Scribd
Upload
388 views2 pages

Resolving SSLKeyException in NodeManager

The document describes an issue where a NodeManager started on a cloned VM was throwing SSL certificate errors. This was because the SSL certificates corresponded to the original VM and not the cloned one. The document provides two solutions: 1. Disable SSL hostname verification as a workaround. 2. Recreate the SSL certificates using the CertGen utility to generate a new private key for the cloned VM. This involves backing up the existing keystore, generating a new private key, importing it to the keystore and copying the updated keystore back. This is described as the recommended approach.

Uploaded by

Nihar RM
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
388 views2 pages

Resolving SSLKeyException in NodeManager

The document describes an issue where a NodeManager started on a cloned VM was throwing SSL certificate errors. This was because the SSL certificates corresponded to the original VM and not the cloned one. The document provides two solutions: 1. Disable SSL hostname verification as a workaround. 2. Recreate the SSL certificates using the CertGen utility to generate a new private key for the cloned VM. This involves backing up the existing keystore, generating a new private key, importing it to the keystore and copying the updated keystore back. This is described as the recommended approach.

Uploaded by

Nihar RM
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

NodeManager:

[Security:090482]BAD_CERTIFICATE
alert [Link]
May 15, 2014 by Sumit Gupta
Recently I cloned an OAM VM. When I started NodeManager for the cloned machine, I got
below errors:-
06-May-2014 [Link] [Link] run
WARNING: Uncaught exception in server [Link]:
[Security:090482]BAD_CERTIFICATE alert was received from [Link]
[Link]. Check the peer to determine why it rejected the certificate chain (trusted CA
configuration, hostname verification). SSL debug tracing may be required to determine the
exact reason the certificate was rejected.
[Link]: [Security:090482]BAD_CERTIFICATE alert was received
from [Link] [Link]. Check the peer to determine why it rejected the
certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may
be required to determine the exact reason the certificate was rejected.
at [Link](Unknown Source)
at [Link](Unknown Source)
at [Link](Unknown Source)
at [Link](Unknown Source)
at [Link](Unknown Source)
The cause of the above issue was the certificates corresponded to the old machine. So, there
are two ways to solve it.
1. Disable Flags Workaround
Put the following flags at the right places.
Node Manager: -[Link]=false
Admin Server: -[Link]=true
2. Recreate the Certificates The recommended way.
Node manager by default uses the WebLogic demo identity keystore. The keystore is
generated at install time using the CertGen utility. The generated private key uses the
common name (cn) resolved by Java.

2.1 Set the PATH
. $WL_HOME/server/bin/[Link]

2.2 Backup [Link] under $WL_HOME/server/lib
2.3 Generate the private key.
java [Link] -keyfilepass DemoIdentityPassPhrase -certfile newcert -
keyfile newkey

2.4 Import the key generated above to the keystore.
java [Link] -keystore [Link] -storepass
DemoIdentityKeyStorePassPhrase -keyfile [Link] -keyfilepass
DemoIdentityPassPhrase -certfile [Link] -alias demoidentity

2.5 Copy [Link] to $WL_HOME/server/lib
2.6 Restart your nodemanager

You might also like