Friday, April 19, 2024

OHS not starting due to cert issue

 ERROR MSG:

<date> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier.>
This Exception occurred at <date>.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
Error: Error occurred while performing nmConnect : Cannot connect to Node Manager. : sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
Use dumpStack() to view the full stacktrace :

FACTS:

1. Nodemanager is running in SSL mode

2.OHS is configured to run on SSL mode

3. OHS uses wallet with default self signed cert

Solution:

<<<<<<<<TO DISPLAY the contents of the WALLET>

oracle_home/oracle_common/bin/orapki wallet display -wallet domain_home/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystores/default/cwallet.sso

<<<<<<<<< export cert to a file >>>>>>>>>>
oracle_home/oracle_common/bin/orapki wallet export -wallet . -dn "CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY" -cert domain_home/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystores/cert.txt

<<<<< read the cert in a file to check expiry of cert >>>>>>>>>

cd domain_home/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystore
/oracle_home/oracle_common/bin/orapki cert display -cert cert.txt -complete

<<<<<<<< take a backup of .sso and create a new wallet >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
oracle_home/oracle_common/bin/orapki wallet create -wallet domain_home/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystores/default/wallet -auto_login_only

<<<<<<<<<<<<<<<<<<<<< add new cert to the wallet (self signed cert) >>>>>>>>>>>>>>
oracle_home/oracle_common/bin/orapki wallet add -wallet domain_home/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystores/default -dn "CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY" -keysize 2048 -self_signed -validity 3650 -auto_login_only


start the ohs

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)