This discussion is archived
7 Replies Latest reply: May 2, 2013 2:40 AM by John Thomas RSS

Using EM12C on a large screen and dodgy SSL

John Thomas Newbie
Currently Being Moderated
We have been using Enterprise Manager as a monitoring system on a shared large screen. The only way we've found to format it so far is to have a PowerShell script launch IE with the production performance page on the left, High Availability console to the top right and a couple of database groups (Production, All Development) filling in the bottom right of the screen.

This can't work with Chrome as EM 12c still uses an MD5 hash, which I read has been regarded as dodgy for security use since around 1996. Chrome reports the certificate as invalid due to a weak signature, so any script will abort at this point.

Is there a better way to provide a monitoring panel?
  • 1. Re: Using EM12C on a large screen and dodgy SSL
    Richard C Evans Newbie
    Currently Being Moderated
    Hi John,

    Have you tried adding all of the targets you want to monitor to a Group and using the Dashboard for that group?

    http://docs.oracle.com/cd/E24628_01/doc.121/e24473/group_management.htm#EMADM12678

    We create Groups based on Line of Business, Application the DB (and Targets) support, and for specific managers. Most of them don't know, or want to know (don't blame them), the actual DB names they want to see them by Application Name. So we create groups of targets based on the application they support.

    -- PS: You might check out MPCUI Framework (http://docs.oracle.com/cd/E24628_01/doc.121/e25159/mgt_gui.htm#sthref253) too. I haven't used it yet but it looks promising. Maybe you could develop your own page?

    HTH..

    Regards,
    Rich

    added MPCUI link
  • 2. Re: Using EM12C on a large screen and dodgy SSL
    user704352 Newbie
    Currently Being Moderated
    MD5 is used during x509 certificate generation in pre-12c environments.

    But, starting 12c, we use SHA-2 (512) algorithm for our certificates - there is no dependency on MD5 based certs for new installs.

    For 12c upgrade installs, the customer may still have MD5 based certificates as they were created in older releases.
    For such upgrade scenarios, EM supports replacing OOTB certificate with certificates of their choice.
  • 3. Re: Using EM12C on a large screen and dodgy SSL
    John Thomas Newbie
    Currently Being Moderated
    Thanks for the suggestion but maybe I did not state the requirement fully.

    We want the main performance monitor page, the HA console page and a couple of dashboards displaying a Development group and a Production group on the same screen - a 46" plasma hanging from the ceiling in sight of the whole DBA team - all day long, without timeouts.

    So Group dashboards do not really meet the need.
  • 4. Re: Using EM12C on a large screen and dodgy SSL
    John Thomas Newbie
    Currently Being Moderated
    Hmm, the mystery deepens. The guy who did the 12c install is on leave, but we got a clean machine for the "upgrade". I thought he had done the install from scratch.

    I know we could use a 3rd party certificate but I'm not asking my boss to approve a few hundred dollars a year just so we can avoid clicking "ignore warning message".

    I'll try and find out if this was an upgrade. I don't believe it was, but the browser displays the signature hash algorithm as MD5.
  • 5. Re: Using EM12C on a large screen and dodgy SSL
    John Thomas Newbie
    Currently Being Moderated
    Thanks for the MCPUI suggestion. I'll have a look into that. There was another option involving using EMCLI to customise, but as far as I could see that provided a customised dashboard - does not meet the need.
  • 6. Re: Using EM12C on a large screen and dodgy SSL
    Richard C Evans Newbie
    Currently Being Moderated
    http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get-internet-explorer-8-to-accept-a-self-signed-certific

    Maybe?
  • 7. Re: Using EM12C on a large screen and dodgy SSL
    John Thomas Newbie
    Currently Being Moderated
    Richard, maybe I didn't make this clear, but the problem I'm having is with Chrome. IE8 blithely accepts the MD5 certificate - suspect since 1996, formally broken from 2004 - without needing any of what's described in your StackOverflow reference.

    Chrome is correctly issuing a weak certificate warning due to use of MD5 in the EM certificate. It's IE8 that needs fixing to reject weak certificates, not a workaround to make it accept them.

    Cheers,

    John

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points