Configuring SSL on Enterprise Manager and the SLB (Release 12.1.0.2 and later)
From: http://docs.oracle.com/html/E24089_42/ha_setup.htm#sthref833
If the SLB is configured to use Third-Party/Custom SSL certificates, you must ensure that the CA certificates are properly configured in order for the trust relationship to be maintained between the Agent, SLB, and the OMS. Specifically, the following must be carried out:
Import the CA certificates of the SLB into the OMS trust store.
Copy the Enterprise Manager CA certificates to the trust store of the SLB
Enterprise Manager uses the default Enterprise Manager certificates and not the Custom certificates. In order for Agents to upload information successfully to the OMS through the SLB, these custom trusted certificates need to be copied/imported to the trust store of the OMS and AgentsThe following procedures illustrate the process used to secure the 12c OMS and Agent when an SLB is configured with Third Party/Custom SSL certificates.
Verifying the SSL Certificate used at the SLB
Perform the following steps to determine whether the SLB is using different certificates than the OMS:
To check the certificate chain used by any URL, run the following command:
<OMS_HOME>/bin>./emctl secdiag openurl -url <HTTPS URL>
To check the certificates used by the SLB URL, run the following command:
<OMS_HOME>/bin>./emctl secdiag openurl -url https://<SLB Hostname>:<HTTPS Upload port>/empbs/upload
To check the certificates used by the OMS URL, run the following command:
<OMS_HOME>/bin>./emctl secdiag openurl -url https://<OMS Hostname>:<HTTPS Upload port>/empbs/upload
If the default Enterprise Manager self-signed certificates are used in the SLB, the output of both the commands will appear as follows:
Issuer : CN=<OMS Hostname>, C=US, ST=CA, L=EnterpriseManager on <OMS Hostname>, OU=EnterpriseManager on <OMS Hostname>, O=EnterpriseManager on <OMS Hostname>
If a custom or self-signed SSL certificate is used in the SLB, then output of the command executed with the SLB Name will provide details shown here:
Issuer : CN=Entrust Certification Authority - L1C, OU="(c) 2014 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US
In this example, the SLB is using the custom certificate (CN=Entrust Certification Authority - L1C, OU="(c) 2014 Entrust, Inc."), which needs to be imported as trusted certificate into the OMS.
If OpenSSL is available on the OS, you can also check the value of CN by running the following command:
$openssl s_client -connect <HOSTNAME>:<PORT>
Importing the SSL Certificate of the SLB to the Trust Store of the OMS and Agent
Export the SLB certificate in base64 format to a text file named:
customca.txt
.Secure the OMS:
cd <OMS_HOME>/bin>
./emctl secure oms -host <SLB Host name> -secure_port <HTTPS Upload Port> -slb_port <SLB upload Port> -slb_console_port <SLB Console port> -console -trust_certs_loc <path to customca.txt>
Note:
All the OMS's behind the SLB need to be secured using the emctl secure oms command.
The CA certificate of the OMS is present in the
<EM_INSTANCE_HOME>/em/EMGC_OMS1/sysman/config/b64LocalCertificate.txt
file and needs to be copied to the SSL trust store of the SLB.Restart all the OMS:
cd <OMS_HOME>/bin
emctl stop oms -all
emctl start oms
Secure all the Agents pointing to this Enterprise Manager setup:
cd <AGENT_HOME>/bin
./emctl secure agent –emdWalletSrcUrl <SLB Upload URL>
Configuring SSL on Enterprise Manager and the SLB (Release 12.1.0.2 and later)的更多相关文章
- DBA_Oralce Enterprise Manager OEM管理应用介绍(案例)
2014-08-16 BaoXinjian
- 安装Oracle 11G Enterprise Manager工具
1.登录ORACLE数据库 sqlplus / as sysdba; 2.查询实例名 SQL> select instance_name from v$instance; INSTANCE_NA ...
- Oracle Enterprise Manager Cloud Control 12c R4 安装配置
准备软件 em12.1.0.4_linux64_V45344-01.zip em12.1.0.4_linux64_V45345-01.zip em12.1.0.4_linux64_V45346-01. ...
- Configuring SSL for SAP Host Agent on UNIX
https://help.sap.com/viewer/141cbf7f183242b0ad0964a5195b24e7/114/en-US/8d12f7b9244b44219bd14d619d3a2 ...
- oracle 11g Enterprise Manager配置失败
Enterprise Manager以下简称em,Database Configuration Assistant简称DBCA. 病症 监听程序未启动或数据库服务未注册到该监听程序.启动该监听程序并注 ...
- Oracle Enterprise Manager打不开的解决方法
之前OEM一直可以打开,但今天上班发现打不开了,输入http://localhost:1158/em 提示该网页无法打开. 那么检查一下: cmd进命令行 C:\Documents and Setti ...
- Oracle DB 通过 Oracle Enterprise Manager注册要使用的恢复目录
通过 Oracle Enterprise Manager 注册要使用的恢复目录. a) 在 EM 中,导航到“Availability > Recovery Catalog Setting ...
- 【oracle】Enterprise Manager 无法连接到数据库实例。下面列出了组件的状态---个人解决方案
最近在学习Oracle,平常喜欢使用EM查看数据库状态,但是在最近突然发现EM连接不上Oracle数据库了,不知道问题出在哪里,只好卸载了重装.但是,在使用了几天以后,又出现了相同的问题,于是下决心将 ...
- Oracle Enterprise Manager快速重建
我们在使用Oracle时, 可以利用Oracle自带的EM(Enterprise Manager)来更方便的管理我们的数据库.但是有时候我们的em却有时候无法连接,造成这个问题的原因有好多,例如没有正 ...
随机推荐
- Android自定义用户控件简单范例(二)
对于完全由后台定制的控件,并不是很方便其他人的使用,因为我们常常需要看到控件放到xml界面上的效果,并根据效果进行布局的调整,这就需要一个更加标准的控件制作流程: 我们的自定义控件和其他的控件一样,应 ...
- excel 字符串拼接 添加 超链接
=HYPERLINK("http://"&C2,"http://"&C2)
- Android SDK中的Support兼容包详解
这篇文章主要介绍了Android SDK中的Support兼容包详解,本文详细区分了Support Library的版本区别.各种Theme的概念和使用注意事项等内容,需要的朋友可以参考下 背景 来自 ...
- 树的遍历 迭代算法——思路:初始化stack,pop stack利用pop的node,push new node to stack,可以考虑迭代一颗树 因为后序遍历最后还要要访问根结点一次,所以要访问根结点两次是难点
144. Binary Tree Preorder Traversal Given a binary tree, return the preorder traversal of its nodes' ...
- 【线程安全】—— 单例类双重检查加锁(double-checked locking)
1. 三个版本单例类的实现 版本1:经典版 public class Singleton { public static Singleton getInstance() { if (instance ...
- hibernate中id中的 precision 和 scale 作用
转自:https://www.cnblogs.com/IT-Monkey/p/4077570.html <hibernate-mapping> <class name=&qu ...
- [Swift通天遁地]六、智能布局-(8)布局框架的使用:多分辨率适配和横竖屏布局
★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★★➤微信公众号:山青咏芝(shanqingyongzhi)➤博客园地址:山青咏芝(https://www.cnblogs. ...
- SpringBoot集成Mybatis配置动态数据源
很多人在项目里边都会用到多个数据源,下面记录一次SpringBoot集成Mybatis配置多数据源的过程. pom.xml <?xml version="1.0" encod ...
- PHP电影小爬虫(2)
学习了别人的爬虫后自己改的一个,算是又回顾了一下php的使用 我们来利用simple_html_dom的采集数据实例,这是一个PHP的库,上手很容易.simple_html_dom 可以很好的帮助我们 ...
- “浪潮杯”第九届山东省ACM大学生程序设计竞赛重现赛 C-Cities
题目描述:There are n cities in Byteland, and the ith city has a value ai. The cost of building a bidirec ...