1. Stop the agent
<AGENT_HOME>/bin/emctl stop agent
[oracle@host01]$ /u01/software/em/agent/agent_13.2.0.0.0/bin/emctl stop agent
Oracle Enterprise Manager Cloud Control 13c Release 2
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
Stopping agent ... stopped.
Oracle Enterprise Manager Cloud Control 13c Release 2
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
Stopping agent ... stopped.
2. Add following lines to agent configuration file <AGENT_INST_HOME>/sysman/config/emd.properties
_frameworkTlsProtocols=TLSv1.2
_frameworkSSLContextProtocol=TLSv1.2
[oracle@host01]$ cd /u01/software/em/agent/agent_inst/sysman/config
[oracle@host01]$ grep '^_' emd.properties
_dumpDispatcherWhenOverloaded=true
_disableLoadDPFromCacheNormal=true
_enableJobSystemStreamsTracing=true
_SchedulePersistTimer=30
[oracle@host01]$
[oracle@host01]$ echo "_frameworkTlsProtocols=TLSv1.2" >> emd.properties
[oracle@host01]$ echo "_frameworkSSLContextProtocol=TLSv1.2" >> emd.properties
[oracle@host01]$
[oracle@host01]$ grep '^_' emd.properties
_dumpDispatcherWhenOverloaded=true
_disableLoadDPFromCacheNormal=true
_enableJobSystemStreamsTracing=true
_SchedulePersistTimer=30
_frameworkTlsProtocols=TLSv1.2
_frameworkSSLContextProtocol=TLSv1.2
[oracle@host01]$ grep '^_' emd.properties
_dumpDispatcherWhenOverloaded=true
_disableLoadDPFromCacheNormal=true
_enableJobSystemStreamsTracing=true
_SchedulePersistTimer=30
[oracle@host01]$
[oracle@host01]$ echo "_frameworkTlsProtocols=TLSv1.2" >> emd.properties
[oracle@host01]$ echo "_frameworkSSLContextProtocol=TLSv1.2" >> emd.properties
[oracle@host01]$
[oracle@host01]$ grep '^_' emd.properties
_dumpDispatcherWhenOverloaded=true
_disableLoadDPFromCacheNormal=true
_enableJobSystemStreamsTracing=true
_SchedulePersistTimer=30
_frameworkTlsProtocols=TLSv1.2
_frameworkSSLContextProtocol=TLSv1.2
3.If the Agent is running on AIX platform , then download and apply 12.1.3 version of Patch 25237184 on Agent Home. Here, version number 12.1.3 is the version of WebLogic released with OEM 13.2, not agent version.
[oracle@host01]$ export ORACLE _HOME=/u01/software/em/agent/agent _13.2.0.0.0
[oracle@host01]$ cd /stage/patch/25237184
[oracle@host01]$ $ORACLE _HOME/OPatch/opatch apply
Oracle Interim Patch Installer version 13.9.1.3.0
Copyright (c) 2018, Oracle Corporation. All rights reserved.
Oracle Home : /u01/software/em/agent/agent_13.2.0.0.0
Central Inventory : /u1/app/oracle/oraInventory
from : /u01/software/em/agent/agent_13.2.0.0.0/oraInst.loc
OPatch version : 13.9.1.3.0
OUI version : 13.9.1.0.0
Log file location : /u01/software/em/agent/agent_13.2.0.0.0/cfgtoollogs/opatch/opatch2018-08-14_17-30-13PM_1.log
OPatch detects the Middleware Home as "/u01/software/em/agent"
Verifying environment and performing prerequisite checks...
OPatch continues with these patches: 25237184
Do you want to proceed? [y|n]
y
User Responded with: Y
All checks passed.
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/u01/software/em/agent/agent_13.2.0.0.0')
Is the local system ready for patching? [y|n]
y
User Responded with: Y
Backing up files...
Applying interim patch '25237184' to OH '/u01/software/em/agent/agent_13.2.0.0.0'
ApplySession: Optional component(s) [ oracle.wsm.jrf, 12.1.3.0.0 ] , [ oracle.wsm.jrf, 12.1.3.0.0 ] , [ oracle.wsm.console.core, 12.1.3.0.0 ] , [ oracle.wsm.console.core, 12.1.3.0.0 ] , [ oracle.css.wls, 12.1.3.0.0 ] , [ oracle.css.wls, 12.1.3.0.0 ] , [ oracle.opss.jrf.was, 12.1.3.0.0 ] , [ oracle.opss.jrf.was, 12.1.3.0.0 ] , [ oracle.opss.jrf, 12.1.3.0.0 ] , [ oracle.opss.jrf, 12.1.3.0.0 ] , [ oracle.wsm.agent.fmw, 12.1.3.0.0 ] , [ oracle.wsm.agent.fmw, 12.1.3.0.0 ] , [ oracle.wsm.agent.wls, 12.1.3.0.0 ] , [ oracle.wsm.agent.wls, 12.1.3.0.0 ] , [ oracle.oamclient.wls, 12.1.3.0.0 ] , [ oracle.oamclient.wls, 12.1.3.0.0 ] , [ oracle.opss.jrf.wls, 12.1.3.0.0 ] , [ oracle.opss.jrf.wls, 12.1.3.0.0 ] , [ oracle.idm.uishell, 12.1.3.0.0 ] , [ oracle.idm.uishell, 12.1.3.0.0 ] , [ oracle.wsm.pmlib, 12.1.3.0.0 ] , [ oracle.wsm.pmlib, 12.1.3.0.0 ] , [ oracle.opss.wls, 12.1.3.0.0 ] , [ oracle.opss.wls, 12.1.3.0.0 ] , [ oracle.wsm.agent.thirdparty, 12.1.3.0.0 ] , [ oracle.wsm.agent.thirdparty, 12.1.3.0.0 ] not present in the Oracle Home or a higher version is found.
Patching component oracle.pki, 12.1.3.0.0...
Patching component oracle.pki, 12.1.3.0.0...
Patching component oracle.osdt.core, 12.1.3.0.0...
Patching component oracle.osdt.core, 12.1.3.0.0...
Patching component oracle.wsm.common, 12.1.3.0.0...
Patching component oracle.wsm.common, 12.1.3.0.0...
Patching component oracle.opss.core, 12.1.3.0.0...
Patching component oracle.opss.core, 12.1.3.0.0...
Patch 25237184 successfully applied.
Log file location: /u01/software/em/agent/agent_13.2.0.0.0/cfgtoollogs/opatch/opatch2018-08-14_17-30-13PM_1.log
OPatch succeeded.
[oracle@host01]$ cd /stage/patch/25237184
[oracle@host01]$ $ORACLE _HOME/OPatch/opatch apply
Oracle Interim Patch Installer version 13.9.1.3.0
Copyright (c) 2018, Oracle Corporation. All rights reserved.
Oracle Home : /u01/software/em/agent/agent_13.2.0.0.0
Central Inventory : /u1/app/oracle/oraInventory
from : /u01/software/em/agent/agent_13.2.0.0.0/oraInst.loc
OPatch version : 13.9.1.3.0
OUI version : 13.9.1.0.0
Log file location : /u01/software/em/agent/agent_13.2.0.0.0/cfgtoollogs/opatch/opatch2018-08-14_17-30-13PM_1.log
OPatch detects the Middleware Home as "/u01/software/em/agent"
Verifying environment and performing prerequisite checks...
OPatch continues with these patches: 25237184
Do you want to proceed? [y|n]
y
User Responded with: Y
All checks passed.
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/u01/software/em/agent/agent_13.2.0.0.0')
Is the local system ready for patching? [y|n]
y
User Responded with: Y
Backing up files...
Applying interim patch '25237184' to OH '/u01/software/em/agent/agent_13.2.0.0.0'
ApplySession: Optional component(s) [ oracle.wsm.jrf, 12.1.3.0.0 ] , [ oracle.wsm.jrf, 12.1.3.0.0 ] , [ oracle.wsm.console.core, 12.1.3.0.0 ] , [ oracle.wsm.console.core, 12.1.3.0.0 ] , [ oracle.css.wls, 12.1.3.0.0 ] , [ oracle.css.wls, 12.1.3.0.0 ] , [ oracle.opss.jrf.was, 12.1.3.0.0 ] , [ oracle.opss.jrf.was, 12.1.3.0.0 ] , [ oracle.opss.jrf, 12.1.3.0.0 ] , [ oracle.opss.jrf, 12.1.3.0.0 ] , [ oracle.wsm.agent.fmw, 12.1.3.0.0 ] , [ oracle.wsm.agent.fmw, 12.1.3.0.0 ] , [ oracle.wsm.agent.wls, 12.1.3.0.0 ] , [ oracle.wsm.agent.wls, 12.1.3.0.0 ] , [ oracle.oamclient.wls, 12.1.3.0.0 ] , [ oracle.oamclient.wls, 12.1.3.0.0 ] , [ oracle.opss.jrf.wls, 12.1.3.0.0 ] , [ oracle.opss.jrf.wls, 12.1.3.0.0 ] , [ oracle.idm.uishell, 12.1.3.0.0 ] , [ oracle.idm.uishell, 12.1.3.0.0 ] , [ oracle.wsm.pmlib, 12.1.3.0.0 ] , [ oracle.wsm.pmlib, 12.1.3.0.0 ] , [ oracle.opss.wls, 12.1.3.0.0 ] , [ oracle.opss.wls, 12.1.3.0.0 ] , [ oracle.wsm.agent.thirdparty, 12.1.3.0.0 ] , [ oracle.wsm.agent.thirdparty, 12.1.3.0.0 ] not present in the Oracle Home or a higher version is found.
Patching component oracle.pki, 12.1.3.0.0...
Patching component oracle.pki, 12.1.3.0.0...
Patching component oracle.osdt.core, 12.1.3.0.0...
Patching component oracle.osdt.core, 12.1.3.0.0...
Patching component oracle.wsm.common, 12.1.3.0.0...
Patching component oracle.wsm.common, 12.1.3.0.0...
Patching component oracle.opss.core, 12.1.3.0.0...
Patching component oracle.opss.core, 12.1.3.0.0...
Patch 25237184 successfully applied.
Log file location: /u01/software/em/agent/agent_13.2.0.0.0/cfgtoollogs/opatch/opatch2018-08-14_17-30-13PM_1.log
OPatch succeeded.
4. Start the agent
<AGENT_HOME>/bin/emctl start agent
[oracle@host01]$ /u01/software/em/agent/agent _13.2.0.0.0/bin/emctl start agent
Oracle Enterprise Manager Cloud Control 13c Release 2
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
Starting agent ................ started.
Oracle Enterprise Manager Cloud Control 13c Release 2
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
Starting agent ................ started.
5. To validate used protocol by running command openssl,
* Test if TLSv1.0 is used,
openssl s_client -connect <AGENT_HOST_IP:AGENT_LISTEN_PORT> -tls1
* Test if TLSv1.1 is used,
openssl s_client -connect <AGENT_HOST_IP:AGENT_LISTEN_PORT> -tls1_1
* Test if TLSv1.2 is used,
openssl s_client -connect <AGENT_HOST_IP:AGENT_LISTEN_PORT> -tls1_2
If the specified version of TLS is used, the output looks like following,
[oracle@host01]$ openssl s_client -connect host01.dbaplus.ca:3872 -tls1
CONNECTED(00000003)
depth=1 O = EnterpriseManager on oms1.dbaplus.ca, OU = EnterpriseManager on oms1.dbaplus.ca, L = EnterpriseManager on oms1.dbaplus.ca, ST = CA, C = US, CN = oms1.dbaplus.ca
verify error:num=19:self signed certificate in certificate chain
---
<<Contents truncated>>
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: 5B7344B917B62A0CDFFEF164901B6C4CCB5406B2E3995CBFD6DE96401F1A4421
Session-ID-ctx:
Master-Key: E148FFD5828A4796990ABC7A01257EE8EBFDA3F81DD58217623F2A352A1A2FFB67288C778E9DC34BB5025E890266012B
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1534280889
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
CONNECTED(00000003)
depth=1 O = EnterpriseManager on oms1.dbaplus.ca, OU = EnterpriseManager on oms1.dbaplus.ca, L = EnterpriseManager on oms1.dbaplus.ca, ST = CA, C = US, CN = oms1.dbaplus.ca
verify error:num=19:self signed certificate in certificate chain
---
<<Contents truncated>>
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: 5B7344B917B62A0CDFFEF164901B6C4CCB5406B2E3995CBFD6DE96401F1A4421
Session-ID-ctx:
Master-Key: E148FFD5828A4796990ABC7A01257EE8EBFDA3F81DD58217623F2A352A1A2FFB67288C778E9DC34BB5025E890266012B
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1534280889
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
If the specified version of TLS is not used, the output looks like,
[oracle@host01]$ openssl s_client -connect host01.corp.toronto.ca:3872 -tls1
CONNECTED(00000003)
804401144:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1534283067
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
CONNECTED(00000003)
804401144:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1534283067
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
No comments:
Post a Comment