How to Resolve Enterprise Manager Express Secure Connection Fail

  • by
Oracle Enterprise Manager Database Express 19c - This Page Can't be Displayed

Saw an error in Internet Explorer 11 when I tried to connect to Oracle Enterprise Manager Database Express (EM Express) of a RAC server.

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://192.168.10.11:5500 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Rationale

This is because the listener is owned by grid, but the wallet is owned by oracle. When the listener tried to read the wallet, it got permission denied. Therefore, we should make wallet be read by grid.

Solution

Just add READ permission to group on ALL nodes if you were using a RAC database.

[oracle@primary01 ~]$ cd $ORACLE_HOME/admin/ORCLCDB/xdb_wallet/
[oracle@primary01 xdb_wallet]$ ll
total 8
-rw------- 1 oracle asmadmin 3880 Oct 14 11:56 cwallet.sso
-rw------- 1 oracle asmadmin 3835 Oct 14 11:56 ewallet.p12
[oracle@primary01 xdb_wallet]$ chmod g+r *
[oracle@primary01 xdb_wallet]$ ll
total 8
-rw-r----- 1 oracle asmadmin 3880 Oct 14 11:56 cwallet.sso
-rw-r----- 1 oracle asmadmin 3835 Oct 14 11:56 ewallet.p12

Then refresh EM Express once again. Is it a bug? Please leave your comment if you know that.

In our case, we used IP address to connect to EM Express. In fact, the formal way to access EM Express of a RAC database is to connect Single Client Access Name (SCAN). For example:

https://primary-cluster-scan:5500/em/

Which means, let SCAN decide where to go. Also, direct access to any node server or IP address is alright, especially you can't or don't want to resolve the hostname.

Leave a Reply

Your email address will not be published. Required fields are marked *