After I have patched firefox to version 31.0 when i try to connect Enterprise Manager 12c , browser throws an SSL error : sec_error_ca_cert_invalid
An error occurred during a connection to https://<OMS host>:port . Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)
Because of certificate of grid control is self generated and not signed by a trusted Certificate Authority , browser shows an error that it does not recognise the certificate . To skip this situation there are 2 ways that can be done.
1. Third Party certificate from well know certificate authority can be used.
Third party certificates can be obtained from a well-known Certificate Authority and imported into the OMS and Agents.
2. Import Self-signed certificate into browsers certificate store
To recognise self-signed certificate from any browser , this certificate can be added browser store.Whenever grid control URL is called from explorer or chrome , these browsers can continue to work even if you accept risk.But firefox can not. To skip firefox issue i have used "internet explorer" to get related certificate and imported it into firefox store by using following steps,
1.Clear SSL cache from "Internet Options > Content Tab > Clear SSL State"
2.Remove any certificate entry from "Internet Options > Content Tab > Certificates" related with your Grid Console or Enterprise Manager Cloud control in following tabs
Personal
Other People
Intermediate Certification Authorities
Trusted Root Certification Authorities
Trusted Publishers
Untrusted Publishers
3. Click Ok and close the browser
4. Open browser and go to https://<OMS host>:port/em
5. Continue to this website (not recommended) is selected
6. After this login screen is opened but "Certifacate Error" link is came up beside address bar of explorer. Click this link.
7. Click "View certificates"
8. Goto "Certification Path" tab
9. Select top or root certificate and click "View Certificate"
10. Click "Install Certificate"
11. Click "Next" and choose "Place all certificates in the following store" in the following screen.
10. Click "Browse" button and select "Trusted Root Certification Authorities"
11. Click "Next" and "Finish" button sequentially
12. Click "Yes" on Last "Security Warning" screen and "The import was successful" message comes up
13. After reopen the browser and calling OMS url https://<OMS host>:port/em certificate error does not occur again.
Now , i have imported self-signed certificate into internet explorer certificate store and i can export it to import into firefox store.
1. From internet explorer choose "Internet Options > Content Tab > Certificates" and goto "Trusted Root Certification Authorities"
2. Select your certificate regarding your OMS host name in "Issued To" column.
3. Click export
4. Click Next
5. Select "DER encoded binary X.509 (.CER)
6. Click next and give a name as a file name for certificate
7. Click next and finish.
8. Open firefox
9. Goto "Advanced > Certificates > View Certificates"
10. Goto "Authorities" tab and click "Import" button
11. Select your exported certification file with open file editor and click "Ok" without selecting any purposes.
12. Reopen firefox and enter OMS url again.
Login screen opened .
Thanks for posting this. It didn't work for me until I went back in to Firefox Preferences/Advanced/Certificates/View Certificates/Authorities and then selected the certificate and the "Edit Trust" button and checked "This certificate can identify websites"
ReplyDeleteThanks for response. I have not checked Trust entries from "Edit Trust" you mentioned due to it has worked for me . But this can be last workaround if it has not worked. Thanks again.
DeleteThis was GREAT!! Thank you very much for sharing.
ReplyDeleteI had to select "Trust this CA to identify websites" on step 11.
ReplyDelete