2
NodeManager: [Security:090482]BAD_CERTIFICAT E alert javax.net.ssl.SSLKeyException May 15, 2014 by Sumit Gupta Recently I cloned an OAM VM. When I started NodeManager for the cloned machine, I got below errors:- 06-May-2014 10:58:08 weblogic.nodemanager.server.Handler run WARNING: Uncaught exception in server handlerjavax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from newmachine.OraWorld – 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected. javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from newmachine.OraWorld – 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected. at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException (Unknown Source) at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertRece ived(Unknown Source) at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source) at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages (Unknown Source) at

NodeManager_SSLKeyException

Embed Size (px)

Citation preview

Page 1: NodeManager_SSLKeyException

NodeManager: [Security:090482]BAD_CERTIFICATE alert javax.net.ssl.SSLKeyExceptionMay 15, 2014 by Sumit Gupta

Recently I cloned an OAM VM. When I started NodeManager for the cloned machine, I got below errors:-

06-May-2014 10:58:08 weblogic.nodemanager.server.Handler runWARNING: Uncaught exception in server handlerjavax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from newmachine.OraWorld – 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from newmachine.OraWorld – 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)

The cause of the above issue was the certificates corresponded to the old machine. So, there are two ways to solve it.

1. Disable Flags – WorkaroundPut the following flags at the right places.Node Manager: -Dweblogic.nodemanager.sslHostNameVerificationEnabled=falseAdmin Server: -Dweblogic.security.SSL.ignoreHostnameVerification=true

2. Recreate the Certificates – The recommended way.Node manager by default uses the WebLogic demo identity keystore. The keystore is generated at install time using the CertGen utility. The generated private key uses the common name (cn) resolved by Java.

2.1 Set the PATH. $WL_HOME/server/bin/setWLSEnv.sh

2.2 Backup DemoIdentity.jks under $WL_HOME/server/lib

2.3 Generate the private key.

Page 2: NodeManager_SSLKeyException

java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile newcert -keyfile newkey

2.4 Import the key generated above to the keystore. java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile newkey.pem -keyfilepass DemoIdentityPassPhrase -certfile newcert.pem -alias demoidentity

2.5 Copy DemoIdentity.jks to $WL_HOME/server/lib

2.6 Restart your nodemanager


Iron Mills Essay

Iron Mills Essay

Documents
Algorithms

Algorithms

Documents
xCDC14a

xCDC14a

Documents
Personality Development

Personality Development

Documents
Aesops Fables

Aesops Fables

Documents
18 Tricks to Teach Your Body

18 Tricks to Teach Your Body

Documents
Heidegger Kritik

Heidegger Kritik

Documents
Improve the Color Quality Of Your Monitor

Improve the Color Quality Of Your Monitor

Documents
One Flew Over the Cuckoo's Nest

One Flew Over the Cuckoo's Nest

Documents
How Computer Monitors Work

How Computer Monitors Work

Documents
Star Wars Trivia!

Star Wars Trivia!

Documents
(Tesla) - The Tesla Magnetic Car Engine

(Tesla) - The Tesla Magnetic Car Engine

Documents
Introduction to Six Sigma

Introduction to Six Sigma

Documents
Explore The Levels of Creation

Explore The Levels of Creation

Documents
Oedipus The King: The Ideal Tragic Play

Oedipus The King: The Ideal Tragic Play

Documents
Jan Van Eyck and the Man In A Red Turban

Jan Van Eyck and the Man In A Red Turban

Documents
Physical Modelling Synthesis Overview

Physical Modelling Synthesis Overview

Documents
Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
Plato - Symposium

Plato - Symposium

Documents
Rubik's cube solution

Rubik's cube solution

Documents
Cakes Recipes

Cakes Recipes

Documents
Chapter 23

Chapter 23

Documents
Daniel Zanella and Alexander Weygers

Daniel Zanella and Alexander Weygers

Documents
The Best American Humorous Short Stories

The Best American Humorous Short Stories

Documents
Star Wars Prequel Trilogy Trivia (Episodes I-III)

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Documents
Basic Buffer Overflows Explained

Basic Buffer Overflows Explained

Documents
Simple Functions in Haskell

Simple Functions in Haskell

Documents
Venture Capital

Venture Capital

Documents
Fortran

Fortran

Documents