7 Replies Latest reply: Feb 24, 2014 8:47 PM by egkua RSS

    OEM - Certificate Invalid

    egkua

      Hi,

       

      I encountered certificate invalid error when accessing 11g OEM.

      "This certificate cannot be verified up to a trusted certificate authority."

       

      It seems that the browser cannot recognize the root CA.

      How to obtain and import the root CA ?

       

      Regards,

      Eye Gee

        • 1. Re: OEM - Certificate Invalid
          Courtney Llamas-Oracle

          Please take a look at the following MOS Notes, the first shows how to create a wallet and load the certificates, then the second covers securing the OMS console port to avoid the certificate errors.


          EM11g / EM12c : Using ORAPKI Utility to Create a Wallet with Third Party Trusted Certificate and Import into OMS (Doc ID 1367988.1)

          • 2. Re: OEM - Certificate Invalid
            egkua

            Hi,

             

            The certificate is created during installation of 11g. Do i really need to use wallet ?

             

            I have tried to install the certificate on IE by viewing and clicking on the install button.

            However it does not seems to be installed under the  "Trusted Root Certificate Authorities".

             

            I have tried to install under Trusted Publishers, it seems to be ok.

             

            On mmc->Certificates->Trusted Root Certificate Authorities->certificates, I am able to view this root CA.

            However "Windows does not have enough information to verify this certificate", "The issuer of this certificate could not be found".

             

            Anyone, any idea ?

             

            Regards,

            Eye Gee

            • 3. Re: OEM - Certificate Invalid
              Rahul-Em-Oracle

              Hi Eye Gee,

               

              The below doc provides in details about steps  to Import the OMS self-signed Certificate into the Browser Store

              Ensure all steps were followed as per the doc

              Ref

              Enterprise Manager Console UI: Accessing the Grid Console / Cloud Console/Agent Metric Browser shows "Certificate Errors" (Doc ID 437660.1)

               

               

              Regards,

              Rahul

              • 4. Re: OEM - Certificate Invalid
                egkua

                Rahul,

                 

                I have tried to install the certificate many times. Steps are same as

                Enterprise Manager Console UI: Accessing the Grid Console / Cloud Console/Agent Metric Browser shows "Certificate Errors" (Doc ID 437660.1).

                 

                When I import the certificate it said "The import was successful". However it does not seems to be installed under the  "Trusted Root Certificate Authorities".


                I am using Windows 7, IE 9.


                Anyone, any recommendations ?


                Regards,

                Eye Gee



                • 5. Re: OEM - Certificate Invalid
                  Rahul-Em-Oracle

                  Hi Eye Gee,


                  Can you please check suggestion as per below doc

                  Log in to Enterprise Manager Console using Internet Explorer 7 and higher fails with "Internet Explorer cannot display this page" or with Security Certificate Error (Doc ID 1498203.1)

                   

                  Regards,
                  Rahul

                  • 6. Re: OEM - Certificate Invalid
                    egkua

                    Rahul,

                     

                    openssl s_client -connect serverdb:1158

                    openssl s_client -connect serverdb:3938

                     

                    Both with,

                    Server public key is 1024 bit

                     

                    and I am using Oracle 11.2.0.4.0.

                     

                    The document mentioned does not apply to my case.

                    Anyone, suggestions?

                     

                    Regards,

                    Eye Gee

                    • 7. Re: OEM - Certificate Invalid
                      egkua

                      Hi,

                       

                      I am now using Mozilla browser instead of IE.

                       

                      Regards,

                      Eye Gee