EM 13.2: SHA2 Certificate Pre-upgrade Verification for Enterprise Manager Cloud Control OMS and Agent
(Doc ID 2179909.1)
Last updated on OCTOBER 25, 2019
Applies to:Enterprise Manager Base Platform - Version 188.8.131.52.0 to 184.108.40.206.0 [Release 12.1 to 13c]
Information in this document applies to any platform.
Prior to Enterprise Manager (EM) 13.2 Cloud Control, environments can be configured with MD5 certificates for secure communication between agents and OMS, between agents and targets, and between OMS and targets. Though Enterprise Manager 13.2 will continue to support these MD5 configurations, the support may be discontinued in a subsequent release.
In order to tighten security, new version of JDK, 7u111, no longer supports X.509 certificates containing MD5-based digital signature algorithm. Enterprise Manager 13.2 will use this version of JDK. MD5-based certificates will be honored if you are upgrading OMS and agents from previous versions of Enterprise Manager. However MD5-based certificates will not be supported for fresh installation of Enterprise Manager 13.2 components.The future releases of Enterprise Manager will de-support the MD5 usage for upgrade as well. It is highly recommended that you follow the steps in this article to address the environment if MD5-based X.509 certificates are configured.
You can check the current JDK version in the OMS and agent home using the command "java -version" from oracle_common/jdk/bin directory under OMS Middleware home and Agent home. For the mechanisms to detect the presence of MD5-based certificates and remedy, please follow the steps below. You must perform these actions prior to upgrading to Enterprise Manager 13.2 or before applying any patch that upgrades the JDK to 7u111.
This article is intended for anyone planning to upgrade EM 220.127.116.11, 18.104.22.168 or 22.214.171.124.0 to EM 13.2
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document