Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: SSL support for EM 10GR2 Grid Control

Re: SSL support for EM 10GR2 Grid Control

From: Sunil Kanderi <>
Date: Tue, 28 Feb 2006 14:39:36 -0600
Message-ID: <>

Hi Jurijs:

Thank you so much for your feedback and interest on this issue. I went through the metalink notes you mentioned and I was not quite sure if they really could be applied to EM 10GR2 Grid Control. Turning on SSL is done through emctl and opmn commands, slightly different than how the metalink notes indicated you turn on SSL for Application server. However you are correct in that Grid Control using nothing but AS as a HTTP engine. Part of turning on SSL also makes sure agents on each of the machines communicate with OMS using SSL, I am wondering if this agent communication is the reason why Oracle EM 10GR2 Grid Control works only with the default certificates.

Thanks again for your interest and help on this issue.


P.S: For your reference I am including the messages I got from SR. I am removing references to the analyst name.


HI Sunil,

We've gotten a response back from the developer that works with certificates:

Sorry for the delay in responding to this.

No, one cannot swap out the ewallet.p12 and b64*.txt files with the one containing ceritificates issued by third-party certificate authority. EM 10g dbconsole is NOT designed to work with certificates issued by 3rd-party certificate authorities.

Even EM 10gR2 GridControl does not handle such certificates.

But, EM is planning to add such support in future release like 11g.

Also, would it be possible to collect some details from the customer about how they would provide the certificates ? as a wallet with all required details?
or a java key store with all required certificates ? or a certificate as b64 encoded file ? or some other format.

This information would be very helpful in understanding the customer requirements.

If you would like to supply details that can be passed on to the developer, I will pass them along.

If I have your permission, I will close this SR.

Best Regards,



23-FEB-06 07:42:45 GMT New info : SKANDERI :

Does that mean that EM 10GR2 is unsupported on Firefox in a secure mode(SSL)? I had shown you yesterday on OWC that your default certificate is not working with Firefox. I want to get a confirmation from Oracle that 10G EM R2 is unsupported in an SSL mode on Firefox.


23-FEB-06 19:11:09 GMT ACTION

Hi Sunil,

As the developer stated, 10gR2 does not support using a third-party certificate, and if Firefox does not accept the certificate that comes with 10gR2, then Firefox would be unsupported in SSL mode. It may be that some configuration of Firefox, to allow it to use the Oracle certificate,
is possible, but you will have to check with Firefox to find out what the configuration may be. Otherwise, yes, in the current version of 10gR2, Firefox will not be supported in SSL mode.

I will now set this SR to inactive status.


On 2/28/06, Jurijs Velikanovs <> wrote:
> I have logged an SR on that issue. I let you know how it will go.
> J.
> On 2/27/06, Jurijs Velikanovs <> wrote:
> > Hi Sunil,
> >
> > To my understanding EM 10GR2 Grid Control using nothing but AS
> > as a HTTP engine.
> > You need to follow the note 341904.1 to get SSL up and running.
> > Only small problem here is the AS 10G R2 bug. Take a look on the Note:308027.1.
> > Bur number is 4226254. I wasn't able to find detail information, as it
> > is seems to be not published Oracle bug.
> >
> > If an Oracle Support analyst told you that Grid Control doesn't work
> > with other certificate then provided by OCM, then it means that AS 10G
> > R2 doesn't work with other certificates then OCM as well.
> > I don't think that Oracle will live with that ;) They definitely will
> > provide the solution to fix AS 10G R2 and it will apply on Oracle Grid
> > Control as well.
> >
> > I would suggest you, if you really would like to get GC SSL enables
> > (with signed certificate by 3-d party), to go back to Oracle Support
> > and ask to assist you with AS 10GR2 SSL enabling.
> >
> > PS I can be wrong, but this is like I see the issue. Please let us
> > know how it will go for you.
> >
> > Jurijs
> >
> >
> > On 2/25/06, Sunil Kanderi <> wrote:
> > > We are running EM 10GR2 Grid Control on a Linux box and in trying to
> > > use SSL, we realized that the default Oracle Cert does not work with
> > > Firefox. So we decided to buy a new cert from Thawte and try to use it
> > > instead of the default Oracle certificate. To our surprise we couldn't
> > > get it to work and opened a TAR with Oracle. The response from Oracle
> > > is that EM 10gR2 GridControl does not handle third-party certificates.
> > >
> > > So if you have to use 10gR2 Grid Control(even the stand alone DB
> > > console) in SSL mode, your cannot use Firefox. We are using IE and it
> > > works but it is very surprising that the product does not support a
> > > third-party certificate and your only option is to use the default
> > > certificate that comes with it.
> > >
> > > Please let me know if any of you have gotten EM 10GR2 Grid Control to
> > > work with a third party certificate.
> > >
> > > Thanks,
> > > Sunil.
> > > --
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Jurijs
> > +44 7738 013090 (GMT)
> > ============================================
> >
> >
> --
> Jurijs
> +44 7738 013090 (GMT)
> ============================================

Received on Tue Feb 28 2006 - 14:39:36 CST

Original text of this message