1 2 Previous Next 28 Replies Latest reply: Feb 7, 2013 2:03 PM by 989866 Go to original post RSS
      • 15. Re: Bad Certificate Error with Node Manager.
        971493
        Thanks for your response.

        In response to your questions :

        1. Are you using any custom trust store for your adminserver.?
        Yes we are pointing to custom trust store and keystore(containing ca-2,ca-27) in admin server. So under the settings for keystore and ssl we have pointed to our custom certs.



        I don't see the entry for demo trust store being loaded in admin server logs anywhere.
        • 16. Re: Bad Certificate Error with Node Manager.
          Mohammed Rayan-Oracle
          Then you need to import the below root certificate to your custom keystore or configure admin server to use the Demo Certificates and check it.


          Root Certificate:
          ==========
          Alias name: wlscertgencab
          Creation date: Jan 25, 2003
          Entry type: trustedCertEntry

          Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
          Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
          Serial number: 234b5559d1fa0f3ff5c82bdfed032a87
          Valid from: Thu Oct 24 21:24:45 IST 2002 until: Tue Oct 25 21:24:45 IST 2022
          Certificate fingerprints:
          MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
          SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
          Signature algorithm name: MD5withRSA
          Version: 3
          • 17. Re: Bad Certificate Error with Node Manager.
            971493
            So I changed admin server to demo cert setting in weblogic console. It does make my node manager reachable now.

            But this just shows that my node manager is loading the demo cert and thats why this is working and instead we want to use custom cert everywhere.
            • 18. Re: Bad Certificate Error with Node Manager.
              Mohammed Rayan-Oracle
              if you want to use custom certificate everywhere,then figure out why in your case NodeManager is unable to load the custom Identity & trust keystone but using the default keystore.

              You can cross check the nodemanager.properties again and also turn on the FINEST level debug for your NodeManager by setting LogLevel=FINEST in the properties file.


              SSL Requirements for the Node Manager
              http://docs.oracle.com/cd/E12840_01/wls/docs103/nodemgr/java_nodemgr.html#wp1070273
              • 19. Re: Bad Certificate Error with Node Manager.
                971493
                Yes, I am trying to figure out where I messed up.

                Do you think it can be problem if custom identity and truststore certs are the same for SSL ?
                • 20. Re: Bad Certificate Error with Node Manager.
                  Mohammed Rayan-Oracle
                  Why do you want to have the same certs on both the stores?

                  However,we can have the same name for both the keystores but You cant have the same cert in both the store.

                  Identity Keystore contains the server certificates

                  Trust Keystore contains the root CA certificates.
                  • 21. Re: Bad Certificate Error with Node Manager.
                    971493
                    The reason I asked was the cert part was done by someone else and I don't have a good knowledge of that. But when I noticed that same cert is used for identity and trust it made me in doubt that maybe that is the reason for all this failing.

                    So now I am thinking to generate two self signed certs one for identity and one for trust and test. This way I will know that its really the cert issue. The only thing I am not sure how to generate those certs. If you know of a good reference that I can follow which has exact commands then I can try to test it this way before we go on changing our original certs and requesting from CAs.
                    • 22. Re: Bad Certificate Error with Node Manager.
                      Mohammed Rayan-Oracle
                      You can check the below blog

                      http://weblogic-wonders.com/weblogic/2010/11/11/configuring-ssl-on-weblogic-server-custom-identity-and-custom-trust/
                      • 23. Re: Bad Certificate Error with Node Manager.
                        971493
                        the admin servers and the managed servers all have been configured to use SSL, however, it is the the nodemanager that is not connecting to the Admin Server b/c the node manager is still loading the demo certificate.
                        The settings in the nodemanager.properties file where i have set the custom keystore settings doesn't seem to get the node manager to load the custom keystore.

                        How do you change the node manager settings so that it'll use the custom keystore?

                        thanks
                        • 24. Re: Bad Certificate Error with Node Manager.
                          Mohammed Rayan-Oracle
                          You can check the below blog for the properties that needs to be changed in your nodemanger

                          http://weblogic-wonders.com/weblogic/2010/03/03/ssl-exceptions-in-admin-server-and-node-manager/

                          Moreover,you can cross check if you are using the correct nodemanger home for your domain in case of the demo certificates still getting loaded
                          • 25. Re: Bad Certificate Error with Node Manager.
                            971493
                            When you said "Moreover,you can cross check if you are using the correct nodemanger home for your domain in case of the demo certificates still getting loaded". What do you mean?


                            The nodemanager.properties files that I am adding the properties for cert is under \Oracle\middleware\wlserver_10.3\common\nodemanager.... nodemanager.properties.

                            I just found another nodemanager folder under \Oracle\middleware\user_projects\domains\idam\config\nodemanager

                            Am I suppose to do anything in the second folder under domains for ssl setting for nodemanager?

                            Thanks
                            • 26. Re: Bad Certificate Error with Node Manager.
                              Mohammed Rayan-Oracle
                              Nope,that folder contains the nm_password.properties.You can ignore that and I suggest you to start over again in configuring the custom keystores for your nodemanager.
                              • 27. Re: Bad Certificate Error with Node Manager.
                                971493
                                Its funny you said. We actually did implementation in development on brand new VM. I even created self signed certs for it and reconfigured. After doing all that got into the same exact issue and error. Trying to work with Oracle support as well since today
                                • 28. Re: Bad Certificate Error with Node Manager.
                                  989866
                                  Instead of

                                  Keystores=CustomIdentityandCustomTrust

                                  in nodemanager.properties, put

                                  KeyStores=CustomIdentityAndCustomTrust

                                  (note the capital S in 'keystores' and capital A in 'and')
                                  1 2 Previous Next