RE: em db
- From: "Patterson, Joel" <jpatterson@xxxxxxxxxx>
- To: "fuzzy.graybeard@xxxxxxxxx" <fuzzy.graybeard@xxxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 11 Apr 2013 13:11:05 -0400
You have to use a supported browsers. Firefox or IE8 -- although I have heard
IE8 has not worked for some -- but probably just gave up after using firefox.
Microsoft security moved forward and required 1024 bit RSA keys -- and hence
unless you are in the certificate game you are using the default certificates
created upon installations of EM.
Here are some notes gleaned together to help while the Metalink site is down:
Explanation from Crowley support
Revision Note: V2.0 (October 9, 2012): Revised advisory to rerelease the
KB2661254 update for Windows XP and to announce that the KB2661254 update for
all supported releases of Microsoft Windows is now offered through automatic
updating. Customers who previously applied the KB2661254 update do not need to
take any action. See advisory FAQ for details.
Summary: Microsoft is announcing the availability of an update to Windows that
restricts the use of certificates with RSA keys less than 1024 bits in length.
The private keys used in these certificates can be derived and could allow an
attacker to duplicate the certificates and use them fraudulently to spoof
content, perform phishing attacks, or perform man-in-the-middle attacks.
Directions below are for Windows 7 but I think they will work for Vista as well.
Click Start > then type appwiz.cpl in the search programs and files and press
ok.
Once you see the uninstall or change a program window open type KB2661254 in
the search Programs and Features window, upper right hand corner
KB2661254 will be the only patch now listed, click uninstall and follow the
prompts.
###########################
Use Supported Brower, IE9 not supported.
Run IE9 in IE8 compatibility mode?
http://answers.yahoo.com/question/index?qid=20110618201253AAfQZOm.
If a fix or a required patch is not available, the only secured workaround is
to use another Certified Browser than Internet Explorer.
Reference notes 437660.1 and it leads to Firefox note 1109427.1 for navigating
through the certificate messages using IE and Firefox.
Check My Oracle Support Certifications tab for certified browsers:
Document 406906.1 - Understanding Enterprise Manager Certification (Certify) in
My Oracle Support.
You have also the option to unsecure the DB Control or Grid Control console if
your Internal Security Policy allows it.
work a rounds in the note 1498203.1 that you can try if you do not wish to use
a supported browser
Microsoft stress that this is a temporary workaround. See their website for
full details:-
http://support.microsoft.com/kb/2661254
Go to section "Allow key lengths of less than 1024 bits by using registry
settings"
There are a choice of workaround listed here. The first involves updating the
registry as follows.
1) backup the registry
2) At the command prompt run the command:-
certutil -setreg chain\minRSAPubKeyBitLength 512
This adds an extra key (MinRsaPubKeyBitLength) to the registry:-
eg.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType
0\CertDLLCreateCertificateChainEngine\Config\MinRsaPubKeyBitLength
It is not necessary to restart the machine. This will allow access to the
Enterprise Manager console.
Note that this command can be reversed by using:-
certutil -delreg chain\MinRsaPubKeyBitLength
they also list some other options, so it is worth visiting their website.
Joel Patterson
Database Administrator
904 928-2790
--
Joel Patterson
Sr. Database Administrator | Enterprise Integration
Phone: 904-928-2790 | Fax: 904-733-4916
http://www.entint.com/
http://www.entint.com/
http://www.facebook.com/pages/Enterprise-Integration/212351215444231
http://twitter.com/#!/entint http://www.linkedin.com/company/18276?trk=tyah
http://www.youtube.com/user/ValueofIT
This message (and any associated files) is intended only for the use
of the addressee and may contain information that is confidential,
subject to copyright or constitutes a trade secret. If you are not the
intended recipient, you are hereby notified that any dissemination,
copying or distribution of this message, or files associated with this
message, is strictly prohibited. If you have received this message in
error, please notify us immediately by replying to the message and
deleting it from your computer. Messages sent to and from us may be
monitored. Any views or opinions presented are solely those of the
author and do not necessarily represent those of the company. [v.1.1]
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Hans Forbrich
Sent: Wednesday, April 10, 2013 4:59 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: Re: em db
The default certificate is old and self-signed.
You can tell your *browser* to allow an exception to get going, but you really
want to fix this, consider looking through the MOS note 1498302.1 ... yes I
know it discusses IE, but it does give you the background.
/Hans
On 10/04/2013 2:28 PM, Zelli, Brian wrote:
> I just loaded oracle 11g on a HPUX server, created a little database and I
> checked to make sure the dbconsole and agent are running but when I put in
> the URL, I get:
> "There is a problem with this website's security certificate"
> So is the error on the server side or the browser side and how do I fix this?
> I googled but can't seem to gt the right answer......
>
> ciao,
> Brian
>
>
>
> This email message may contain legally privileged and/or confidential
> information. If you are not the intended recipient(s), or the employee or
> agent responsible for the delivery of this message to the intended
> recipient(s), you are hereby notified that any disclosure, copying,
> distribution, or use of this email message is prohibited. If you have
> received this message in error, please notify the sender immediately by
> e-mail and delete this email message from your computer. Thank you.
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
