As part of this series of Oracle Enterprise Manager blogs we thought it would be useful to give a quick demo of how users can perform SSL certificate management in OEM13c.
Why do it?
SSL certificate managment is pretty important – it helps to address common problems (which most of us will have hit at some point)…
- certificates expire unexpextedly, breaking your application
- turnaround of custom CA signed certificate generation can often take days for some sites – advanced planning is normally needed
- legacy or 3rd party provided certificates may use insecure levels of encryption, old ciphers – these need to be idenfied and resolved
- Internal security teams may own and manage SSL certificates – DBAs/App Support may have no (or limited) visibility of certificate status
AIDEV‘s SSL certificate monitoring plugin for Oracle Enterprise Manager 13c helps to address the points highlighted above by providing the following benefits:
Centralised visibility, monitoring and configuration management of SSL certificates – all within the OEM13c console
You get a useful dashboard showing all related certificates – a single screen showing site status (up/down), expiration status and encryption level. Pretty useful for ‘at a glance’ monitoring:
Core SSL certificate configuration and availability metrics available out of the box, fully customisable
Out of the box you get a number of enabled metrics – extremely useful for tracking certificate configuration across your estate and ensuring site standards are consistently met.
Users can leverage OEM’s alerting framework to notify admins of impending certificate expiration, far in advance of any issue arising. Calls can be automatically placed on Support staff queues to get the ball rolling with resolution.
Full transparent integration into the core features of OEM13c (reporting/monitoring/alerting/notification/extensibility)
All collected metric data is resident in the OEM repository. Users can create custom OEM reports in the normal manner, for example to track core metrics across multiple SSL certificate endpoints.
Custom monitoring templates can be used to ensure consistent alerting is deployed.
Link related targets together
Related targets, for example web servers, app servers and hosts, can be linked through associations in OEM to build logically related systems. Dashboards can be created very easily to graphically illustrate system component status and highlight any issues.
SSL certificates can be managed pretty easily using the plugin, helping to address the issues/requirements highlighted above.
The plugin itself is lightweight and can be deployed to any remote OEM agent with connectivity to the SSL endpoint being monitored. Multiple sites can be managed by a single OEM agent, so it’s pretty fliexible in it’s deployment options.
The plugin datasheet can be found at http://www.aidev.uk/ssl_cert_plugin_overview.pdf
If you’re interested in trialling it for your site, let us know.
For more info on the plugin, jump over to http://www.aidev.uk/s1/sslcert.html or drop us a comment here and we’ll get back to you.
AIDEV have the following plugins available and listed on the Oracle Extensibility Exchange:
- SSL certificate
- REDIS data store
For more information on our OEM plugins or how we can create plugins for your applications, reach out to us.
Subscribe to receive notification of updates to our blog posts…