FAQ
We are running EM 10GR2 Grid Control on a Linux box and in trying to
use SSL, we realized that the default Oracle Cert does not work with
Firefox. So we decided to buy a new cert from Thawte and try to use it
instead of the default Oracle certificate. To our surprise we couldn't
get it to work and opened a TAR with Oracle. The response from Oracle
is that EM 10gR2 GridControl does not handle third-party certificates.

So if you have to use 10gR2 Grid Control(even the stand alone DB
console) in SSL mode, your cannot use Firefox. We are using IE and it
works but it is very surprising that the product does not support a
third-party certificate and your only option is to use the default
certificate that comes with it.

Please let me know if any of you have gotten EM 10GR2 Grid Control to
work with a third party certificate.

Thanks,
Sunil.

Search Discussions

  • Jurijs Velikanovs at Feb 27, 2006 at 3:28 am
    Hi Sunil,

    To my understanding EM 10GR2 Grid Control using nothing but AS
    10.1.2.0.2 as a HTTP engine.
    You need to follow the note 341904.1 to get SSL up and running.
    Only small problem here is the AS 10G R2 bug. Take a look on the Note:308027.1.
    Bur number is 4226254. I wasn't able to find detail information, as it
    is seems to be not published Oracle bug.

    If an Oracle Support analyst told you that Grid Control doesn't work
    with other certificate then provided by OCM, then it means that AS 10G
    R2 doesn't work with other certificates then OCM as well.
    I don't think that Oracle will live with that;) They definitely will
    provide the solution to fix AS 10G R2 and it will apply on Oracle Grid
    Control as well.

    I would suggest you, if you really would like to get GC SSL enables
    (with signed certificate by 3-d party), to go back to Oracle Support
    and ask to assist you with AS 10GR2 SSL enabling.

    PS I can be wrong, but this is like I see the issue. Please let us
    know how it will go for you.

    Jurijs
    On 2/25/06, Sunil Kanderi wrote:
    We are running EM 10GR2 Grid Control on a Linux box and in trying to
    use SSL, we realized that the default Oracle Cert does not work with
    Firefox. So we decided to buy a new cert from Thawte and try to use it
    instead of the default Oracle certificate. To our surprise we couldn't
    get it to work and opened a TAR with Oracle. The response from Oracle
    is that EM 10gR2 GridControl does not handle third-party certificates.

    So if you have to use 10gR2 Grid Control(even the stand alone DB
    console) in SSL mode, your cannot use Firefox. We are using IE and it
    works but it is very surprising that the product does not support a
    third-party certificate and your only option is to use the default
    certificate that comes with it.

    Please let me know if any of you have gotten EM 10GR2 Grid Control to
    work with a third party certificate.

    Thanks,
    Sunil.
    --
    http://www.freelists.org/webpage/oracle-l

    --
    Jurijs
    +44 7738 013090 (GMT)
    ============================================
    http://otn.oracle.com/ocm/jvelikanovs.html
    --
    http://www.freelists.org/webpage/oracle-l
  • Sunil Kanderi at Feb 28, 2006 at 8:39 pm
    Hi Jurijs:

    Thank you so much for your feedback and interest on this issue. I went
    through the metalink notes you mentioned and I was not quite sure if
    they really could be applied to EM 10GR2 Grid Control. Turning on SSL
    is done through emctl and opmn commands, slightly different than how
    the metalink notes indicated you turn on SSL for Application server.
    However you are correct in that Grid Control using nothing but AS
    10.1.2.0.2 as a HTTP engine. Part of turning on SSL also makes sure
    agents on each of the machines communicate with OMS using SSL, I am
    wondering if this agent communication is the reason why Oracle EM
    10GR2 Grid Control works only with the default certificates.

    Thanks again for your interest and help on this issue.

    Sunil.

    P.S: For your reference I am including the messages I got from SR. I
    am removing references to the analyst name.

    ACTION

    HI Sunil,

    We've gotten a response back from the developer that works with certificates:

    Sorry for the delay in responding to this.

    No, one cannot swap out the ewallet.p12 and b64*.txt files with the
    one containing ceritificates issued by third-party certificate authority.
    EM 10g dbconsole is NOT designed to work with certificates issued by
    3rd-party certificate authorities.

    Even EM 10gR2 GridControl does not handle such certificates.

    But, EM is planning to add such support in future release like 11g.

    Also, would it be possible to collect some details from the customer
    about how they would provide the certificates ?
    as a wallet with all required details?
    or a java key store with all required certificates ?
    or a certificate as b64 encoded file ? or some other format.

    This information would be very helpful in understanding the customer
    requirements.

    If you would like to supply details that can be passed on to the developer,
    I will pass them along.

    If I have your permission, I will close this SR.

    Best Regards,
    xxxxxx

    STATUS

    @CUS

    .

    23-FEB-06 07:42:45 GMT

    New info : SKANDERI :

    Does that mean that EM 10GR2 is unsupported on Firefox in a secure
    mode(SSL)? I had shown you yesterday on OWC that your default
    certificate is not working with Firefox. I want to get a confirmation
    from Oracle that 10G EM R2 is unsupported in an SSL mode on Firefox.

    Thanks,
    Sunil.

    23-FEB-06 19:11:09 GMT

    ACTION

    Hi Sunil,

    As the developer stated, 10gR2 does not support using a third-party
    certificate, and if Firefox does not accept the certificate that comes
    with 10gR2, then Firefox would be unsupported in SSL mode. It may be
    that some configuration of Firefox, to allow it to use the Oracle
    certificate,
    is possible, but you will have to check with Firefox to find out what
    the configuration may be. Otherwise, yes, in the current version of
    10gR2, Firefox will not be supported in SSL mode.

    I will now set this SR to inactive status.

    Regards,
    xxxxxx
    On 2/28/06, Jurijs Velikanovs wrote:
    I have logged an SR on that issue. I let you know how it will go.

    J.
    On 2/27/06, Jurijs Velikanovs wrote:
    Hi Sunil,

    To my understanding EM 10GR2 Grid Control using nothing but AS
    10.1.2.0.2 as a HTTP engine.
    You need to follow the note 341904.1 to get SSL up and running.
    Only small problem here is the AS 10G R2 bug. Take a look on the Note:308027.1.
    Bur number is 4226254. I wasn't able to find detail information, as it
    is seems to be not published Oracle bug.

    If an Oracle Support analyst told you that Grid Control doesn't work
    with other certificate then provided by OCM, then it means that AS 10G
    R2 doesn't work with other certificates then OCM as well.
    I don't think that Oracle will live with that;) They definitely will
    provide the solution to fix AS 10G R2 and it will apply on Oracle Grid
    Control as well.

    I would suggest you, if you really would like to get GC SSL enables
    (with signed certificate by 3-d party), to go back to Oracle Support
    and ask to assist you with AS 10GR2 SSL enabling.

    PS I can be wrong, but this is like I see the issue. Please let us
    know how it will go for you.

    Jurijs

    On 2/25/06, Sunil Kanderi wrote:
    We are running EM 10GR2 Grid Control on a Linux box and in trying to
    use SSL, we realized that the default Oracle Cert does not work with
    Firefox. So we decided to buy a new cert from Thawte and try to use it
    instead of the default Oracle certificate. To our surprise we couldn't
    get it to work and opened a TAR with Oracle. The response from Oracle
    is that EM 10gR2 GridControl does not handle third-party certificates.

    So if you have to use 10gR2 Grid Control(even the stand alone DB
    console) in SSL mode, your cannot use Firefox. We are using IE and it
    works but it is very surprising that the product does not support a
    third-party certificate and your only option is to use the default
    certificate that comes with it.

    Please let me know if any of you have gotten EM 10GR2 Grid Control to
    work with a third party certificate.

    Thanks,
    Sunil.
    --
    http://www.freelists.org/webpage/oracle-l


    --
    Jurijs
    +44 7738 013090 (GMT)
    ============================================
    http://otn.oracle.com/ocm/jvelikanovs.html

    --
    Jurijs
    +44 7738 013090 (GMT)
    ============================================
    http://otn.oracle.com/ocm/jvelikanovs.html
    --
    http://www.freelists.org/webpage/oracle-l

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
categoriesoracle
postedFeb 25, '06 at 5:42p
activeFeb 28, '06 at 8:39p
posts3
users2
websiteoracle.com

People

Translate

site design / logo © 2022 Grokbase