Jump to Navigation

Secondary menu

OEM Database Control: using HTTPS

Mon, 11/17/2014 - 21:50

Symptoms

Oracle Enterprise Manager Database Control has a web front end that can be accessed through either HTTP or HTTPS. The current protocol is not what you want.

Solution

You can change the protocol, provided you have command-line access on the database server as the user Oracle was installed with. This will cause no downtime on the database, though Enterprise Manager itself will need to be restarted.

Assumptions

  • You are running Oracle database 11g 1
  • You are running on Linux or Unix 2
  • You have not implemented Grid Control, but are using the out of the box version of Oracle Enterprise Manager (also known as Database Control).
  • You have access to the Oracle server and can log in as the user Oracle was installed with (usually: user oracle).

Changing the HTTP(S) port on which the web interface listens is described elsewhere on this site.

Theory

If you create a new database instance and choose to add Database Control for local management 3 you will get a web-based management console for just this database instance. It actually consists of several parts, just like the full-blown Grid Control option:

  • The database console (dbconsole)
    The front end, among which the web server.
  • The agent (emagent)
    The agent gathers (some of) the data displayed. It is automatically started by the database console.
  • The repository
    This will be created under the SYSMAN schema

Both the database console and the agent are listening on a port and expecting HTTP or HTTPS traffic. What the agent is using is not very important for this setup, as it should never be accessed from outside the server. The database console, on the other hand, is used as the web front end.

Procedure

The current protocols can be found by trying:

# You should probably be user oracle
# Replace SID with the SID of your database
ORACLE_SID=SID emctl status dbconsole
ORACLE_SID=SID emctl status agent

This will print among other information the URL the database console is listening on and an Agent URL and a Repository URL4, for example:

https://oracle-1.frodo.site:1820/em/console/aboutApplication
[...]
Repository URL    : https://machine.example.com:1820/em/upload/
Agent URL           : https://machine.example.com:10003/emd/main

In this case, you have both the dbconsole and the agent using HTTPS.

To change the protocol to HTTPS try:

# You should probably be user oracle
# Replace SID with the SID of your database
ORACLE_SID=SID emctl secure dbconsole

To change the protocol back to HTTP try:

# You should probably be user oracle
# Replace SID with the SID of your database
ORACLE_SID=SID emctl unsecure dbconsole

This will automatically restart Enterprise Manager. It will change both the dbconsole and the agent protocol. Port numbers will remain unchanged.

  • 1. This procedure will probably also work on 10i or 12c, but has not been tested
  • 2. This procedure will probably also work on Windows, but has not been tested
  • 3. In dbca, this is step 4
  • 4. The database console URL as printed by the first command, and the Repository URL as printed by the second command should be identical upto the first component after the port number. If not, something is very wrong!
Tags:


Technical_article | by Dr. Radut