Re: SSL support for EM 10GR2 Grid Control [SOLUTION]

• From: "Jurijs Velikanovs" <j.velikanovs@xxxxxxxxx>
• To: "Sunil Kanderi" <sunil.kanderi@xxxxxxxxx>
• Date: Fri, 21 Apr 2006 19:15:08 +0100

Hello everyone,

Eventually I have configured Grid Control Web Site with a third party
signed certificate (wallet).
The solution listened below:

1. Generate Wallet using OWM + Sign it using third party (You can use
tail from http://www.verisign.com or others, I have used openssl)
I would recommend use "auto loggon" option from the OWM "File" menu.

2. Adjust a OGC configuration
vi $OGC_HOME/oms10g/sysman/config/httpd_em.conf
# Comment this tow lines
#  SSLWallet 
file:/app/app/ora99/product/oms10g/sysman/wallets/oms.ddsg2dborac3b.solihull.gov.uk
#  SSLWalletPassword
05E696300A46CC0E1B27F5387893D056E7FFC8C27F180942A4C0F4D0AF8CD5619CC91ADFD3BDF7BCF785C3F2AAB54F3238
# Put this line instead
SSLWallet file:<wallet directory>

3. Restart OGC
/etc/init.d/gcstartup stop
/etc/init.d/gcstartup start


4. Access SSL the port of Grid Control
https://<host>:1159/em/console/home

I will post how to setup openssl in the way acceptable for OracleAS in
the next mail.

Enjoy,
Yury

PS This is solution just for a communication between OGC Web Site and
a Client PC.
Let me know if you need assistance in others components communication setup.

On 3/14/06, Sunil Kanderi <sunil.kanderi@xxxxxxxxx> wrote:
> Jurijs:
>
> Just curious to know the status of SR. Wondering if you have gotten a
> different response from Oracle than what I got.
>
> Thanks,
> Sunil.
>
>
> On 2/28/06, Jurijs Velikanovs <j.velikanovs@xxxxxxxxx> wrote:
> > I have logged an SR on that issue. I let you know how it will go.
> >
> > J.
> >
> > On 2/27/06, Jurijs Velikanovs <j.velikanovs@xxxxxxxxx> wrote:
> > > Hi Sunil,
> > >
> > > To my understanding EM 10GR2 Grid Control using nothing but AS
> > > 10.1.2.0.2 as a HTTP engine.
> > > You need to follow the note 341904.1 to get SSL up and running.
> > > Only small problem here is the AS 10G R2 bug. Take a look on the Note:
> 308027.1.
> > > Bur number is 4226254. I wasn't able to find detail information, as it
> > > is seems to be not published Oracle bug.
> > >
> > > If an Oracle Support analyst told you that Grid Control doesn't work
> > > with other certificate then provided by OCM, then it means that AS 10G
> > > R2 doesn't work with other certificates then OCM as well.
> > > I don't think that Oracle will live with that ;) They definitely will
> > > provide the solution to fix AS 10G R2 and it will apply on Oracle Grid
> > > Control as well.
> > >
> > > I would suggest you, if you really would like to get GC SSL enables
> > > (with signed certificate by 3-d party), to go back to Oracle Support
> > > and ask to assist you with AS 10GR2 SSL enabling.
> > >
> > > PS I can be wrong, but this is like I see the issue. Please let us
> > > know how it will go for you.
> > >
> > > Jurijs
> > >
> > >
> > > On 2/25/06, Sunil Kanderi <sunil.kanderi@xxxxxxxxx> wrote:
> > > > We are running EM 10GR2 Grid Control on a Linux box and in trying to
> > > > use SSL, we realized that the default Oracle Cert does not work with
> > > > Firefox. So we decided to buy a new cert from Thawte and try to use it
> > > > instead of the default Oracle certificate. To our surprise we couldn't
> > > > get it to work and opened a TAR with Oracle. The response from Oracle
> > > > is that EM 10gR2 GridControl does not handle third-party certificates.
> > > >
> > > > So if you have to use 10gR2 Grid Control(even the stand alone DB
> > > > console) in SSL mode, your cannot use Firefox. We are using IE and it
> > > > works but it is very surprising that the product does not support a
> > > > third-party certificate and your only option is to use the default
> > > > certificate that comes with it.
> > > >
> > > > Please let me know if any of you have gotten EM 10GR2 Grid Control to
> > > > work with a third party certificate.
> > > >
> > > > Thanks,
> > > > Sunil.
> > > > --
> > > > //www.freelists.org/webpage/oracle-l
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Jurijs
> > > +44 7738 013090 (GMT)
> > > ============================================
> > > http://otn.oracle.com/ocm/jvelikanovs.html
> > >
> >
> >
> > --
> > Jurijs
> > +44 7738 013090 (GMT)
> > ============================================
> > http://otn.oracle.com/ocm/jvelikanovs.html
> >
>
>


--
Jurijs
+44 7738 013090 (GMT)
============================================
http://otn.oracle.com/ocm/jvelikanovs.html
--
//www.freelists.org/webpage/oracle-l

Other related posts:

• » Re: SSL support for EM 10GR2 Grid Control [SOLUTION]

1. Home
2. oracle-l
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---