Discussions
Categories
- 17.9K All Categories
- 3.3K Industry Applications
- 3.2K Intelligent Advisor
- 59 Insurance
- 534.1K On-Premises Infrastructure
- 137.6K Analytics Software
- 38.5K Application Development Software
- 5.3K Cloud Platform
- 109.1K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 70.8K Infrastructure Software
- 105.1K Integration
- 41.5K Security Software
Can't start Oracle Enterprise Manager Webtier after enabling SSL with error "Cannot open wallet.."
Hi Gurus,
I inherited a Oracle Enterprise Manager 13c R2 and am trying to enable SSL for several major ports so we can access OEM console via
https.
I was following "EM13c, 12: How to configure the Oracle Enterprise Manager Management Service (OMS) with SSL Certificates (doc ID
2202569.1)" to use orapki to
1) create a wallet (with auto_login option),
2) generate a certificate request, sent to CA, get certificate (user, intermediate, and root) back.
3) Imported all the certificates successfully, and
4) configured httpd_em.conf, ssl.conf, and ssl_bip.conf (for all configuration at both server and instance level)
First I was able to start OMS with all components, however after I applied the latest patches (DB, WebLogic and OMS), i could not start Webtier up with "WebTier Could Not Be Started" message.
Looking through the $EM_BASE/em/gc_inst/user_projects/domains/GCDomain/servers/ohs1/logs/ohs1.log file I can see error message as following:
Server doc.gss.dte.cert.org:9851: Cannot open wallet file:/oracle/software/em/gc_inst/user_projects/domains/GCDomain/config/fmwconfig/components/OHS/instances/ohs1/keystores/console, unable to prompt for password. Enable it as an Auto Login or clear wallet or configure SSLPassPhraseDialog
However I know my oracle wallet was created a auto_login with both cwallet.sso and ewallet.p12 created in the wallet, and it worked for couple days.
I wonder why all the suddent it stopped working, did I miss anything here?
Thanks,
Alan Wan
Answers
-
Hey Alan.
Just found my notifications were not working, so apologies for the lack of reply. I'm catching up on old threads.
Ops Center and Enterprise Manager are related products, but different. It's more complicated than that, but we'll leave it there for now.
Head over to the Enterprise Manager forum in the Oracle Communities, and you'll get the answer you need there. If not, let me know, and I'll try to move the thread to the proper location.
Thanks, Ted
-
Hi,
Not sure if you still have this issue.
The wallet for the 3rd party signed certificate was created with the auto_login_local option and the OMS cannot open it during startup.
Action Plan:
========
Change the auto_login_local to auto_login using below steps :
+ Run the command below to set the EM environment
<OMS BASE>/gc_inst/user_projects/domains/GCDomain/bin>. ./setDomainEnv.sh
+ change the wallet option form auto_login_local to auto_login
orapki wallet create -wallet <walert location > -auto_login+ Switch the EM Cloud Control back to the EM self-signed certificates, run the command below:
<OMS_HOME>/bin>./emctl secure oms+ Restart the OMS
<OMS_HOME>/bin>./emctl stop oms -all -force
<OMS_HOME>/bin>./emctl start oms+ Once OMS successfully started follow below document to create new wallet with auto_login and request new certificate to secure OMS.
EM 13c, 12c: How to Configure the Enterprise Manager Management Service (OMS) with Secure Socket Layer (SSL) Certificates (Doc ID NOTE 2202569.1)