Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 63 Insurance
- 536.4K On-Premises Infrastructure
- 138.3K Analytics Software
- 38.6K Application Development Software
- 5.8K Cloud Platform
- 109.5K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.3K Integration
- 41.6K Security Software
[OBIPS] [ERROR:10] Exception in handler thread. An error occurred during processing of the SSL prot
Dear All,
After instalation and migration (upgrade), this error apears in sawlog0.log
[2019-11-08T16:56:50-03:00] [OBIPS] [ERROR:10] [] [saw.rpc.server.handleConnection] [ecid: 005_hfGUt30F^6p5oR9DiY000C9h00000T,0:545] [tid: 3875157760] [SI-Name: ] [IDD-Name: ] [IDD-GUID: ] [userId: ] Exception in handler thread. An error occurred during processing of the SSL protocol.
Error Codes: I2GIBJSN:
Location: saw.rpc.ssl.read, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
139646146852608
140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:643:
[[
File:socketrpcserver.cpp
Line:596
Location:
saw.rpc.server.handleConnection
saw.rpc.server.dispatch
saw.threadpool.socketrpcserver
saw.threads
]]
[2019-11-08T16:56:55-03:00] [OBIPS] [ERROR:31] [] [saw.rpc.ssl.read] [ecid: 005_hfGUt30F^6p5oR9DiY000C9h00000T,0:547] [tid: 1241028352] [SI-Name: ] [IDD-Name: ] [IDD-GUID: ] [userId: ] An error occurred during processing of the SSL protocol.
139647807690496140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:643:
[[
File:sslsocket.cpp
Line:619
Location:
saw.rpc.ssl.read
saw.rpc.server
saw.rpc.server.handleConnection
saw.rpc.server.dispatch
saw.threadpool.socketrpcserver
saw.threads
]]
[2019-11-08T16:56:55-03:00] [OBIPS] [ERROR:10] [] [saw.rpc.server.handleConnection] [ecid: 005_hfGUt30F^6p5oR9DiY000C9h00000T,0:547] [tid: 1241028352] [SI-Name: ] [IDD-Name: ] [IDD-GUID: ] [userId: ] Exception in handler thread. An error occurred during processing of the SSL protocol.
Error Codes: I2GIBJSN:
Location: saw.rpc.ssl.read, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads
139647807690496140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:643:
[[
File:socketrpcserver.cpp
Line:596
Location:
saw.rpc.server.handleConnection
saw.rpc.server.dispatch
saw.threadpool.socketrpcserver
saw.threads
]]
I 'm finding in Support.Oracle.com but dowt have anything message. Only this bug is fixed in biee11.1.17 BUT my BIEE is 12.1.2.4.
Thank You,
Best Answer
-
STOP BIEE ALL COMPONENT'S by default script
./stop.sh
[[email protected] bin]$ ./ssl.sh internalssl true
Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log
Reading domain
Setting protocol to https for server bi_server1
Rebinding channel certificates for server bi_server1
Checking certificate exists for endpoint: BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1
No new certificates required.
Internal BIEE communications have been configured to use SSL with certificates
matching the current listening addresses. Rerun if you change the addresses.
To achieve end to end security you also need to review the SSL configuration
of other components, including the external ports of WebLogic servers.
All certificates have more than 30 days to expiry.
Startup all BIEE servers to consume the new configuraton. For example run the start[.sh] command line tool in the same directory as this ssl tool.
[[email protected] bin]$
[[email protected] bin]$
[[email protected] bin]$ ./ssl.sh report
Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log
Internal SSL enabled
Client verification disabled (One way SSL)
Using all available default ciphers
Type: OBICCS
Scanning endpoint OBICCS.obiccs1 tcp(s)://bieehost.company.com.al:9539(9539)/ - System Component
Type: OBIJH
Scanning endpoint OBIJH.obijh1 tcp(s)://bieehost.company.com.al:9541(9541)/ - System Component
Type: OBIPS
Scanning endpoint OBIPS.obips1 tcp(s)://bieehost.company.com.al:9538(9538)/ - System Component
Type: OBIS
Scanning endpoint OBIS.obis1 tcp(s)://bieehost.company.com.al:9545(9545)/ - System Component
Type: OBISCH
Scanning endpoint OBISCH.obisch1 tcp(s)://bieehost.company.com.al:9542(9542)/ - System Component
Type: BI-SECURITY-SOAP
Scanning endpoint BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1
Summary: Out of 6 endpoints 0 succeeded, and 6 failed.
Ping successes (0):
Ping failures (6):
Target: obiccs1:OBICCS @ bieehost.company.com.al:9539
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
Target: obijh1:OBIJH @ bieehost.company.com.al:9541
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
Target: obips1:OBIPS @ bieehost.company.com.al:9538
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
Target: obis1:OBIS @ bieehost.company.com.al:9545
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
Target: obisch1:OBISCH @ bieehost.company.com.al:9542
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
Target: bi_server1:BI-SECURITY-SOAP @ bieehost.company.com.al:9536
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
The first certificate to expire will expire on: 10/23/39 3:27 PM
All certificates have more than 30 days to expiry.
START BIEE ALL COMPONENT'S by default script
./start.sh
[[email protected] bin]$ ./ssl.sh report
Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log
Internal SSL enabled
Client verification disabled (One way SSL)
Using all available default ciphers
Type: OBICCS
Scanning endpoint OBICCS.obiccs1 tcp(s)://bieehost.company.com.al:9539(9539)/ - System Component
Type: OBIJH
Scanning endpoint OBIJH.obijh1 tcp(s)://bieehost.company.com.al:9541(9541)/ - System Component
Type: OBIPS
Scanning endpoint OBIPS.obips1 tcp(s)://bieehost.company.com.al:9538(9538)/ - System Component
Type: OBIS
Scanning endpoint OBIS.obis1 tcp(s)://bieehost.company.com.al:9545(9545)/ - System Component
Type: OBISCH
Scanning endpoint OBISCH.obisch1 tcp(s)://bieehost.company.com.al:9542(9542)/ - System Component
Type: BI-SECURITY-SOAP
Scanning endpoint BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1
Summary: Out of 6 endpoints 6 succeeded, and 0 failed.
Ping successes (6):
Target: obiccs1:OBICCS @ bieehost.company.com.al:9539
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Target: obijh1:OBIJH @ bieehost.company.com.al:9541
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Target: obips1:OBIPS @ bieehost.company.com.al:9538
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Target: obis1:OBIS @ bieehost.company.com.al:9545
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Target: obisch1:OBISCH @ bieehost.company.com.al:9542
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Target: bi_server1:BI-SECURITY-SOAP @ bieehost.company.com.al:9536
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Ping failures (0):
The first certificate to expire will expire on: 10/23/39 3:27 PM
All certificates have more than 30 days to expiry.
Answers
-
STOP BIEE ALL COMPONENT'S by default script
./stop.sh
[[email protected] bin]$ ./ssl.sh internalssl true
Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log
Reading domain
Setting protocol to https for server bi_server1
Rebinding channel certificates for server bi_server1
Checking certificate exists for endpoint: BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1
No new certificates required.
Internal BIEE communications have been configured to use SSL with certificates
matching the current listening addresses. Rerun if you change the addresses.
To achieve end to end security you also need to review the SSL configuration
of other components, including the external ports of WebLogic servers.
All certificates have more than 30 days to expiry.
Startup all BIEE servers to consume the new configuraton. For example run the start[.sh] command line tool in the same directory as this ssl tool.
[[email protected] bin]$
[[email protected] bin]$
[[email protected] bin]$ ./ssl.sh report
Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log
Internal SSL enabled
Client verification disabled (One way SSL)
Using all available default ciphers
Type: OBICCS
Scanning endpoint OBICCS.obiccs1 tcp(s)://bieehost.company.com.al:9539(9539)/ - System Component
Type: OBIJH
Scanning endpoint OBIJH.obijh1 tcp(s)://bieehost.company.com.al:9541(9541)/ - System Component
Type: OBIPS
Scanning endpoint OBIPS.obips1 tcp(s)://bieehost.company.com.al:9538(9538)/ - System Component
Type: OBIS
Scanning endpoint OBIS.obis1 tcp(s)://bieehost.company.com.al:9545(9545)/ - System Component
Type: OBISCH
Scanning endpoint OBISCH.obisch1 tcp(s)://bieehost.company.com.al:9542(9542)/ - System Component
Type: BI-SECURITY-SOAP
Scanning endpoint BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1
Summary: Out of 6 endpoints 0 succeeded, and 6 failed.
Ping successes (0):
Ping failures (6):
Target: obiccs1:OBICCS @ bieehost.company.com.al:9539
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
Target: obijh1:OBIJH @ bieehost.company.com.al:9541
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
Target: obips1:OBIPS @ bieehost.company.com.al:9538
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
Target: obis1:OBIS @ bieehost.company.com.al:9545
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
Target: obisch1:OBISCH @ bieehost.company.com.al:9542
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
Target: bi_server1:BI-SECURITY-SOAP @ bieehost.company.com.al:9536
Java client: SSL ping failed. Failed to connect. Server may be down.
Openssl client: SSL connection failed. See detailed log output.
The first certificate to expire will expire on: 10/23/39 3:27 PM
All certificates have more than 30 days to expiry.
START BIEE ALL COMPONENT'S by default script
./start.sh
[[email protected] bin]$ ./ssl.sh report
Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log
Internal SSL enabled
Client verification disabled (One way SSL)
Using all available default ciphers
Type: OBICCS
Scanning endpoint OBICCS.obiccs1 tcp(s)://bieehost.company.com.al:9539(9539)/ - System Component
Type: OBIJH
Scanning endpoint OBIJH.obijh1 tcp(s)://bieehost.company.com.al:9541(9541)/ - System Component
Type: OBIPS
Scanning endpoint OBIPS.obips1 tcp(s)://bieehost.company.com.al:9538(9538)/ - System Component
Type: OBIS
Scanning endpoint OBIS.obis1 tcp(s)://bieehost.company.com.al:9545(9545)/ - System Component
Type: OBISCH
Scanning endpoint OBISCH.obisch1 tcp(s)://bieehost.company.com.al:9542(9542)/ - System Component
Type: BI-SECURITY-SOAP
Scanning endpoint BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1
Summary: Out of 6 endpoints 6 succeeded, and 0 failed.
Ping successes (6):
Target: obiccs1:OBICCS @ bieehost.company.com.al:9539
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Target: obijh1:OBIJH @ bieehost.company.com.al:9541
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Target: obips1:OBIPS @ bieehost.company.com.al:9538
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Target: obis1:OBIS @ bieehost.company.com.al:9545
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Target: obisch1:OBISCH @ bieehost.company.com.al:9542
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Target: bi_server1:BI-SECURITY-SOAP @ bieehost.company.com.al:9536
Java client: SSL ping OK.
Protocol: TLSv1.2. Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. One way SSL.
Openssl client: SSL ping OK.
Ping failures (0):
The first certificate to expire will expire on: 10/23/39 3:27 PM
All certificates have more than 30 days to expiry.