This discussion is archived
1 2 Previous Next 28 Replies Latest reply: Feb 7, 2013 12:03 PM by 989866 Go to original post RSS
  • 15. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    Thanks for your response.

    In response to your questions :

    1. Are you using any custom trust store for your adminserver.?
    Yes we are pointing to custom trust store and keystore(containing ca-2,ca-27) in admin server. So under the settings for keystore and ssl we have pointed to our custom certs.



    I don't see the entry for demo trust store being loaded in admin server logs anywhere.
  • 16. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    Then you need to import the below root certificate to your custom keystore or configure admin server to use the Demo Certificates and check it.


    Root Certificate:
    ==========
    Alias name: wlscertgencab
    Creation date: Jan 25, 2003
    Entry type: trustedCertEntry

    Owner: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Issuer: CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
    Serial number: 234b5559d1fa0f3ff5c82bdfed032a87
    Valid from: Thu Oct 24 21:24:45 IST 2002 until: Tue Oct 25 21:24:45 IST 2022
    Certificate fingerprints:
    MD5: A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FE
    SHA1: F8:5D:49:A4:12:54:78:C7:BA:42:A7:14:3E:06:F5:1E:A0:D4:C6:59
    Signature algorithm name: MD5withRSA
    Version: 3
  • 17. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    So I changed admin server to demo cert setting in weblogic console. It does make my node manager reachable now.

    But this just shows that my node manager is loading the demo cert and thats why this is working and instead we want to use custom cert everywhere.
  • 18. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    if you want to use custom certificate everywhere,then figure out why in your case NodeManager is unable to load the custom Identity & trust keystone but using the default keystore.

    You can cross check the nodemanager.properties again and also turn on the FINEST level debug for your NodeManager by setting LogLevel=FINEST in the properties file.


    SSL Requirements for the Node Manager
    http://docs.oracle.com/cd/E12840_01/wls/docs103/nodemgr/java_nodemgr.html#wp1070273
  • 19. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    Yes, I am trying to figure out where I messed up.

    Do you think it can be problem if custom identity and truststore certs are the same for SSL ?
  • 20. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    Why do you want to have the same certs on both the stores?

    However,we can have the same name for both the keystores but You cant have the same cert in both the store.

    Identity Keystore contains the server certificates

    Trust Keystore contains the root CA certificates.
  • 21. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    The reason I asked was the cert part was done by someone else and I don't have a good knowledge of that. But when I noticed that same cert is used for identity and trust it made me in doubt that maybe that is the reason for all this failing.

    So now I am thinking to generate two self signed certs one for identity and one for trust and test. This way I will know that its really the cert issue. The only thing I am not sure how to generate those certs. If you know of a good reference that I can follow which has exact commands then I can try to test it this way before we go on changing our original certs and requesting from CAs.
  • 22. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    You can check the below blog

    http://weblogic-wonders.com/weblogic/2010/11/11/configuring-ssl-on-weblogic-server-custom-identity-and-custom-trust/
  • 23. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    the admin servers and the managed servers all have been configured to use SSL, however, it is the the nodemanager that is not connecting to the Admin Server b/c the node manager is still loading the demo certificate.
    The settings in the nodemanager.properties file where i have set the custom keystore settings doesn't seem to get the node manager to load the custom keystore.

    How do you change the node manager settings so that it'll use the custom keystore?

    thanks
  • 24. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    You can check the below blog for the properties that needs to be changed in your nodemanger

    http://weblogic-wonders.com/weblogic/2010/03/03/ssl-exceptions-in-admin-server-and-node-manager/

    Moreover,you can cross check if you are using the correct nodemanger home for your domain in case of the demo certificates still getting loaded
  • 25. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    When you said "Moreover,you can cross check if you are using the correct nodemanger home for your domain in case of the demo certificates still getting loaded". What do you mean?


    The nodemanager.properties files that I am adding the properties for cert is under \Oracle\middleware\wlserver_10.3\common\nodemanager.... nodemanager.properties.

    I just found another nodemanager folder under \Oracle\middleware\user_projects\domains\idam\config\nodemanager

    Am I suppose to do anything in the second folder under domains for ssl setting for nodemanager?

    Thanks
  • 26. Re: Bad Certificate Error with Node Manager.
    Mohammed Rayan-Oracle Journeyer
    Currently Being Moderated
    Nope,that folder contains the nm_password.properties.You can ignore that and I suggest you to start over again in configuring the custom keystores for your nodemanager.
  • 27. Re: Bad Certificate Error with Node Manager.
    971493 Newbie
    Currently Being Moderated
    Its funny you said. We actually did implementation in development on brand new VM. I even created self signed certs for it and reconfigured. After doing all that got into the same exact issue and error. Trying to work with Oracle support as well since today
  • 28. Re: Bad Certificate Error with Node Manager.
    989866 Newbie
    Currently Being Moderated
    Instead of

    Keystores=CustomIdentityandCustomTrust

    in nodemanager.properties, put

    KeyStores=CustomIdentityAndCustomTrust

    (note the capital S in 'keystores' and capital A in 'and')
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points