Sunday, 30 August 2020

NodeManager is not coming up after SSL Setup

ERROR:

 After SSL implementation NodeManager is not startup.

java.lang.RuntimeException: Cannot convert identity certificate

  at com.certicom.tls.interfaceimpl.CertificateSupport.addAuthChain(Unknown Source)

  at com.certicom.net.ssl.SSLContext.addAuthChain(Unknown Source)

  at com.bea.sslplus.CerticomSSLContext.addIdentity(Unknown Source)

  at weblogic.security.utils.SSLContextWrapper.addIdentity(SSLContextWrapper.java:144)

  at weblogic.nodemanager.server.SSLListener.init(SSLListener.java:53)

  at weblogic.nodemanager.server.NMServer.start(NMServer.java:206)

  at weblogic.nodemanager.server.NMServer.main(NMServer.java:377)

  at weblogic.NodeManager.main(NodeManager.java:31)

 weblogic.nodemanager.server.NMServer main

SEVERE: Fatal error in node manager server

java.lang.RuntimeException: Cannot convert identity certificate

  at com.certicom.tls.interfaceimpl.CertificateSupport.addAuthChain(Unknown Source)

  at com.certicom.net.ssl.SSLContext.addAuthChain(Unknown Source)

  at com.bea.sslplus.CerticomSSLContext.addIdentity(Unknown Source)

  at weblogic.security.utils.SSLContextWrapper.addIdentity(SSLContextWrapper.java:144)

  at weblogic.nodemanager.server.SSLListener.init(SSLListener.java:53)

  at weblogic.nodemanager.server.NMServer.start(NMServer.java:206)

  at weblogic.nodemanager.server.NMServer.main(NMServer.java:377)

  at weblogic.NodeManager.main(NodeManager.java:31)

+ set +x

SOLUTIONS:

Configure Custom keystore in nodemanager.properties and enable JSSE for nodemanager.

1. Navigate to WL_HOME\server\bin

2. Take back-up of nodemanager.properties

3. Append below lines in nodemanager.properites.

----------------------------------------

KeyStores=CustomIdentityAndCustomTrust

CustomIdentityKeyStoreFileName=Identity_Keystore EX:/ofm/Oracle/Middleware/keystores/keystore.jks

CustomIdentityKeyStorePassPhrase=Identity_Keystore_Password

CustomIdentityAlias=Identity_Keystore_Alias EX: server_cert

CustomIdentityPrivateKeyPassPhrase=Private_Key_Used_When_Creating_Certificate EX: /ofm/Oracle/Middleware/keystores/keystore.jks

-------------------------------------------

4. Take back-up of startNodeManager.sh and edit the startNodeManager.sh with below JAVA_OPTIONS to enable JSSE.

-----------------------------

JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.security.SSL.enableJSSE=true"

export JAVA_OPTIONS

----------------------------------

5. Restart the Nodemanager and Admin server.

6. Once the nodemanager become Reachable in Admin console, start the Forms and Reports server.

No comments:

Post a Comment

OS Watcher Installation in RAC

 Step:1 Download and untar the oswbb812.tar under the grid user in RAC on the both nodes. Follow the OS Watcher User's Guide (Doc ID 153...