1. Owner's Guide
  2. Installation and Configuration
  3. Installing the Recovery Appliance Software
  4. Setting Up Enterprise Manager to Administer Recovery Appliance
  5. Monitoring TLS-enabled Targets

Monitoring TLS-enabled Targets

Enterprise Manager (EM or Cloud Control) can monitor targets that use TCPS.

A wallet needs to be setup at the EM repository. This wallet should contain the certificates needed to connect to the TLS-enabled target. In addition, OMS wallet specific properties have to be set. EM has one wallet, and this wallet is used by EM to communicate with any TLS-enabled target.

Note:

EM agents that monitor TLS-enabled targets also need to have wallets created with the necessary certificates and agent properties. Refer to Monitoring TLS-enabled Targets with EM Agents
  1. Check to see if your EM instance has a wallet and its values set.
    $OMS_HOME/bin/emctl get property -sysman_pwd <sysmanPwd>  -name em.targetauth.db.pki.TrustStore

    If a wallet exists, the location of the wallet is output.

    If a location exists, it is assumed you have the wallet password.

    Verify other values are already set for the wallet:

    <OMS HOME>/bin>emctl get property -sysman_pwd <sysmanPwd> -name em.targetauth.db.pki.TrustStoreType
<OMS HOME>/bin>emctl get property -sysman_pwd <sysmanPwd> -name em.targetauth.db.pki.TrustStorePassword
  2. If a wallet is not found, create a password protected wallet.

    The location of the wallet: <oms_wallet_location>.

    The password used to protect the wallet: <oms_wallet_password>. 

    orapki wallet create -wallet <oms_wallet_location> -auto_login -pwd <oms_wallet_password>

    Listing of <oms_wallet_location> must contain a cwallet and an ewallet

  3. Set the wallet type, location, and password OMS properties.
    <OMS HOME>/bin>emctl set property -sysman_pwd sysman -name
      em.targetauth.db.pki.TrustStoreType -value PKCS12

<OMS  HOME>/bin>emctl set property -sysman_pwd sysman -name  em.targetauth.db.pki.TrustStore -value
      <oms_wallet_location>/ewallet.p12

<OMS  HOME>/bin>emctl set property -sysman_pwd
      sysman -name  em.targetauth.db.pki.TrustStorePassword -value <oms_wallet_password>

    Validate the entries using the get property call.

  4. Add certificates to the wallet from the monitored targets and restart the OMS (if a new wallet was created).
    orapki wallet add -wallet <oms_wallet_location> -trusted_cert -cert <certFile>

orapki wallet display -wallet <oms_wallet_location> -complete

    Validate the certificate is shown correctly.

    The EM wallet needs the trusted and signed certificates from Recovery Appliance.

  5. If a new wallet was created, restart the OMS.