When using Enterprise Manager and a Secure Socket Layer (SSL) protocol to discover and monitor the Oracle Compute Site, the Secure Certificate must be imported before a secure communication link can be established. The Management Agent (running on the first privileged control VM) maintains a Java Keystore (JKS) truststore containing certificates of Certification Authorities (CAs) that it can trust or self signed certificates when establishing a secure connection.
The JKS Agent truststore is available at the following location:
$ORACLE_HOME/sysman/config/montrust/AgentTrust.jks
where ORACLE_HOME is the Management Agent instance home.
To download the certificate (CA Certificate or Root Certificate), follow these steps:
Open a browser window and enter the site URL in the address window.
Expand by clicking on I Understand the Risk and click Add Exception.
Under Certificate Status click the View button on the right hand side.
Click the Details tab. In the left hand side bottom column, click Export.
Save the certificate at your desired location with desired filename.
After downloading the certificate, you must update the Agent truststore (AgentTrust.jks). If a signed certificate from a self signed CA is being used on the Oracle Compute site, then the Root CA certificate for this must be added to JKS Agent truststore so that Management Agent can discover and monitor these Oracle Compute sites. To update the AgentTrust.jks, enter the following command:
emctl secure add_trust_cert_to_jks -password <password> -trust_certs_loc <loc> -alias <alias>
where:
password is the password for the AgentTrust.jks (if not specified, you will be prompted for the password at the command line)
trust_certs_loc is the location of the certificate file to be imported.
alias is the alias of the certificate to be imported.
For example: emctl secure add_trust_cert_to_jks -password welcome -trust_certs_loc /home/asaral/certs/emdev1_nimbula.crt -alias emdev1_nimbula