Enabling SSL for HTTPS

Configure Oracle Enterprise Manager to Use SSL

If the web service for Netcool/OMNIbus was configured to run using the HTTPS protocol, you must perform the following steps to set up SSL:

Install an SSL certificate in the web service for Netcool/OMNIbus keystore. You must either install a self-signed certificate or install a certificate obtained from a Certificate Authority (CA).
- To install a self-signed certificate, perform the steps specified in Installing a Self-Signed Certificate.
- To install a certificate from a CA, perform the steps specified in Installing a Certificate from a Certified Authority.
Restart the web service for Netcool/OMNIbus for the changes to take effect.
Import the SSL certificate from the web service for Netcool/OMNIbus keystore into the Enterprise Manager keystore as specified in Importing the Web Service Certificate into Enterprise Manager.

Installing a Self-Signed Certificate

To generate and install a self-signed SSL certificate for the Netcool/OMNIbus adapter web service:

Open a command prompt window and change the working directory to the adapters/conf directory in the web service for Netcool/OMNIbus installation directory.

Enter the following command to delete the default SSL entry from the web service Netcool/OMNIbus keystore:

Unix

$JAVA_HOME/bin/keytool -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks

Windows

"%JAVA_HOME%\bin\keytool" -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks

Enter the following command to generate a new certificate and place it in the web service for Netcool/OMNIbus keystore. You will need to replace <hostname> with the host name or IP address of the system where the web service for Netcool/OMNIbus is installed.

Note:

The host name in the certificate must match the host name or IP address the web service uses. If they do not match, a failure occurs when Enterprise Manager attempts to invoke the web service.
- Unix
```
$JAVA_HOME/bin/keytool -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
```
- Windows
```
"%JAVA_HOME%\bin\keytool" -genkey -alias iwave -keyalg RSA -keysize 1024 -dname "CN=<hostname>, OU=Development, O=iWave Software, L=Frisco, ST=TX, C=US" -keypass iwavepw -storepass iwavepw -keystore keystore.jks
```

Installing a Certificate from a Certified Authority

To request and install a signed SSL certificate for the web service for Netcool/OMNIbus:

Request a certificate for the web service for Netcool/OMNIbus from a Certificate Authority, such as VeriSign.

Note:

In the certificate request, make sure to specify the host name or IP address of the system where the web service for Netcool/OMNIbus is installed. The host name in the certificate must match the host name or IP address the web service uses. If they do not match, a failure occurs when Enterprise Manager attempts to invoke the web service.
After you obtain the certificate from the Certificate Authority, open a command prompt window and change the working directory to the adapters/conf directory in the web service for Netcool/OMNIbus installation directory.

Enter the following command to delete the default SSL entry from the web service for Netcool/OMNIbus keystore:

Unix

$JAVA_HOME/bin/keytool -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks

Windows

"%JAVA_HOME%\bin\keytool" -delete -alias iwave -keypass iwavepw -storepass iwavepw -keystore keystore.jks

Enter the following command to install the certificate, where <certificateFile> is the full path name of the file provided by the Certificate Authority:

Unix

$JAVA_HOME/bin/keytool -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks

Windows

"%JAVA_HOME%\bin\keytool" -importcert -alias iwave -file <certificateFile> -keypass iwavepw -storepass iwavepw -keystore keystore.jks

Importing the Web Service Certificate into Enterprise Manager

To import the web service for Netcool/OMNIbus SSL certificate into the Enterprise Manager keystore:

Open a command prompt window and change the working directory to the adapters/conf directory in the web service for Netcool/OMNIbus installation directory.

Issue the following command to extract the SSL certificate from the web service Netcool/OMNIbus keystore and place it in the OMNIbusws.cer certificate file:

Unix

$JAVA_HOME/bin/keytool -exportcert -rfc -alias iwave -file OMNIbusws.cer -keystore keystore.jks -storepass iwavepw

Windows

"%JAVA_HOME%\bin\keytool" -exportcert -rfc -alias iwave -file OMNIbusws.cer -keystore keystore.jks -storepass iwavepw

Transfer the certificate file OMNIbusws.cer to the system where Enterprise Manager is installed.

Append the contents of the OMNIbusws.cer file to:

$INSTANCE_HOME/sysman/config/b64LocalCertificate.txt

Ensure that only the following lines are appended to the b64LocalCertificate.txt file (that is, do not include blank lines, comments, or any other special characters):
```
-----BEGIN CERTIFICATE-----
<<<Certificate in Base64 format>>>
-----END CERTIFICATE-----
```
Restart OMS by running the following commands:
```
emctl stop oms
emctl start oms
```
Note:

Do not run the emctl secure oms/agent command after adding the external certificate to the b64LocalCertificate.txt file. If you run the emctl secure command later, then repeat steps 4 through 6 to make sure the external certificate exists in the b64LocalCertificate.txt file.