RE: Cloud Control 12.1.0.1 Certificate Error

From: Brian Pardy <brianpa_at_burton.com>
Date: Wed, 30 Jul 2014 15:57:12 +0000
Message-ID: <92C2516C1D75EB4A922A8EE402EC23D5555438D7_at_helo.usa.burton.com>

Hi Scott,

Have you recently upgraded to Firefox 31? If so, set the preference "security.use_mozillapkix_verification" to false within the about:config screen. I don't know if Oracle has a bug filed on this yet but apparently many self-signed certificates out there are technically broken, containing an attribute indicating that they are CA certificate, not a server certificate. Mozilla has just changed Firefox to use a certificate validation library that is more strict than the one they previously used.

Alternatively, it seems like if you regenerate your EM12c certificates (possibly per note 1611578.1, I forget which procedure I followed), your certificates will be valid such that Firefox allows them, even with the new cert library. I'm running with security.use_mozillapkix_verification=true and using my EM12c self-signed certificates without issue.

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Scott Canaan Sent: Wednesday, July 30, 2014 11:46 AM
To: oracle-l_at_freelists.org
Subject: Cloud Control 12.1.0.1 Certificate Error

I'm having trouble with the self-signed certificate in Cloud Control 12.1.0.1. I didn't create the certificate. When I try to access Cloud Control from Firefox, it won't let me in. I get the following page:

Secure Connection Failed

An error occurred during a connection to vmora00e.rit.edu:7801. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

When I use IE, it gives me an error stating that the certificate is invalid, but will let me in anyway.

I tried to work with our SAs, but their response was "It's your certificate, you fix it".

The error in IE is on the root. It says "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store." I've been trying to figure out how to fix this, but I can't find the information that I need. This is on Red Hat 6 Linux.

Scott Canaan '88 (srcdco_at_rit.edu<mailto:srcdco_at_rit.edu>) (585) 475-7886 - work
"Life is like a sewer, what you get out of it depends on what you put into it." - Tom Lehrer

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Jul 30 2014 - 17:57:12 CEST

This message: [ Message body ]
Next message: Ray Stell: "Re: Cloud Control 12.1.0.1 Certificate Error"
Previous message: Chris Taylor: "Re: Cloud Control 12.1.0.1 Certificate Error"
In reply to: Scott Canaan: "Cloud Control 12.1.0.1 Certificate Error"
Next in thread: Ray Stell: "Re: Cloud Control 12.1.0.1 Certificate Error"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message