22 July 2015

OEM: create wallet and import trusted certificates


Create wallet

mkdir $ORACLE_HOME/wallets
cd  $ORACLE_HOME/wallets
orapki wallet create -wallet $ORACLE_HOME/wallets -pwd xxx -auto_login
orapki wallet add -wallet $ORACLE_HOME/wallets  -dn "CN=servername.domain.nz, OU=ICT, O=CompanyName, L=YourCity, ST=YourCity, C=NZ" -keysize 2048 -pwd xxx

Create requirement file

orapki wallet export -wallet $ORACLE_HOME/wallets -dn "CN=servername.domain.nz, OU=ICT,  O=CompanyName, L=YourCity, ST=YourCity, C=NZ"  -request $ORACLE_HOME/wallets/user_cert.req -pwd xxx

Add trusted certificates

Send the requirement file to security team and wait for them to send you the certs back.
orapki wallet add -wallet $ORACLE_HOME/wallets -trusted_cert -cert $ORACLE_HOME/wallets/Root_CA.cer -pwd xxx
orapki wallet add -wallet $ORACLE_HOME/wallets -trusted_cert -cert $ORACLE_HOME/wallets/Policy.cer -pwd xxx
orapki wallet add -wallet $ORACLE_HOME/wallets -trusted_cert -cert $ORACLE_HOME/wallets/Issuing.cer -pwd xxx
orapki wallet add -wallet $ORACLE_HOME/wallets -user_cert -cert $ORACLE_HOME/wallets/SSO_Cert.cer -pwd x

Secure console

emctl secure console -wallet  $ORACLE_HOME/wallets
restart oms

Secure OMS with third-party certificates 

Create a new file trust_certs.cer and copy Root, Policy and Issuing text inside. Don't add user cert.

emctl secure oms -wallet $ORACLE_HOME/wallets -trust_certs_loc $ORACLE_HOME/wallets/trusted_certs.txt
Restart OMS

Re-secure all agents

For each Agent:
emctl secure agent
emctl upload

Add SSL Self-Signed Certificate to master agent

Check the certificates:
emctl secdiag openurl -url https://servername:xxxx/empbs/upload
openssl s_client -connect servername:xxxx:xxxx

Re-secure each agent with:
emctl pingOMS
emctl stop agent; emctl secure agent
.. registration password…
#Add all certificates to the agent (Oracle Doc ID 2220788.1 )
emctl secure add_trust_cert_to_jks -trust_certs_loc /opt/oracle/middleware13c/wallets/RootCA.cer -alias RootCA -password welcome
emctl secure add_trust_cert_to_jks -trust_certs_loc /opt/oracle/middleware13c/wallets/IssuingCA1.cer  -alias IssuingCA1 -password welcome
emctl secure add_trust_cert_to_jks -trust_certs_loc /opt/oracle/middleware13c/wallets/usersert.cer -alias usersert -password welcome
emctl start agent

emctl start agent; emctl upload agent



// posted by Tatjana (Tanja) Kane @ 7/22/2015
Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?