Ensure to upload the SSL certificate to the Oracle Enterprise Manager Agent which is used to discover and monitor the corresponding Oracle GoldenGate targets. When there are more Oracle Enterprise Manager (OEM) Agents monitoring multiple GoldenGate targets, then ensure that the corresponding SSL certificate of Oracle GoldenGate is imported to the agents.

• Go to the EMAgent location and run the emctl command for uploading the certificate. For example:

  ./emctl secure add_trust_cert_to_jks -password <password> -trust_certs_loc
      /<certification location>/rootCA_Cert.pem -alias <alias name of the certification>

  This command adds the certificate to the following: $EMAGENT_BASE_LOCATION/sysman/config/montrust/AgentTrust.jks.

  Note:

  Occassionally, when you encounter the following error: Keystore was tampered with, or password was incorrect, it may indicate the jks truststore is owned by root and marked as read only.

  Workaround: Ensure to execute the root.sh script after the Enterprise Manager Agent installation.

For all secured GoldenGate instances using HTTPS, you can view and download this certificate from the browser when logged into the Service Manager UI or Administration Service UI.

To download the certificate using Mozilla Firefox:

1. Click the Site Identity button (a padlock) in an address bar.

   Figure 5-1 Site Identity Padlock

   
2. Click the Show connection details arrow.
3. Click More Information.
4. Click View Certificate.

   Figure 5-2 View Certificate

   
5. Click Details tab, and then click Export.
6. Specify the name of the file you want to save the SSL certificate to, keep the X.509 Certificate (PEM) format, and then click the Save.

   Figure 5-3 Details Tab