Thank you so much for your feedback and interest on this issue. I went
through the metalink notes you mentioned and I was not quite sure if
they really could be applied to EM 10GR2 Grid Control. Turning on SSL
is done through emctl and opmn commands, slightly different than how
the metalink notes indicated you turn on SSL for Application server.
However you are correct in that Grid Control using nothing but AS
10.1.2.0.2 as a HTTP engine. Part of turning on SSL also makes sure
agents on each of the machines communicate with OMS using SSL, I am
wondering if this agent communication is the reason why Oracle EM
10GR2 Grid Control works only with the default certificates.
Thanks again for your interest and help on this issue.
P.S: For your reference I am including the messages I got from SR. I
am removing references to the analyst name.
We've gotten a response back from the developer that works with certificates:
Sorry for the delay in responding to this.
No, one cannot swap out the ewallet.p12 and b64*.txt files with the
one containing ceritificates issued by third-party certificate authority.
EM 10g dbconsole is NOT designed to work with certificates issued by
3rd-party certificate authorities.
Even EM 10gR2 GridControl does not handle such certificates.
But, EM is planning to add such support in future release like 11g.
Also, would it be possible to collect some details from the customer
about how they would provide the certificates ?
as a wallet with all required details?
or a java key store with all required certificates ?
or a certificate as b64 encoded file ? or some other format.
This information would be very helpful in understanding the customer
If you would like to supply details that can be passed on to the developer,
I will pass them along.
If I have your permission, I will close this SR.
23-FEB-06 07:42:45 GMT
New info : SKANDERI :
Does that mean that EM 10GR2 is unsupported on Firefox in a secure
mode(SSL)? I had shown you yesterday on OWC that your default
certificate is not working with Firefox. I want to get a confirmation
from Oracle that 10G EM R2 is unsupported in an SSL mode on Firefox.
23-FEB-06 19:11:09 GMT
As the developer stated, 10gR2 does not support using a third-party
certificate, and if Firefox does not accept the certificate that comes
with 10gR2, then Firefox would be unsupported in SSL mode. It may be
that some configuration of Firefox, to allow it to use the Oracle
is possible, but you will have to check with Firefox to find out what
the configuration may be. Otherwise, yes, in the current version of
10gR2, Firefox will not be supported in SSL mode.
I will now set this SR to inactive status.
On 2/28/06, Jurijs Velikanovs wrote:
I have logged an SR on that issue. I let you know how it will go.
On 2/27/06, Jurijs Velikanovs wrote:
To my understanding EM 10GR2 Grid Control using nothing but AS
10.1.2.0.2 as a HTTP engine.
You need to follow the note 341904.1 to get SSL up and running.
Only small problem here is the AS 10G R2 bug. Take a look on the Note:308027.1.
Bur number is 4226254. I wasn't able to find detail information, as it
is seems to be not published Oracle bug.
If an Oracle Support analyst told you that Grid Control doesn't work
with other certificate then provided by OCM, then it means that AS 10G
R2 doesn't work with other certificates then OCM as well.
I don't think that Oracle will live with that;) They definitely will
provide the solution to fix AS 10G R2 and it will apply on Oracle Grid
Control as well.
I would suggest you, if you really would like to get GC SSL enables
(with signed certificate by 3-d party), to go back to Oracle Support
and ask to assist you with AS 10GR2 SSL enabling.
PS I can be wrong, but this is like I see the issue. Please let us
know how it will go for you.
On 2/25/06, Sunil Kanderi wrote:
We are running EM 10GR2 Grid Control on a Linux box and in trying to
use SSL, we realized that the default Oracle Cert does not work with
Firefox. So we decided to buy a new cert from Thawte and try to use it
instead of the default Oracle certificate. To our surprise we couldn't
get it to work and opened a TAR with Oracle. The response from Oracle
is that EM 10gR2 GridControl does not handle third-party certificates.
So if you have to use 10gR2 Grid Control(even the stand alone DB
console) in SSL mode, your cannot use Firefox. We are using IE and it
works but it is very surprising that the product does not support a
third-party certificate and your only option is to use the default
certificate that comes with it.
Please let me know if any of you have gotten EM 10GR2 Grid Control to
work with a third party certificate.
+44 7738 013090 (GMT)