTAxNjA5MDU0MloXDTE3MTAxNTA5MDU0MlowbjELMAkGA
1UEBhMCRlIxDzANBgNVBAgTBkZSQU5DRTEOMAwGA1UEBxMFUGFyaXMxGzAZBgNVBAoTEkNSRURJVCBBR1JJQ09MRSBTQTEOMAwGA1UECxMFQ0EtQ1AxETAPBgNVBAMTCG9hb3hhcDAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCF1mECTml3AQ4bBoOIJelCAL2pGQlF7EXf/Z1KGriShDeRNMOhHbJ2YZWifO
ZuNsNFLdrfHYxCDc4tAZrh+aVysk/xAbLTLnzEpI6gLCxzS5kO3DzUhDeRNMOhHbJ2YZWifOZuNsNFLdrfHYxCDc4tAZrh+2AlFsl892kcq+PS9J9MozI2Fj0ewyk3wz2PUpY38Wbr6Qxo3XyrsD2fMswIDAQABo4IBgzCCAX8wsl892kcq+DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIK
wYBBQUHAwIGCCsGAQUFBwMBMGEGA1UdIARaMFgwVgYNKoF6AWgDAQEBAQYBATBFMEMGCCsGAQUFBwIBFjdodHRwOi8vd3d3LmNhLWNlcnRpZmljYXQuY29tL1BDLzA2Y2xpZW50L0NBX1NlcnZldXIucGRmMIGcBgNVHR8EgZQwgZEwgY6ggYuggYiGQ2h0dHA6Ly9jcmwuY2EtY2VydGlmaWNhdC5jb20vQ1JFRElUX0
FHUklDT0xFL0FDaW50ZXJuZUNBU2VydmV1ci5jcmyGQWh0dHA6Ly9jcmxkcC5pcmlzLmNyZWRpdC1hZ3JpY29sZS5mci9BQ2ludGVybmVDQVNlcnZldXIvTGF0ZXN0Q1JMMB0GA1UdDgQWBBS5Bb4D9DUxQ9ePyC2MNxtuDZZftzAfBgNVHSMEGDAWgBTBfMd9Hjb9J1QoICMmN2Q9BchoFzANBgkqhkiG9w0BAQUFAAO
CAQEAOBTqkV1TUZ3fGVkTga7G6woAtDNXAwMcEx3m8oaAejKGPeOTrzOfZL6iV2FePstt/W2f8Uf+a/RIsDMDaUR2TLi3Qfy7+U1csEpWueh2QxR8CEm9RooKcFjOhvw1AGeY0urH244UbZ7+X0766yOQsDMDaUR2TLi3Qfy7+U1csEpWueh2QxR8CEm9RooKcFjOhvw1AGeY0urH244UbZ7+1ebrHu8VHZK8ChFpJI92
bOA7xr6uv/cTihZ5BI4VLMifCo14XYfviOdI7rHqHvel4ihnx/lEBbsF4WOWNn5+RGJyrTWDkL6DEDa5nDpjyvEEGrd0hl3I6Ae/Fc6+roVgDaChAgVbm7rAVIBz0BWj3CPvNn5+4+9VqNJBLez64Hu5O9nTCapz1Yub8pe+uMzuTc+JYQ==
-----END CERTIFICATE-----
2014-10-21 16:16:34,741 [main] ERROR oms.SecureOMSCmds validateCertsFile.1996 - Following exception was caught was validating it:
oracle.security.crypto.asn1.ASN1FormatException: Got tag 21 instead of an ASN.1 string type.
at oracle.security.crypto.asn1.ASN1String.a(Unknown Source)
at oracle.security.crypto.asn1.ASN1String.input(Unknown Source)
at oracle.security.crypto.asn1.ASN1String.<init>(Unknown Source)
at oracle.security.crypto.asn1.ASN1Utils.inputASN1Object(Unknown Source)
at oracle.security.crypto.asn1.ASN1Sequence.input(Unknown Source)
at oracle.security.crypto.asn1.ASN1Sequence.<init>(Unknown Source)
at oracle.security.crypto.cert.X509.input(X509.java:550)
at oracle.security.crypto.cert.X509.<init>(X509.java:142)
at oracle.security.crypto.cert.X509.<init>(X509.java:191)
at oracle.sysman.emctl.secure.oms.SecureOMSCmds.validateCertsFile(SecureOMSCmds.java:1991)
at oracle.sysman.emctl.secure.oms.SecureOMSCmds.processSecureOMS(SecureOMSCmds.java:860)
at oracle.sysman.emctl.secure.oms.SecureOMSCmds.main(SecureOMSCmds.java:668)
2014-10-21 16:16:34,743 [main] ERROR oms.SecureOMSCmds processSecureOMS.1655 - Securing of OMS failed with following error:
java.lang.Exception: Trusted certificates file has invalid content.
It should contain only certificates in Base64 format and should not have special characters and comments.

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms