This discussion is archived
0 Replies Latest reply: May 10, 2012 2:05 PM by user939188 RSS

avca secure_agent fails with 'No trusted certificate found'

user939188 Newbie
Currently Being Moderated
1) AV server keystore content
===================
[oracle@veelaoav001 ~]$ $ORACLE_HOME/jdk/bin/keytool -list -v -keystore /home/oracle/SSL/avkey/avkeystore
Enter keystore password: welcome1

Keystore type: jks
Keystore provider: SUN

Your keystore contains 3 entries

Alias name: avkey
Creation date: May 7, 2012
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=avserver, O=oracle, C=UK
Issuer: CN=avserver, O=oracle, C=UK
Serial number: 4fa828c2
Valid from: Mon May 07 15:55:46 EDT 2012 until: Tue May 07 15:55:46 EDT 2013
Certificate fingerprints:
MD5: D7:49:34:93:35:7F:55:FC:70:08:F3:9F:03:AA:41:A9
SHA1: 23:88:9C:F6:12:48:C1:55:79:2D:2D:71:B5:E4:66:07:A7:1E:AA:A1


*******************************************
*******************************************


Alias name: cacert
Creation date: May 7, 2012
Entry type: trustedCertEntry

Owner: CN=rootAV, O=oracle, C=UK
Issuer: CN=rootAV, O=oracle, C=UK
Serial number: 0
Valid from: Mon May 07 15:54:58 EDT 2012 until: Thu May 05 15:54:58 EDT 2022
Certificate fingerprints:
MD5: 8A:30:0B:09:27:1E:F9:0C:54:29:01:5E:5C:0F:56:F2
SHA1: 83:1C:09:24:BF:F6:FC:B4:62:AC:04:B5:9C:CC:28:E3:4C:B4:25:BF


*******************************************
*******************************************


Alias name: mykey
Creation date: May 7, 2012
Entry type: trustedCertEntry

Owner: CN=avserver, O=oracle, C=UK
Issuer: CN=rootAV, O=oracle, C=UK
Serial number: 0
Valid from: Mon May 07 15:56:18 EDT 2012 until: Tue May 07 15:56:18 EDT 2013
Certificate fingerprints:
MD5: 43:B4:B3:97:E0:88:34:7C:E9:D1:68:CC:48:32:8B:CC
SHA1: 50:7A:1C:1E:19:AB:E4:34:3A:64:82:A6:B2:B2:32:9C:F2:F9:94:45


*******************************************
*******************************************


2) AV agent keystore content
=================
[oracle@veelaora001 ~]$ $ORACLE_HOME/jdk/bin/keytool -list -v -keystore /home/oracle/SSL/agkey/agkeystore
Enter keystore password: welcome1

Keystore type: jks
Keystore provider: SUN

Your keystore contains 3 entries

Alias name: agkey
Creation date: May 7, 2012
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=avagent, O=oracle, C=UK
Issuer: CN=avagent, O=oracle, C=UK
Serial number: 4fa82925
Valid from: Mon May 07 15:57:25 EDT 2012 until: Tue May 07 15:57:25 EDT 2013
Certificate fingerprints:
MD5: C4:9C:FE:D1:D0:04:19:65:F9:C0:CE:A9:6A:5E:7F:B6
SHA1: 9A:D4:9B:15:D0:B1:10:45:FD:D1:F1:F2:75:46:A9:78:E3:2A:5C:DE


*******************************************
*******************************************


Alias name: cacert
Creation date: May 7, 2012
Entry type: trustedCertEntry

Owner: CN=rootAV, O=oracle, C=UK
Issuer: CN=rootAV, O=oracle, C=UK
Serial number: 0
Valid from: Mon May 07 15:54:58 EDT 2012 until: Thu May 05 15:54:58 EDT 2022
Certificate fingerprints:
MD5: 8A:30:0B:09:27:1E:F9:0C:54:29:01:5E:5C:0F:56:F2
SHA1: 83:1C:09:24:BF:F6:FC:B4:62:AC:04:B5:9C:CC:28:E3:4C:B4:25:BF


*******************************************
*******************************************


Alias name: mykey
Creation date: May 7, 2012
Entry type: trustedCertEntry

Owner: CN=avagent, O=oracle, C=UK
Issuer: CN=rootAV, O=oracle, C=UK
Serial number: 0
Valid from: Mon May 07 15:59:46 EDT 2012 until: Tue May 07 15:59:46 EDT 2013
Certificate fingerprints:
MD5: 10:D2:D2:44:A9:AB:89:22:C6:FC:E8:61:A1:5D:B3:A0
SHA1: 62:BF:B9:52:29:F7:89:AF:F1:70:D8:75:AB:15:D4:55:BC:AB:9F:48


*******************************************
*******************************************

3) Credentials added for XDB:
$ avca generate_csr -certdn "cn=seclin2,O=Oracle,C=UK" -out /home/oracle/SSL/XDB/certXDB.csr
Generating Certificate request...
Certificate request generated successfully.
$ orapki cert create -wallet /home/oracle/SSL/rootCA -request /home/oracle/SSL/XDB/certXDB.csr -cert /home/oracle/SSL/XDB/certXDB.pem -validity 365 -pwd "welcome1"
$ avca import_cert -cert /home/oracle/SSL/rootCA/trustedROOTcertificate.txt -trusted
Importing Certificate...
Certificate imported successfully.
$ avca import_cert -cert /home/oracle/SSL/XDB/certXDB.pem
Importing Certificate...
Certificate imported successfully.

4) avca secure_av -avkeystore $ORACLE_HOME/network/admin/avkey/avkeystore -avtruststore $ORACLE_HOME/network/admin/avkey/avkeystore
Checking for SSL Certificate...
done.
Enter Audit Vault Server keystore password:
Stopping OC4J...
OC4J stopped successfully.
Securing XDB services...
Identified XDB http(s) Port...
Stopping Listeners...
done.
Starting Listeners...
done.
done.
Starting OC4J...
OC4J started successfully.

5) avca secure_agent -agentkeystore $ORACLE_HOME/network/admin/agkey/agkeystore -avdn "CN=avserver, O=oracle, C=UK" -agentdn "CN=avagent, O=oracle, C=UK"
Enter Audit Vault Agent keystore password:
Stopping agent...
Agent stopped successfully.
Starting agent...
Agent started successfully.

avca.log on agent shows:
Executing command secure_agent, -agentkeystore, /u01/app/oracle/oracle/product/10.2.3/av_agent/network/admin/agkey/agkeystore, -avdn, CN=avserver, O=oracle, C=UK, -agentdn, CN=avagent, O=oracle, C=UK
SECURE_AGENT - get agent info
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/rmi.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/rmi.xml
Stopping agent...
Agent stopped successfully.
SERCURE_AGENT - update /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
SECURE_AGENT - modify /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
SECURE_AGENT - use /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/applications/AVAgent/AVAgent/WEB-INF/web.xml.secure
Starting agent...
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/server.xml
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/av-agent-web-site.xml
xml - /u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/http-web-site.xml
xml URL - file:/u01/app/oracle/oracle/product/10.2.3/av_agent/oc4j/j2ee/home/config/http-web-site.xml
Error while checking agent status - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points