Re: Expired Certificate in OEM

From: Palooka <nobody_at_nowhere.com>
Date: Mon, 23 Jun 2008 22:58:07 +0100
Message-ID: <P%U7k.167918$M63.92007@newsfe13.ams2>


joel garry wrote:

> On Jun 23, 12:41 pm, Palooka <nob..._at_nowhere.com> wrote:

>> Sorry if this is a FAQ, but I have searched Tahiti, and Googled, but
>> have found nothing of use.
>>
>> I installed Oracle 10.2.0.1 on AIX 5L (64 bit) the other day, and
>> created a small database to test. Enterprise Manager Database Control
>> was configured to use http, and worked.
>>
>> Today I applied the patch to 10.2.0.4 and used dbua to upgrade the test
>> database.
>>
>> All went well, with one exception. During the patch OEM Database Control
>> was reconfigured to use https - good. However, when I access it from a
>> Windows box on the network, I get a warning that the certificate has
>> expired. I can click through and OEM works fine, but obviously that
>> situation won't be acceptable in a production scenario.
>>
>> I'm a reasonably experienced DBA, but (being of the old-fashioned
>> command-line-and-Unix-scripting school) fairly new to OEM, and not
>> familiar with SSL, so sorry if this is a bit of a newbie question. It
>> appears I need to do something on the server side to extend, revalidate,
>> renew the certificate or whatever, but what do I do?
>>
>> Thanks,
>> Palooka
> 
> I think this is answered in metalink Note:280034.1 (or the note it
> refers to), but as I have had other problems with EM after applying
> this patch on hp-ux (including having dbconsole go totally tits-up
> after following a secure-the-control suggestion by support) and have
> way too much actual work to do to screw with it, I'm just accepting
> the situation for now, now that this fragile dbconsole is working.  I
> for one would be interested in the answer.  The OracleŽ Enterprise
> Manager Advanced Configuration manual, chapter 5, allegedly explains
> how to do this, but I'm not very trusting of it just now.  It might
> just be a simple matter of secure reconfiguration, check the logs and
> properties files that are changed.
> 

Thanks, Joel. I'm not alone then. If I find the answer I'll post it here. I'll check that Chapter 5, but unfortunately I don't have metalink access yet - the client (a major corporation) is still negotiating the licence. Why on earth they are unable to obtain an interim CSI number is, I'm afraid, a question I dare not ask.

But I hasten to add, they do have permission from Oracle to download and install the database and the patch (which was made available specially).

Palooka Received on Mon Jun 23 2008 - 16:58:07 CDT

Original text of this message