Forum Stats

  • 3,727,187 Users
  • 2,245,333 Discussions
  • 7,852,620 Comments

Discussions

Can't start Oracle Enterprise Manager Webtier after enabling SSL with error "Cannot open wallet.."

User_UK44E
User_UK44E Member Posts: 1 Green Ribbon
edited May 2020 in Enterprise Manager

Hi Gurus,

I inherited a Oracle Enterprise Manager 13c R2  and am trying to enable SSL for several major ports so we can access OEM console via

https.

I was following "EM13c, 12: How to configure the Oracle Enterprise Manager Management Service (OMS) with SSL Certificates (doc ID

2202569.1)" to use orapki to

1) create a wallet (with auto_login option),

2) generate a certificate request, sent to CA, get certificate (user, intermediate, and root) back.

3) Imported all the certificates successfully, and

4) configured  httpd_em.conf, ssl.conf, and ssl_bip.conf (for all configuration at both server and instance level)

First I was able to start OMS with all components, however after I applied the latest patches (DB, WebLogic and OMS), i could not start Webtier up with "WebTier Could Not Be Started" message.

Looking through the $EM_BASE/em/gc_inst/user_projects/domains/GCDomain/servers/ohs1/logs/ohs1.log file I can see error message as following:

Server doc.gss.dte.cert.org:9851: Cannot open wallet file:/oracle/software/em/gc_inst/user_projects/domains/GCDomain/config/fmwconfig/components/OHS/instances/ohs1/keystores/console, unable to prompt for password. Enable it as an Auto Login or clear wallet or configure SSLPassPhraseDialog

However  I know my oracle wallet was created a auto_login with both cwallet.sso and ewallet.p12 created in the wallet, and it worked for couple days.

I wonder why all the suddent it stopped working, did I miss anything here?

Thanks,

Alan Wan

Answers

  • Tedw-Oracle
    Tedw-Oracle Member Posts: 142
    edited July 2019

    Hey Alan.

    Just found my notifications were not working, so apologies for the lack of reply.  I'm catching up on old threads.

    Ops Center and Enterprise Manager are related products, but different.  It's more complicated than that, but we'll leave it there for now.

    Head over to the Enterprise Manager forum in the Oracle Communities, and you'll get the answer you need there.  If not, let me know, and I'll try to move the thread to the proper location.

    Thanks, Ted

  • Venkata Thiruveedhi-Oracle
    Venkata Thiruveedhi-Oracle Posts: 590 Employee
    edited May 2020

    Hi,

    Not sure if you still have this issue.

    The wallet for the 3rd party signed certificate was created with the auto_login_local option and the OMS cannot open it during startup.

    Action Plan:

    ========

    Change the auto_login_local to auto_login using below steps :

    + Run the command below to set the EM environment

    <OMS BASE>/gc_inst/user_projects/domains/GCDomain/bin>. ./setDomainEnv.sh

    + change the wallet option form auto_login_local to auto_login
    orapki wallet create -wallet <walert location > -auto_login

    + Switch the EM Cloud Control back to the EM self-signed certificates, run the command below:
    <OMS_HOME>/bin>./emctl secure oms

    + Restart the OMS
    <OMS_HOME>/bin>./emctl stop oms -all -force
    <OMS_HOME>/bin>./emctl start oms

    + Once OMS successfully started follow below document to create new wallet with auto_login and request new certificate to secure OMS.

    EM 13c, 12c: How to Configure the Enterprise Manager Management Service (OMS) with Secure Socket Layer (SSL) Certificates (Doc ID NOTE 2202569.1)

Sign In or Register to comment.