4 Enabling SSL for HTTPS

Follow the instructions provided in the following sections if you choose HTTPS as the protocol to establish a connection between MOM and Enterprise Manager.

Generating a Certificate Request File

Generate a certificate request file from the MOM server by doing the following:

1. On the Windows task bar, go to Start, then click Run.

2. Type inetmgr in the Open field.

   The Internet Information Services (IIS) Manager screen appears.

3. In the left pane, navigate to Web Sites and select the Microsoft Operations Manager 2005 connector framework.

4. Right-click and select Properties.

   The Microsoft Operations Manager 2005 Connector Framework Properties dialog box appears.

5. In the Directory Security tab, go to the Secure Communications section and click Server Certificate.

6. Using the wizard, create a new certificate.

   Note:

   When you specify details for certificate generation, do not use abbreviated forms for city and state names, as the wizard does not recognize abbreviations. For example, CA is not accepted for California.

   When the wizard completes, a certreq.txt text file is generated.

7. Send this request file to the Certificate authority, such as VeriSign.

Using the Certificate from the Certificate Authority

After processing your request, the certificate authority sends you the certificate. After you receive the certificate, do the following:

1. Paste the content into a text file.

   The content looks like the following example:

   -----BEGIN CERTIFICATE-----
   MIICdzCCAV8CAQAwDQYJKoZIhvcNAQEEBQAwITELMAkGA1UEBhMCVVMxEjAQBgNVBAMMCXJvb3Rf
   dGVzdDAeFw0wNjExMTAxMDI5MzJaFw0xNjExMDcxMDI5MzJaMGYxCzAJBgNVBAYTAlVTMQ4wDAYD
   VQQIEwVUZXhhczEPMA0GA1UEBxMGRGFsbGFzMQ8wDQYDVQQKEwZvcmFjbGUxCzAJBgNVBAsTAkVN
   MRgwFgYDVQQDEw9zbXAtbXBpMi1vcmFwa2kwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOch
   GIHp6MFW78OQw/mSdU0xfVq5u9pgqndnTqoh4aGFg1bTZD6/Azf3Nn8ibtKVJmGp3PLa3xP/gk7S
   tjZ/9sM4bvnw0Y4U9xsj0BiDG4JBo35uXAUxDHLReh8F4x45Wtv/SxvE0tjNnESlBMYynLip7P9l
   fSzcGKjSViyFW9M9AgMBAAEwDQYJKoZIhvcNAQEEBQADggEBAIktFTvDs7ULf0PclYXsJPeK4vFq
   7HZ86omktA9lYS+oA6SaudwDGY5yxcl9O2s78o+EK9e8Wz4wM4dmUg4aSuHVHWs75W86uh7gpEFo
   wssH9mtcxkqIbdPVwQoeAUTVOifNaujfXtgClvlvOjkfzvvD7SieRjD9mP2rJ2pRWUbv7xR7oJmt
   RXp6t22a+MKMQQR8ofAZV/WxFJcgmBR/JxLA28X+jnzmIH/yqHK/b6Agwwy7PgbJrwPI7WQ/busm
   6ASeV8ZgSfAkJ83nWz4NICnH5Y8Dyu8vDtERsOQ8z/WttrBDEmcGikkO9P+o2Y9w1pEJQhh4bKtD
   PyO9YLmlrLM=
   -----END CERTIFICATE-----
   

2. Save the file as cert.cer.

3. On the Windows task bar, go to Start, then click Run.

4. Type inetmgr in the Open field.

   The Internet Information Services (IIS) Manager screen appears.

5. In the left panel, navigate to Web Sites and select the Microsoft Operations Manager 2005 connector framework.

6. Right-click and select Properties.

   The Microsoft Operations Manager 2005 Connector Framework Properties dialog box appears.

7. In the Directory Security tab, go to the Secure Communications section, and click Server Certificate.

8. Add the certificate file to the server.

Adding Signed Certificates to Wallet Manager

Note:

Oracle Wallet Manager is available at $ORACLE_HOME/bin on OMS. See the Oracle Application Server Administrator's Guide for details.

Do the following on Enterprise Manager:

1. As Super Administrator, create a wallet using the following orapki utility command at the OMS host:

   orapki wallet create -wallet client -auto_login

   Note:

   orapki is available at $ORACLE_HOME/bin on OMS.

2. Add the trusted certificate to the wallet by entering the following command:

   orapki wallet add -wallet client -trusted_cert -cert verisignCert.cer

3. To view the content of the wallet, enter the following command:

   orapki wallet display -wallet client

   Ensure that ewallet.p12 is available.

4. In Oracle Wallet Manager, open the client certificate ewallet.p12.

5. Go to Select Trusted Certificates and select Operations on the main menu.

6. Select Export All Trusted Certificates.

7. Save the file as certdb.txt.

8. Place the file certdb.txt in the connector home root directory ($OMS_HOME/sysman/connector).

   If the file certdb.txt already exists in the root directory, open the file and add the contents of your certdb.txt to the existing content.

Now Java SSL can use this file for communication between Enterprise Manager and MOM server in HTTPS mode.

See Also:

For information on creating a wallet, see "Creating and Viewing Oracle Wallets with orapki" in the Oracle Database Advanced Security Administrator's Guide, 10g Release 2 (10.2).