Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Has anyone successfully configured SSL on 12c?

Received Response
54
Views
4
Comments
jepva
jepva Rank 5 - Community Champion
edited Aug 13, 2024 7:04PM in Oracle Analytics Cloud and Server

I could get Weblogic SSL to work with the demo certs & keystores but as soon as I tried to use custom jks keystore it stops working.  Specifically, node manager seems to stop working.  Admin server can boot fine but the included start.sh/cmd script stops working due to node manager.  Node manager will say there was a generic SSL comunication error and complain it's not running, even though it is.

Also, starting node manager on its own (with SSL enabled) works fine from the startnodemanager script, and reports no errors, but the start script will still claim it's not running if started that way.  IT has something to do with SSL enabled and using the included start script (my guess is its ignoring the configurations set in weblogic somehow).

Starting AdminServer

nmStart(AdminServer) succeeded

Start Admin server connect exception caught error occured while performing connect: Cannot connect via t3s or https.  : t3s://<hostname>:<port>: RJVM:000575 destination <ip address> unreachable: nested exception is:

javax.net.sslhandshakeexception: general SSLEngine problem; [RJVM:000576] No Available router to destination

Any ideas?

Answers

  • FTisiot
    FTisiot Rank 6 - Analytics Lead

    Hi @jepva do you see any errors in the nodemanager.log file?

    Also, do your nodemanager.properties contain a reference to the new keystore you created?

  • jepva
    jepva Rank 5 - Community Champion

    No reported errors in nodemanager.log, it starts up fine using the keystore (and yes i added customidentitykeystore properties to nodemanager.properties) and it reports listening on SSL at correct port

  • FTisiot
    FTisiot Rank 6 - Analytics Lead

    did you also add

    CustomIdentityAlias=

    CustomIdentityPrivateKeyPassPhrase=

    CustomTrustKeyStoreFileName=

    And is the Listen address in the console the same address mentioned in your certificate?

  • jepva
    jepva Rank 5 - Community Champion

    Yes I had all of these set (weblogic 12c docs say customtrustkeystore property is deprecated for 12c and only identity is needed)

    KeyStores=CustomIdentityAndCustomTrust
    CustomIdentityAlias=aliasforkeystore
    CustomIdentityKeyStoreFileName=C:\Certs\\
    CustomIdentityKeyStorePassPhrase=
    CustomIdentityKeyStoreType=jks
    CustomIdentityPrivateKeyPassPhrase=


    Like I said i can see in nodemanager log where it is accesses the custom jks successfully and SSL listener started successfully.


    I did have listener address in AdminServer set to CN of certificate, however Chrome was still complaining that certificate was not from CN address (even though dns alias matches 100% to CN name).  Not sure if the issue is with weblogic or not