This discussion is archived
1 2 Previous Next 28 Replies Latest reply: Feb 7, 2013 12:03 PM by 989866 RSS

Bad Certificate Error with Node Manager.

971493 Newbie
Currently Being Moderated
I am using Weblogic 10.3. I am trying to SSL enable node manager but when I go to console and check under Machine and node manager status it shows inactive/SSLexception.

I did the following configuration: In nodemanager.properties I added the following
Keystores=CustomIdentityandCustomTrust
CustomIdentityAlias=
CustomIdentityKeyStoreFileName=
CustomIdentityKeyStorePassPhrase = xxxxxx
CustomIdentityKeyStoreType = JKS
CustomIdentityPrivateKeyPassPhrase = xxxxxxx

In startweblogic.cmd I added
-Dssl.debug=true -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.enforceConstraints=off

In startnodemanager.cmd I added
-Dssl.debug=true -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false -Dweblogic.security.SSL.enforceConstraints=off


In the nodemanager log I am getting the following error

Oct 30, 2012 11:42:19 AM> <INFO> <Loading domains file: C:\Oracle\Middleware\wlserver_10.3\common\nodemanager\nodemanager.domains>
<Oct 30, 2012 11:42:21 AM> <INFO> <Loading identity key store: FileName=C:/Oracle/Middleware/wlserver_10.3/server\lib\DemoIdentity.jks, Type=jks, PassPhraseUsed=true>
<Oct 30, 2012 11:42:21 AM> <INFO> <Loaded node manager configuration properties from 'C:\Oracle\Middleware\wlserver_10.3\common\nodemanager\nodemanager.properties'>
<Oct 30, 2012 11:42:21 AM> <INFO> <idam> <server1> <Startup configuration properties loaded from "C:\Oracle\Middleware\user_projects\domains\idam\servers\server1\data\nodemanager\startup.properties">
<Oct 30, 2012 11:42:22 AM> <INFO> <Secure socket listener started on port 5556>
<Oct 30, 2012 11:44:59 AM> <WARNING> <Uncaught exception in server handlerjavax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from 127.0.0.1 - 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from 127.0.0.1 - 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
     at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
     at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
     at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)

Please let me know how I can resolve the error above.

Appreciate any help on this.

Thanks,
Neha

Edited by: 968490 on Oct 30, 2012 9:43 AM
  • 1. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    Hello Neha,

    I see that the nodemanager has loaded the DemoIdentity & DemoTrust certificates but you have configured as CustomIdentityandCustomTrust in the NodeManager.Properties file.

    Can you please cross check about why the custom certificates was not loaded?

    Oct 30, 2012 11:42:19 AM> <INFO> <Loading domains file: C:\Oracle\Middleware\wlserver_10.3\common\nodemanager\nodemanager.domains>
    <Oct 30, 2012 11:42:21 AM> <INFO> <Loading identity key store: FileName=C:/Oracle/Middleware/wlserver_10.3/server\lib\DemoIdentity.jks, Type=jks, PassPhraseUsed=true>
  • 2. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    Yes I agree with you and that is the main issue here I think.

    I am not sure how to figure why custom certs are not loading. I am using the same one for admin and managed server and its working fine with ssl.

    I actually removed
    -Dweblogic.security.SSL.ignoreHostnameVerification=true from startweblogic.cmd and -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false from startnodemanager.cmd

    since we have Custom Hostname verifier for managed server ssl and admin server ssl.

    Is there some other setting i need to do so it would read customcerts ?
  • 3. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    You can try re-configuring again the customidentity&trust in the nodemanager.properties or check with the demo certificates first to verify if the SSL works fine.
  • 4. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    I tried doing with demo certs before and it gave me a similar error. Since i am using custom certs for admin and managed server I don't think demo cert will work. Also we are doing this in prod so I don't want to use demo certs.
  • 5. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    What do you see in the adminserver logs?
  • 6. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    Adminserver logs look like this :
    ####<Oct 30, 2012 11:41:20 AM EDT> <Info> <Health> <PAG1221> <AdminServer> <weblogic.GCMonitor> <<anonymous>> <> <> <1351611680179> <BEA-310002> <86% of the total memory in the server is free>
    ####<Oct 30, 2012 11:42:24 AM EDT> <Info> <JMX> <PAG1221> <AdminServer> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351611744141> <BEA-149507> <JMX Connectivity has been discontinued with the managed server server1.>
    ####<Oct 30, 2012 11:42:24 AM EDT> <Info> <Server> <PAG1221> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351611744141> <BEA-002634> <The server "server1" disconnected from this server.>
    ####<Oct 30, 2012 11:42:49 AM EDT> <Info> <Server> <PAG1221> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351611769209> <BEA-002635> <The server "server1" connected to this server.>
    ####<Oct 30, 2012 11:42:54 AM EDT> <Info> <JMX> <PAG1221> <AdminServer> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351611774116> <BEA-149506> <Established JMX Connectivity with server1 at the JMX Service URL of service:jmx:t3s://xxx.xx.xx.xxx:8181/jndi/weblogic.management.mbeanservers.runtime.>
    ####<Oct 30, 2012 11:43:20 AM EDT> <Info> <Health> <PAG1221> <AdminServer> <weblogic.GCMonitor> <<anonymous>> <> <> <1351611800194> <BEA-310002> <74% of the total memory in the server is free>
    ####<Oct 30, 2012 11:44:59 AM EDT> <Warning> <Security> <PAG1221> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1351611899725> <BEA-090477> <Certificate chain received from localhost - 127.0.0.1 was not trusted causing SSL handshake failure.>
    ####<Oct 30, 2012 11:46:20 AM EDT> <Info> <Health> <PAG1221> <AdminServer> <weblogic.GCMonitor> <<anonymous>> <> <> <1351611980194> <BEA-310002> <87% of the total memory in the server is free>

    Edited by: 968490 on Nov 1, 2012 11:01 AM
  • 7. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    I infer from the log that the certificate chain was not trusted and hence the SSL handshake got failed.

    ####<Oct 30, 2012 11:44:59 AM EDT> <Warning> <Security> <PAG1221> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <1351611899725> <BEA-090477> <Certificate chain received from localhost - 127.0.0.1 was not trusted causing SSL handshake failure.>

    Can you make sure that you have imported your root certificate in your truststore and recheck again
  • 8. Re: Bad Certificate Error with Node Manager.
    Kalyan Pasupuleti-Oracle Expert
    Currently Being Moderated
    Hi,

    Using the JDK 1.6.0_12 or lower, copy cacerts from WL_HOME/server/lib directory
    to JDK_HOME/jre/lib/security/

    Step 1: Create a domain using WLS 10.3 and JDK 1.6.0_05.
    Let's say Domain Name = JDK16005
    Step 2: Start AdminServer.
    Step 3: Click on SSL->Advanced and change HostNameVerification to None in the dropdown.
    Step 4: Create a Machine and name it Machine.
    Step 5: Go to Debug tab for AdminServer.
    Enable weblogic.security.ssl and default.debugSSL.
    Step 6: Stop AdminServer
    Step 7: Replace the cacerts located in JDK_HOME/jre/lib/security
    with the file located in WL_HOME/server/lib
    Step 8: Start AdminServer
    Step 9: Go to BEA_HOME/user_projects/domains/JDK16005/bin using shell or command prompt
    (based on the OS you are on)
    Step 10: Execute setDomainEnv.cmd or setDomainEnv.sh
    Step 11: Using the same shell go to WL_HOME/server/bin and execute
    startNodeManager.cmd or startNodemanager.sh
    ex: startNodeManager.cmd <your_ip_address> <port>
    Step 12: Open The WebLogic console and click on your Machine, then go to Monitoring tab for your Machine.
    Note: NodeManager is reachable.


    follow these steps figure out this issue.

    Regards,
    Kal
  • 9. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    We are using jdk1.6.0_35. Does that make our scenario different ?
  • 10. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    I dont think so.

    What's the current error you see it in your admin server now?

    I assume that you have already enabled the SSL debug in your admin server.Do post the snippet of the SSL debug logs from the adminserver
    You may refer the below link

    http://weblogic-wonders.com/weblogic/2010/03/03/ssl-exceptions-in-admin-server-and-node-manager/
  • 11. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    I did the change that you suggested to replace cacerts and getting similar error.

    Admin Server Logs

    ####<Nov 1, 2012 1:51:36 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792296872> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 472>
    ####<Nov 1, 2012 1:51:36 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792296872> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 3144>
    ####<Nov 1, 2012 1:51:36 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792296887> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 105>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 32>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 32>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 1888>
    ####<Nov 1, 2012 1:51:37 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792297325> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 8>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <1388918025 read(offset=0, length=4080)>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <isMuxerActivated: true>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <hasSSLRecord()>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <hasSSLRecord returns true>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <1573695965 SSL3/TLS MAC>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <1573695965 received APPLICATION_DATA: databufferLen 0, contentLength 1376>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <1388918025 read databufferLen 1376>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <1388918025 read A returns 1376>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <1388918025 read(offset=1376, length=2704)>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <isMuxerActivated: true>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <hasSSLRecord()>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <hasSSLRecord returns false 1>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792298528> <BEA-000000> <1388918025 Rethrowing InterruptedIOException>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298622> <BEA-000000> <SSLSetup: loading trusted CA certificates>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298700> <BEA-000000> <Filtering JSSE SSLSocket>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298700> <BEA-000000> <SSLIOContextTable.addContext(ctx): 918517653>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298700> <BEA-000000> <SSLSocket will be Muxing>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298700> <BEA-000000> <write SSL_20_RECORD>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298700> <BEA-000000> <isMuxerActivated: false>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <293367404 SSL3/TLS MAC>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <293367404 received HANDSHAKE>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <isMuxerActivated: false>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <293367404 SSL3/TLS MAC>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <293367404 received HANDSHAKE>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 108877553748867502668443814087566129086
    Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
    Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=SERVERX1
    Not Valid Before:Mon Sep 24 08:38:52 EDT 2012
    Not Valid After:Sat Sep 25 08:38:52 EDT 2027
    Signature Algorithm:MD5withRSA
    >
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <validationCallback: validateErr = 16>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> < cert[0] = Serial number: 108877553748867502668443814087566129086
    Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
    Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=SERVERX1
    Not Valid Before:Mon Sep 24 08:38:52 EDT 2012
    Not Valid After:Sat Sep 25 08:38:52 EDT 2027
    Signature Algorithm:MD5withRSA
    >
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <weblogic user specified trustmanager validation status 16>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Warning> <Security> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1351792298793> <BEA-090477> <Certificate chain received from localhost - 127.0.0.1 was not trusted causing SSL handshake failure.>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <Validation error = 16>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <Certificate chain is untrusted>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <SSLTrustValidator returns: 16>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298793> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
         at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
         at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.WriteHandler.write(Unknown Source)
         at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
         at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:202)
         at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:272)
         at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:276)
         at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122)
         at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212)
         at java.io.BufferedWriter.flush(BufferedWriter.java:236)
         at weblogic.nodemanager.common.DataFormat.writeCommand(DataFormat.java:247)
         at weblogic.nodemanager.client.NMServerClient.sendCmd(NMServerClient.java:318)
         at weblogic.nodemanager.client.NMServerClient.sendHello(NMServerClient.java:128)
         at weblogic.nodemanager.client.NMServerClient.connect(NMServerClient.java:239)
         at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:200)
         at weblogic.nodemanager.client.NMServerClient.checkConnected(NMServerClient.java:206)
         at weblogic.nodemanager.client.NMServerClient.getVersion(NMServerClient.java:53)
         at weblogic.nodemanager.mbean.NodeManagerRuntime.getVersion(NodeManagerRuntime.java:667)
         at com.bea.console.actions.core.machine.MachineMonitorNodemanagerstatusAction.execute(MachineMonitorNodemanagerstatusAction.java:94)
         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
         at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
         at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:261)
         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
         at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
         at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
         at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:262)
         at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
         at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
         at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
         at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
         at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
         at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
         at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
         at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
         at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
         at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
         at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
         at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
         at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:64)
         at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    >
    >
  • 12. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    Rest of the log

    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298809> <BEA-000000> <write ALERT, offset = 0, length = 2>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298809> <BEA-000000> <close(): 850379636>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298825> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 472>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298825> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 3144>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298840> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 105>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 32>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 32>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 4080>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 2799>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792298965> <BEA-000000> <write APPLICATION_DATA, offset = 0, length = 8>
    ####<Nov 1, 2012 1:51:50 PM EDT> <Info> <Health> <SERVERX1> <AdminServer> <weblogic.GCMonitor> <<anonymous>> <> <> <1351792310231> <BEA-310002> <83% of the total memory in the server is free>
    ####<Nov 1, 2012 1:52:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792358934> <BEA-000000> <NEW ALERT with Severity: WARNING, Type: 0
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
         at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
         at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:509)
         at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:492)
         at weblogic.socket.SocketMuxer.cancelIo(SocketMuxer.java:852)
         at weblogic.socket.SocketMuxer$TimerListenerImpl.timerExpired(SocketMuxer.java:1088)
         at weblogic.timers.internal.TimerImpl.run(TimerImpl.java:273)
         at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    >
    ####<Nov 1, 2012 1:52:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792358934> <BEA-000000> <write ALERT, offset = 0, length = 2>
    ####<Nov 1, 2012 1:52:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792358934> <BEA-000000> <close(): 498628406>
    ####<Nov 1, 2012 1:52:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1351792358934> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 1023735033>
    ####<Nov 1, 2012 1:52:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792358934> <BEA-000000> <close(): 498628406>
    ####<Nov 1, 2012 1:52:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792358934> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 1023735033>
    ####<Nov 1, 2012 1:52:39 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792359043> <BEA-000000> <NEW ALERT with Severity: WARNING, Type: 0
    java.lang.Exception: New alert stack
         at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
         at javax.net.ssl.impl.SSLSocketImpl.close(Unknown Source)
         at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:509)
         at weblogic.socket.SocketMuxer.closeSocket(SocketMuxer.java:492)
         at weblogic.socket.SocketMuxer.cleanupSocket(SocketMuxer.java:876)
         at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:833)
         at weblogic.socket.SocketMuxer.deliverHasException(SocketMuxer.java:769)
         at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:111)
         at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
         at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
    >
    ####<Nov 1, 2012 1:52:39 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792359043> <BEA-000000> <write ALERT, offset = 0, length = 2>
    ####<Nov 1, 2012 1:52:39 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1351792359043> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 773419711
  • 13. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    Node Manager logs
    <Nov 1, 2012 1:50:27 PM> <INFO> <Loading domains file: C:\Oracle\Middleware\wlserver_10.3\common\nodemanager\nodemanager.domains>
    <Nov 1, 2012 1:50:28 PM> <INFO> <Loading identity key store: FileName=C:/Oracle/Middleware/wlserver_10.3/server\lib\DemoIdentity.jks, Type=jks, PassPhraseUsed=true>
    <Nov 1, 2012 1:50:28 PM> <INFO> <Loaded node manager configuration properties from 'C:\Oracle\Middleware\wlserver_10.3\common\nodemanager\nodemanager.properties'>
    <Nov 1, 2012 1:50:28 PM> <INFO> <idam> <server1> <Startup configuration properties loaded from "C:\Oracle\Middleware\user_projects\domains\idam\servers\server1\data\nodemanager\startup.properties">
    <Nov 1, 2012 1:50:29 PM> <INFO> <Secure socket listener started on port 5556, host localhost/127.0.0.1>
    <Nov 1, 2012 1:51:38 PM> <WARNING> <Uncaught exception in server handlerjavax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from 127.0.0.1 - 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
    javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from 127.0.0.1 - 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
         at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
         at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
         at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
         at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
         at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
         at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
         at com.certicom.tls.record.ReadHandler.read(Unknown Source)
         at com.certicom.io.InputSSLIOStreamWrapper.read(Unknown Source)
         at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
         at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
         at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
         at java.io.InputStreamReader.read(InputStreamReader.java:167)
         at java.io.BufferedReader.fill(BufferedReader.java:136)
         at java.io.BufferedReader.readLine(BufferedReader.java:299)
         at java.io.BufferedReader.readLine(BufferedReader.java:362)
         at weblogic.nodemanager.server.Handler.run(Handler.java:71)
         at java.lang.Thread.run(Thread.java:662)
  • 14. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    NodeManager(SSL SERVER):

    <Nov 1, 2012 1:51:38 PM> <WARNING> <Uncaught exception in server handlerjavax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from 127.0.0.1 - 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
    javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from 127.0.0.1 - 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
    at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
    at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
    at com.certicom.tls.record.ReadHandler.read(Unknown Source)
    at com.certicom.io.InputSSLIOStreamWrapper.read(Unknown Source)
    at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
    at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
    at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
    at java.io.InputStreamReader.read(InputStreamReader.java:167)
    at java.io.BufferedReader.fill(BufferedReader.java:136)
    at java.io.BufferedReader.readLine(BufferedReader.java:299)
    at java.io.BufferedReader.readLine(BufferedReader.java:362)
    at weblogic.nodemanager.server.Handler.run(Handler.java:71)
    at java.lang.Thread.run(Thread.java:662)


    AdminServer(SSL CLIENT):


    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1351792298793> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1351792298793> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1351792298793> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 108877553748867502668443814087566129086
    Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
    Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=SERVERX1
    Not Valid Before:Mon Sep 24 08:38:52 EDT 2012
    Not Valid After:Sat Sep 25 08:38:52 EDT 2027
    Signature Algorithm:MD5withRSA
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1351792298793> <BEA-000000> <validationCallback: validateErr = 16>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1351792298793> <BEA-000000> < cert[0] = Serial number: 108877553748867502668443814087566129086
    Issuer:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=CertGenCAB
    Subject:C=US, ST=MyState, L=MyTown, O=MyOrganization, OU=FOR TESTING ONLY, CN=SERVERX1
    Not Valid Before:Mon Sep 24 08:38:52 EDT 2012
    Not Valid After:Sat Sep 25 08:38:52 EDT 2027
    Signature Algorithm:MD5withRSA
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1351792298793> <BEA-000000> <weblogic user specified trustmanager validation status 16>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Warning> <Security> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <1351792298793> <BEA-090477> <Certificate chain received from localhost - 127.0.0.1 was not trusted causing SSL handshake failure.>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1351792298793> <BEA-000000> <Validation error = 16>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1351792298793> <BEA-000000> <Certificate chain is untrusted>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1351792298793> <BEA-000000> <SSLTrustValidator returns: 16>
    ####<Nov 1, 2012 1:51:38 PM EDT> <Debug> <SecuritySSL> <SERVERX1> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <1351792298793> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>



    Issue is that the certificate chain received from the NodeManager is not validated at the adminserver side due to the trust store not found and/or incomplete chain.

    1. Are you using any custom trust store for your adminserver.?
    2. The root certificate is present in DemoTrust as well as the cacerts under the <WL_Home>\10_3_5\wlserver_10.3\server\lib directory and it will be loaded by default




    Root Certificate:
    ==========
    Alias name: wlscertgencab
    Creation date: Jan 25, 2003
    Entry type: trustedCertEntry

    Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Serial number: 234b5559d1fa0f3ff5c82bdfed032a87
    Valid from: Thu Oct 24 21:24:45 IST 2002 until: Tue Oct 25 21:24:45 IST 2022
    Certificate fingerprints:
         MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
         SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
         Signature algorithm name: MD5withRSA
         Version: 3



    Do you see the below entries in your adminserver showing that the Demo trust store is loaded?

    <Nov 2, 2012 6:11:27 AM IST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity fr
    om the jks keystore file D:\Oracle\10_3_0\WLSERV~1.3\server\lib\DemoIdentity.jks.>
    <Nov 2, 2012 6:11:28 AM IST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file D:\Oracle\10_3_0\WLSERV~1.3\ser
    ver\lib\DemoTrust.jks.>
    <Nov 2, 2012 6:11:28 AM IST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file D:\Oracle\10_3_0\JDK160~1\jre\l
    ib\security\cacerts.>
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points