Comments on: How to Access Oracle GridControl 10.2 Agents via HTTPS/Port 443 http://www.pythian.com/blogs/709/how-to-access-oracle-gridcontrol-102-agents-via-https-port-443 News and views from Pythian DBAs Tue, 14 Oct 2008 03:37:31 +0000 http://wordpress.org/?v=2.3.2 By: Grégory http://www.pythian.com/blogs/709/how-to-access-oracle-gridcontrol-102-agents-via-https-port-443#comment-138544 Grégory Sat, 08 Dec 2007 02:30:46 +0000 http://www.pythian.com/blogs/709/how-to-access-oracle-gridcontrol-102-agents-via-https-port-443#comment-138544 Marco, 1) Your congrats : Thanks. Yes, I'm glad I've found this one ! 0:-) 2) Your question : On the Server Side, the SSL key comes with OHS not the OMS that run behind it. If you want to setup a new certificate, you'll have to set it at this level... This is what you'd like to do to setup a certificate from a valid certificate authority. The problem of the agent stopping could come from it using HTTP as a primary protocol or something I don't know about ! On the agent side, this is another story as the SSL key is actually downloaded from the OMS when you secure the agent with "emctl secure agent". In that case, I don't know if the key is regenerated every time you run the command. So to answer your question, none of "emctl lock oms" and "emctl secure oms ..." should generate the SSL certificate. -Grégory PS: I can be wrong (Probability : 50%) Marco,

1) Your congrats :
Thanks. Yes, I’m glad I’ve found this one ! 0:-)

2) Your question :
On the Server Side, the SSL key comes with OHS not the OMS that run behind it. If you want to setup a new certificate, you’ll have to set it at this level… This is what you’d like to do to setup a certificate from a valid certificate authority. The problem of the agent stopping could come from it using HTTP as a primary protocol or something I don’t know about !
On the agent side, this is another story as the SSL key is actually downloaded from the OMS when you secure the agent with “emctl secure agent”. In that case, I don’t know if the key is regenerated every time you run the command.

So to answer your question, none of “emctl lock oms” and “emctl secure oms …” should generate the SSL certificate.

-Grégory

PS: I can be wrong (Probability : 50%)

]]> By: Marco Gralike http://www.pythian.com/blogs/709/how-to-access-oracle-gridcontrol-102-agents-via-https-port-443#comment-138267 Marco Gralike Fri, 07 Dec 2007 08:01:16 +0000 http://www.pythian.com/blogs/709/how-to-access-oracle-gridcontrol-102-agents-via-https-port-443#comment-138267 OH, by the way, GOOD post.! 8-) OH, by the way, GOOD post.!

8-)

]]> By: Marco Gralike http://www.pythian.com/blogs/709/how-to-access-oracle-gridcontrol-102-agents-via-https-port-443#comment-138266 Marco Gralike Fri, 07 Dec 2007 08:00:33 +0000 http://www.pythian.com/blogs/709/how-to-access-oracle-gridcontrol-102-agents-via-https-port-443#comment-138266 Grégory, do you know if, when you lock OMS down via "emctl lock oms", the SSL keys will be refreshed as well? I once noticed that agent / OMS traphic stopt while locking OMS down, but I didn't really checked. Grégory, do you know if, when you lock OMS down via “emctl lock oms”, the SSL keys will be refreshed as well? I once noticed that agent / OMS traphic stopt while locking OMS down, but I didn’t really checked.

]]>