Re: Expired Certificate in OEM

From: joel garry <joel-garry_at_home.com>
Date: Mon, 23 Jun 2008 14:08:09 -0700 (PDT)
Message-ID: <54aa7a49-7668-487a-99a2-17ee9a0b3ae1@i76g2000hsf.googlegroups.com>


On Jun 23, 12:41 pm, Palooka <nob..._at_nowhere.com> wrote:
> Sorry if this is a FAQ, but I have searched Tahiti, and Googled, but
> have found nothing of use.
>
> I installed Oracle 10.2.0.1 on AIX 5L (64 bit) the other day, and
> created a small database to test. Enterprise Manager Database Control
> was configured to use http, and worked.
>
> Today I applied the patch to 10.2.0.4 and used dbua to upgrade the test
> database.
>
> All went well, with one exception. During the patch OEM Database Control
> was reconfigured to use https - good. However, when I access it from a
> Windows box on the network, I get a warning that the certificate has
> expired. I can click through and OEM works fine, but obviously that
> situation won't be acceptable in a production scenario.
>
> I'm a reasonably experienced DBA, but (being of the old-fashioned
> command-line-and-Unix-scripting school) fairly new to OEM, and not
> familiar with SSL, so sorry if this is a bit of a newbie question. It
> appears I need to do something on the server side to extend, revalidate,
> renew the certificate or whatever, but what do I do?
>
> Thanks,
> Palooka

I think this is answered in metalink Note:280034.1 (or the note it refers to), but as I have had other problems with EM after applying this patch on hp-ux (including having dbconsole go totally tits-up after following a secure-the-control suggestion by support) and have way too much actual work to do to screw with it, I'm just accepting the situation for now, now that this fragile dbconsole is working. I for one would be interested in the answer. The Oracle® Enterprise Manager Advanced Configuration manual, chapter 5, allegedly explains how to do this, but I'm not very trusting of it just now. It might just be a simple matter of secure reconfiguration, check the logs and properties files that are changed.

jg

--
@home.com is bogus.
“We thought we had a better database.”
http://wwww.signonsandiego.com/news/metro/20080621-9999-1n21calls.html
Received on Mon Jun 23 2008 - 16:08:09 CDT

Original text of this message