RE: em db
Date: Thu, 11 Apr 2013 13:11:05 -0400
Message-ID: <C1117B1AA0340645894671E09A7891F714F8F4A997_at_EIHQEXVM2.ei.local>
You have to use a supported browsers. Firefox or IE8 -- although I have heard IE8 has not worked for some -- but probably just gave up after using firefox. Microsoft security moved forward and required 1024 bit RSA keys -- and hence unless you are in the certificate game you are using the default certificates created upon installations of EM.
Here are some notes gleaned together to help while the Metalink site is down:
Explanation from Crowley support
Revision Note: V2.0 (October 9, 2012): Revised advisory to rerelease the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the KB2661254 update do not need to take any action. See advisory FAQ for details.
Summary: Microsoft is announcing the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length. The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Directions below are for Windows 7 but I think they will work for Vista as well.
Click Start > then type appwiz.cpl in the search programs and files and press ok. Once you see the uninstall or change a program window open type KB2661254 in the search Programs and Features window, upper right hand corner KB2661254 will be the only patch now listed, click uninstall and follow the prompts.
###########################
Use Supported Brower, IE9 not supported.
Run IE9 in IE8 compatibility mode? http://answers.yahoo.com/question/index?qid=20110618201253AAfQZOm.
If a fix or a required patch is not available, the only secured workaround is to use another Certified Browser than Internet Explorer.
Reference notes 437660.1 and it leads to Firefox note 1109427.1 for navigating through the certificate messages using IE and Firefox.
Check My Oracle Support Certifications tab for certified browsers: Document 406906.1 - Understanding Enterprise Manager Certification (Certify) in My Oracle Support. You have also the option to unsecure the DB Control or Grid Control console if your Internal Security Policy allows it.
work a rounds in the note 1498203.1 that you can try if you do not wish to use a supported browser
Microsoft stress that this is a temporary workaround. See their website for full details:-
http://support.microsoft.com/kb/2661254
Go to section "Allow key lengths of less than 1024 bits by using registry settings"
There are a choice of workaround listed here. The first involves updating the registry as follows.
1) backup the registry
2) At the command prompt run the command:-
certutil -setreg chain\minRSAPubKeyBitLength 512
This adds an extra key (MinRsaPubKeyBitLength) to the registry:-
eg.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config\MinRsaPubKeyBitLength
It is not necessary to restart the machine. This will allow access to the Enterprise Manager console.
Note that this command can be reversed by using:-
certutil -delreg chain\MinRsaPubKeyBitLength
they also list some other options, so it is worth visiting their website.
Joel Patterson
Database Administrator
904 928-2790
-- Joel Patterson Sr. Database Administrator | Enterprise Integration Phone: 904-928-2790 | Fax: 904-733-4916 http://www.entint.com/ http://www.entint.com/ http://www.facebook.com/pages/Enterprise-Integration/212351215444231 http://twitter.com/#!/entint http://www.linkedin.com/company/18276?trk=tyah http://www.youtube.com/user/ValueofIT This message (and any associated files) is intended only for the use of the addressee and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient, you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. [v.1.1] From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Hans Forbrich Sent: Wednesday, April 10, 2013 4:59 PM To: oracle-l_at_freelists.org Subject: Re: em db The default certificate is old and self-signed. You can tell your *browser* to allow an exception to get going, but you really want to fix this, consider looking through the MOS note 1498302.1 ... yes I know it discusses IE, but it does give you the background. /Hans On 10/04/2013 2:28 PM, Zelli, Brian wrote:Received on Thu Apr 11 2013 - 19:11:05 CEST
> I just loaded oracle 11g on a HPUX server, created a little database and I checked to make sure the dbconsole and agent are running but when I put in the URL, I get:
> "There is a problem with this website's security certificate"
> So is the error on the server side or the browser side and how do I fix this? I googled but can't seem to gt the right answer......
>
> ciao,
> Brian
>
>
>
> This email message may contain legally privileged and/or confidential information. If you are not the intended recipient(s), or the employee or agent responsible for the delivery of this message to the intended recipient(s), you are hereby notified that any disclosure, copying, distribution, or use of this email message is prohibited. If you have received this message in error, please notify the sender immediately by e-mail and delete this email message from your computer. Thank you.
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l