Fixing OEM security certificate issues in local Browser(IE)

Just after every installation of OEM Grid Control/Database Control and while accessing Console you will see next message:

There is a problem with this website’s security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).

It’s much better to sign OMS with certificate issued by Trusted Third-Party Certificate Authority(see References section below), but it’s not always possible, so I will provide step-by-step instruction with screenshots how to fix this ussue locally on your desktop’s browser. Provided steps are for Microsoft Internet Explorer, but similar have been tested with Firefox and will work with other browsers too, but I haven’t tested yet, so don’t have step by step instructions for them.

0. Access your OEM Console host by name, not by IP address

1. Just after accessing OEM Console URL we see next message:

We may just click on “Continue to this website (not recommended)” and go to login screen, but we have to do it Every Time and it doesn’t look nice/comfortable, at least for me.

2. so lets look on certificate: click on Certificate Error and then View Certificates

3. here we se that certificate is Self-Signed – that is the root cause of mentioned message – certificate wasn’t signed by Trusted Third-Party Certificate Authority.

So lets fix this issue locally in your browser – just click Install Certificate

4. for the first time we will just import mentioned certificate:

5. It’s not enough because it’s Seft-Signed, so we have to add our certificate into Trusted Root Certification Authorities:

6. You will see message similar to the next warning You on this action:

7. At this time some environments will start to work correctly, but if You have proxy server setup than lets correct Proxy setup – specify “Bypass proxy server for local addresses“:

8. go to Advanced settings and specify your OEM host in Exceptions section by NAME:

9. if OEM host wasn’t added to corporate DNS than, specify it in local host resolution file – hosts.

You may use something like this for Microsoft Windows: C:\WINDOWS\system32\drivers\etc\hosts

10. After compliting mentioned steps You will not longer see annoying security certificate problem message, but quickly go to Login Page:

References:

  • 1208949.1 11g Grid Control: Using Oracle Wallet Manager to Create a Wallet with Third Party Trusted Certificate and Importing into OMS
  • 1367988.1 EM11g / EM12c : Using ORAPKI Utility to Create a Wallet with Third Party Trusted Certificate and Import into OMS
  • 1399293.1 EM 12c Cloud Control How to Create a Wallet With Third Party Trusted Certificate that Can Be Imported into the OMS For SSL Comunication ?

UPDATE1:

just after posting, I have found almost the same information at the My Oracle Support portal:

  • 437660.1 Enterprise Manager Console UI: Accessing the Grid Console / Cloud Console/Agent Metric Browser shows “Certificate Errors”
Advertisements

4 thoughts on “Fixing OEM security certificate issues in local Browser(IE)

    • Vinod,
      it may be because of some settings in your browser, like this site in the list of restricted sites…
      just check your browser settings or try another browser, like FireFox of Chrome

  1. Pingback: Oracle Entreprise Manager 12c: certificat issue with Internet Explorer | chauuy

  2. The install of the certificate did indeed solve the issue. Installed 11g onto Windows 2012Std.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s