| Oracle Access Manager Administrators |
|
|
| ATTENTION: OAM certificates will expire in March |
Review the important information and take action. |
|
|
|
|
|
Oracle Access Manager Administrators,
We want to inform you that all out-of-the-box SIMPLE-mode certificates and CERT-mode certificates will expire on or around March 22, 2024. Unless specific steps are taken from your end as soon as possible before this date, OAM components using SIMPLE-mode certificates and CERT-mode certificates for communication will not function, and this will cause an outage in your environment. Therefore, we strongly recommend that you begin your preventive process promptly to prevent a service disruption.
At a high level, the recommended options available for addressing SIMPLE-mode installations are:
- Upgrade the OAM server and WebGate(s) to 12.2.1.4+ and then use the Oracle Access Protocol (OAP) over REST option (Preferred Option)
- Change SIMPLE-mode to CERT mode
- Change SIMPLE-mode to OPEN mode
Please note that if you move from SIMPLE-mode to CERT-mode, then you will need to perform additional steps AFTER moving away from SIMPLE-mode. You will NOT need to perform these additional steps if you change to OAP over REST, or to OPEN mode.
At a high level, the recommended options available for addressing CERT-mode installations are:
- Use the script that we have prepared for you
- Follow steps to implement the fix from the OAM Server side
- Follow steps to implement the fix from the WebGate side
Details regarding the expiration of the OAM SIMPLE-mode certificates, including how to determine if you are impacted and available solutions, are referenced in "March 2024 Expiration of the Oracle Access Manager (OAM) Out of the Box Certificates (Doc ID 2949379.1).”
All these options are referenced in the Knowledge Base article above. Options specifically for CERT-mode installations are referenced in “WebGates Using CERT Mode Communication Fail After March 22, 2024 (Doc ID 3003731.1).”
Please also note that starting with OAM 12.2.1.4.0, released in September 2019, the default configuration is OAP over REST. If you have used OAP over REST (and not SIMPLE-mode or CERT-mode certificates), then you will not be impacted.
A recording from a recent Advisor Webcast, “Advisor Webcast: Middleware - OAM: Mitigating Certificate Expiry Issues on February 14, 2024 [video] (Doc ID 2994481.1)” is available for viewing. This one-hour advisory webcast is highly recommended for Identity and Access administrators concerned about the upcoming out-of-the-box certificate expirations in the OAM product. In this webcast recording, our subject matter experts have discussed:
- Impacts of expiry of SIMPLE-mode and CERT-mode certificates
- Identifying impacted environments
- Remediating expired certificate impacts
If you have questions about implementing these changes or need further assistance regarding the certificate expiration, please open a Service Request with us.
Thank you,
Oracle Support |
|
|
|
|
