Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Configure Nodemanager for SSL: - nodemanager error

Hi,
I'm trying to configure nodemanager for SSL (as part of the entire SSL configuration) in OBIEE 11g. Here are the steps I have followed:
1. Stop the Nodemanager service
2. Update the nodemanager.properties in <MW_HOME>\wlserver_10.3\common\nodemanager folder with Custom Identity Keystore and Custom Trust Keystore information based on Step 1.
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeyStoreFileName=<Path to the Keystore>
CustomIdentityAlias=<Keystore Alias>
CustomIdentityPrivateKeyPassPhrase=<Key Passphrase>
CustomTrustKeyStoreFileName=<Path to the Keystore
Ex:
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeyStoreFileName=c:\\Oracle\\Middleware\\ssl\\mykeystore.jks
CustomIdentityAlias=testserver
CustomIdentityPrivateKeyPassPhrase=Welcome1
CustomTrustKeyStoreFileName=c:\\Oracle\\Middleware\\ssl\\keystore.jks
My actual changes:
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeyStoreFileName=D\:\\oramw\\user_projects\\domains\\bifoundation_domain\\mykeystore.jks
CustomIdentityAlias=rnadbi
CustomIdentityPrivateKeyPassPhrase={3DES}tr4UdwfKpKGCyZrfDn7Myw==
CustomTrustKeyStoreFileName=D\:\\oramw\\user_projects\\domains\\bifoundation_domain\\mykeystore.jks
I also changed:
ListenPort=9556
to
ListenPort=5556
3. Restart the NodeManager.
I can not restart the nodemanager. Here is the log:
<May 19, 2016 4:38:09 PM> <INFO> <Loading domains file: \oramw\wlserver_10.3\common\nodemanager\nodemanager.domains>
<May 19, 2016 4:38:11 PM> <INFO> <Loading identity key store: FileName=D:\oramw\user_projects\domains\bifoundation_domain\mykeystore.jks, Type=jks, PassPhraseUsed=false>
<May 19, 2016 4:38:11 PM> <INFO> <Loaded node manager configuration properties from 'D:\oramw\WLSERV~1.3\common\nodemanager\nodemanager.properties'>
<May 19, 2016 4:38:11 PM> <INFO> <bifoundation_domain> <bi_server1> <Startup configuration properties loaded from "D:\oramw\user_projects\domains\bifoundation_domain\servers\bi_server1\data\nodemanager\startup.properties">
<May 19, 2016 4:38:11 PM> <WARNING> <Configuration error while reading domain directory: \oramw\user_projects\domains\bifoundation_domain>
java.io.IOException: Invalid state file format. State file contents:
at weblogic.nodemanager.common.StateInfo.load(StateInfo.java:135)
at weblogic.nodemanager.server.AbstractServerMonitor.loadStateInfo(AbstractServerMonitor.java:497)
at weblogic.nodemanager.server.AbstractServerMonitor.isCleanupAfterCrashNeeded(AbstractServerMonitor.java:156)
at weblogic.nodemanager.server.ServerMonitor.isCleanupAfterCrashNeeded(ServerMonitor.java:25)
at weblogic.nodemanager.server.AbstractServerManager.recoverServer(AbstractServerManager.java:147)
at weblogic.nodemanager.server.ServerManager.recoverServer(ServerManager.java:23)
at weblogic.nodemanager.server.DomainManager.initialize(DomainManager.java:105)
at weblogic.nodemanager.server.DomainManager.<init>(DomainManager.java:60)
at weblogic.nodemanager.server.NMServer.initDomains(NMServer.java:225)
at weblogic.nodemanager.server.NMServer.start(NMServer.java:197)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:382)
at weblogic.NodeManager.main(NodeManager.java:31)
<May 19, 2016 4:38:12 PM> <SEVERE> <Fatal error in node manager server>
java.lang.RuntimeException: Cannot convert identity certificate
at com.certicom.tls.interfaceimpl.CertificateSupport.addAuthChain(Unknown Source)
at com.certicom.net.ssl.SSLContext.addAuthChain(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addIdentity(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addIdentity(SSLContextWrapper.java:146)
at weblogic.nodemanager.server.SSLListener.init(SSLListener.java:53)
at weblogic.nodemanager.server.NMServer.start(NMServer.java:206)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:382)
at weblogic.NodeManager.main(NodeManager.java:31)
----------------------------------------
I also added this:
JAVA_OPTIONS="-Dweblogic.security.SSL.enableJSSE=true ${JAVA_OPTIONS}"
to the end of the startNodeManager.sh
I have been researching and reading blogs for a few days to no avail. If you have a suggestion, I'd happy to try it or change any of my settings. I appreciate the time you are taking to assist!
Answers
-
My actual changes: KeyStores=CustomIdentityAndCustomTrust CustomIdentityKeyStoreFileName=D\:\\oramw\\user_projects\\domains\\bifoundation_domain\\mykeystore.jks CustomIdentityAlias=rnadbi CustomIdentityPrivateKeyPassPhrase={3DES}tr4UdwfKpKGCyZrfDn7Myw== CustomTrustKeyStoreFileName=D\:\\oramw\\user_projects\\domains\\bifoundation_domain\\mykeystore.jks
Two things that is wrong. It is
\\, not D\:\\
Also, you need to provide the plain text password, not the encrypted password.
0 -
Thanks! I changed the D\:\\ to the
\\ (I was following the format of the file path the script had used for the log file). I also type in the actual password and not the encrypted password and save. But when I open it back up to copy and paste here, it is encrypted in the script. However, I still get errors.
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeyStoreFileName=D:\\oramw\\user_projects\\domains\\bifoundation_domain\\mykeystore.jks
CustomIdentityAlias=rnadbi
CustomIdentityPrivateKeyPassPhrase={3DES}tr4UdwfKpKGCyZrfDn7Myw==
CustomTrustKeyStoreFileName=D:\\oramw\\user_projects\\domains\\bifoundation_domain\\mykeystore.jks
nodemanager.log:
<May 20, 2016 8:53:36 AM> <INFO> <Loading domains file:
\oramw\wlserver_10.3\common\nodemanager\nodemanager.domains>
<May 20, 2016 8:53:38 AM> <INFO> <Loading identity key store: FileName=D:\oramw\user_projects\domains\bifoundation_domain\mykeystore.jks, Type=jks, PassPhraseUsed=false>
<May 20, 2016 8:53:38 AM> <INFO> <Loaded node manager configuration properties from 'D:\oramw\WLSERV~1.3\common\nodemanager\nodemanager.properties'>
<May 20, 2016 8:53:38 AM> <INFO> <Upgrade> <Encrypting node manager property: CustomIdentityPrivateKeyPassPhrase>
<May 20, 2016 8:53:38 AM> <INFO> <Upgrade> <Saving upgraded node manager properties to 'D:\oramw\wlserver_10.3\common\nodemanager\nodemanager.properties'>
<May 20, 2016 8:53:38 AM> <INFO> <bifoundation_domain> <bi_server1> <Startup configuration properties loaded from "D:\oramw\user_projects\domains\bifoundation_domain\servers\bi_server1\data\nodemanager\startup.properties">
<May 20, 2016 8:53:38 AM> <WARNING> <Configuration error while reading domain directory:
\oramw\user_projects\domains\bifoundation_domain>
java.io.IOException: Invalid state file format. State file contents:
at weblogic.nodemanager.common.StateInfo.load(StateInfo.java:135)
at weblogic.nodemanager.server.AbstractServerMonitor.loadStateInfo(AbstractServerMonitor.java:497)
at weblogic.nodemanager.server.AbstractServerMonitor.isCleanupAfterCrashNeeded(AbstractServerMonitor.java:156)
at weblogic.nodemanager.server.ServerMonitor.isCleanupAfterCrashNeeded(ServerMonitor.java:25)
at weblogic.nodemanager.server.AbstractServerManager.recoverServer(AbstractServerManager.java:147)
at weblogic.nodemanager.server.ServerManager.recoverServer(ServerManager.java:23)
at weblogic.nodemanager.server.DomainManager.initialize(DomainManager.java:105)
at weblogic.nodemanager.server.DomainManager.<init>(DomainManager.java:60)
at weblogic.nodemanager.server.NMServer.initDomains(NMServer.java:225)
at weblogic.nodemanager.server.NMServer.start(NMServer.java:197)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:382)
at weblogic.NodeManager.main(NodeManager.java:31)
<May 20, 2016 8:53:39 AM> <SEVERE> <Fatal error in node manager server>
java.lang.RuntimeException: Cannot convert identity certificate
at com.certicom.tls.interfaceimpl.CertificateSupport.addAuthChain(Unknown Source)
at com.certicom.net.ssl.SSLContext.addAuthChain(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addIdentity(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addIdentity(SSLContextWrapper.java:146)
at weblogic.nodemanager.server.SSLListener.init(SSLListener.java:53)
at weblogic.nodemanager.server.NMServer.start(NMServer.java:206)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:382)
at weblogic.NodeManager.main(NodeManager.java:31)
0 -
Your passphrase got automatically encrypted, so that is ok. However, you have two problems that need to be resolved. It is complaining about an invalid state file. Remove it. Its a file with a .state extension in your nodemanager directory. The second problem is your certificate. You need to include the intermediate CA certificate in your keystore. Import it as well.
0 -
Thank you! I appreciate your expertise! I was able to remove the .state file and that error is gone. I've been looking at my intermediate certificates (I have 2) and I believe they are loaded into the keystore and chained correctly.
I do actually have a smaller log flie now. YAY! I am still researching and trying different changes, but if anyone has suggestions they are welcomed and appreciated!
nodemanager.log
May 23, 2016 3:44:21 PM> <INFO> <Loading domains file:
\oramw\wlserver_10.3\common\nodemanager\nodemanager.domains>
<May 23, 2016 3:44:22 PM> <INFO> <Loading identity key store: FileName=D:\oramw\user_projects\domains\bifoundation_domain\mykeystore.jks, Type=jks, PassPhraseUsed=false>
<May 23, 2016 3:44:22 PM> <INFO> <Loaded node manager configuration properties from 'D:\oramw\WLSERV~1.3\common\nodemanager\nodemanager.properties'>
<May 23, 2016 3:44:22 PM> <INFO> <bifoundation_domain> <bi_server1> <Startup configuration properties loaded from "D:\oramw\user_projects\domains\bifoundation_domain\servers\bi_server1\data\nodemanager\startup.properties">
<May 23, 2016 3:44:23 PM> <SEVERE> <Fatal error in node manager server>
java.lang.RuntimeException: Cannot convert identity certificate
at com.certicom.tls.interfaceimpl.CertificateSupport.addAuthChain(Unknown Source)
at com.certicom.net.ssl.SSLContext.addAuthChain(Unknown Source)
at com.bea.sslplus.CerticomSSLContext.addIdentity(Unknown Source)
at weblogic.security.utils.SSLContextWrapper.addIdentity(SSLContextWrapper.java:146)
at weblogic.nodemanager.server.SSLListener.init(SSLListener.java:53)
at weblogic.nodemanager.server.NMServer.start(NMServer.java:206)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:382)
at weblogic.NodeManager.main(NodeManager.java:31)
0 -
You are still using the certicom classes for ssl. That could be the problem. Try adding the following: -Dweblogic.ssl.JSSEEnabled=true
0 -
I am very slowly getting somewhere, I think. I believe I added the -Dweblogic.ssl.JSSEEnabled=true to the correct spot.
Now, I start the nodemanager using the startnodemanager.cmd and I get the following:
<May 25, 2016 11:59:32 AM> <INFO> <Loading domains file:
\oramw\wlserver_10.3\common\nodemanager\nodemanager.domains>
<May 25, 2016 11:59:34 AM> <INFO> <Loading identity key store: FileName=D:\oramw\user_projects\domains\bifoundation_domain\mykeystore.jks, Type=jks, PassPhraseUsed=false>
<May 25, 2016 11:59:34 AM> <INFO> <Loaded node manager configuration properties from 'D:\oramw\WLSERV~1.3\common\NODEMA~1\nodemanager.properties'>
<May 25, 2016 11:59:34 AM> <INFO> <bifoundation_domain> <bi_server1> <Startup configuration properties loaded from "D:\oramw\user_projects\domains\bifoundation_domain\servers\bi_server1\data\nodemanager\startup.properties">
<May 25, 2016 11:59:35 AM> <INFO> <Secure socket listener started on port 5556>
<May 25, 2016 12:00:38 PM> <WARNING> <Uncaught exception in server handlerjavax.net.ssl.SSLHandshakeException: no cipher suites in common>
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1348)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1169)
This is what I see in the monitoring of the Node Manager Status in the WLS:
0 -
<May 25, 2016 12:00:38 PM> <WARNING> <Uncaught exception in server handlerjavax.net.ssl.SSLHandshakeException: no cipher suites in common>
That's your current problem. Which JDK are you using? Do you maybe have two different JDKs installed with different versions?
0