EM 13.2: SHA2 Certificate Pre-upgrade Verification for Enterprise Manager Cloud Control OMS and Agent (Doc ID 2179909.1)

Last updated on OCTOBER 18, 2022

Applies to:

Purpose

Prior to Enterprise Manager (EM) 13.2 Cloud Control, environments can be configured with MD5 certificates for secure communication between agents and OMS, between agents and targets, and between OMS and targets. Though Enterprise Manager 13.2 will continue to support these MD5 configurations, the support may be discontinued in a subsequent release.

In order to tighten security, new version of JDK, 7u111, no longer supports X.509 certificates containing MD5-based digital signature algorithm. Enterprise Manager 13.2 will use this version of JDK. MD5-based certificates will be honored if you are upgrading OMS and agents from previous versions of Enterprise Manager. However MD5-based certificates will not be supported for fresh installation of Enterprise Manager 13.2 components.The future releases of Enterprise Manager will de-support the MD5 usage for upgrade as well. It is highly recommended that you follow the steps in this article to address the environment if MD5-based X.509 certificates are configured.

You can check the current JDK version in the OMS and agent home using the command "java -version" from oracle_common/jdk/bin directory under OMS Middleware home and Agent home. For the mechanisms to detect the presence of MD5-based certificates and remedy, please follow the steps below. You must perform these actions prior to upgrading to Enterprise Manager 13.2 or before applying any patch that upgrades the JDK to 7u111.

Scope

 This article is intended for anyone planning to upgrade EM 12.1.0.4, 12.1.0.5 or 13.1.0.0.0 to EM 13.2

Details

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.