Skip to content

How to Resolve Oracle 19c EM Express Not Working

  • by
Oracle Enterprise Manager Database Express 19c - This Page Can't be Displayed

Saw an error in Internet Explorer 11 when I tried to connect to Oracle Enterprise Manager Database Express (EM Express) of Oracle 19c. Which means it's not working.

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://192.168.10.11:5500 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Rationale

This is because the listener is owned by grid, but the wallet (xdb_wallet) is owned by oracle. When the listener tried to read the wallet, it got permission denied. Therefore, we should make xdb_wallet be read by grid.

Solution

We have to know the location of xdb_wallet before assigning proper permission on it.

1. For Single-instance Databases

Just add READ permission to group on keystores.

[oracle@test ~]$ cd $ORACLE_BASE/admin/ORCLCDB/xdb_wallet/
[oracle@test xdb_wallet]$ pwd
/u01/app/oracle/admin/ORCLCDB/xdb_wallet
[oracle@test xdb_wallet]$ ll
total 8
-rw------- 1 oracle oinstall 3880 Jul 14  2020 cwallet.sso
-rw------- 1 oracle oinstall 3835 Jul 14  2020 ewallet.p12
[oracle@test xdb_wallet]$ chmod g+r *
[oracle@test xdb_wallet]$ ll
total 8
-rw-r----- 1 oracle oinstall 3880 Jul 14  2020 cwallet.sso
-rw-r----- 1 oracle oinstall 3835 Jul 14  2020 ewallet.p12

2. For RAC Databases

We add READ permission to group on keystores of all nodes if you were using a RAC database.

[oracle@primary01 ~]$ cd $ORACLE_HOME/admin/ORCLCDB/xdb_wallet/
[oracle@primary01 xdb_wallet]$ pwd
/u01/app/oracle/product/19.0.0/db_1/admin/ORCLCDB/xdb_wallet
[oracle@primary01 xdb_wallet]$ ll
total 8
-rw------- 1 oracle asmadmin 3880 Oct 14 11:56 cwallet.sso
-rw------- 1 oracle asmadmin 3835 Oct 14 11:56 ewallet.p12
[oracle@primary01 xdb_wallet]$ chmod g+r *
[oracle@primary01 xdb_wallet]$ ll
total 8
-rw-r----- 1 oracle asmadmin 3880 Oct 14 11:56 cwallet.sso
-rw-r----- 1 oracle asmadmin 3835 Oct 14 11:56 ewallet.p12

Then refresh EM Express once again. Is it a bug? Please leave your comment if you know that.

In our case, we used IP address to connect to EM Express. In fact, the formal way to access EM Express of a RAC database is to connect Single Client Access Name (SCAN). For example:

https://primary-cluster-scan:5500/em/

Which means, let SCAN decide where to go. Also, direct access to any node server or IP address is alright, especially you can't or don't want to resolve the hostname.

Leave a Reply

Your email address will not be published.