EM 12c: Securing the Enterprise Manager 12.1.0.2 Cloud Control Management Agent with Custom Certificate Fails with Error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
(Doc ID 1532269.1)
Last updated on JUNE 20, 2023
Applies to:
Enterprise Manager Base Platform - Version 12.1.0.2.0 and laterInformation in this document applies to any platform.
Symptoms
The Enterprise Manager (EM) 12.1.0.2.0 Cloud Control OMS is secured with a third party certificate, but securing the agent fails with these errors:
From the <Agent Base>/agent_inst/sysman/log/secure.log
2013-01-16 10:37:00,387 [main] ERROR agent.SecureAgentCmd main.214 - Failed to secure the Agent:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:632)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:109)
at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3366)
at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:3281)
at HTTPClient.HTTPConnection$9.run(HTTPConnection.java:3032)
at HTTPClient.HTTPConnection$9.run(HTTPConnection.java:3023)
at HTTPClient.HttpClientConfiguration.doAction(HttpClientConfiguration.java:666)
at HTTPClient.HTTPConnection.doAction(HTTPConnection.java:5401)
at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:3023)
at HTTPClient.HTTPConnection.Get(HTTPConnection.java:878)
at oracle.sysman.emctl.secure.agent.SecureAgentCmd.openPage(SecureAgentCmd.java:865)
at oracle.sysman.emctl.secure.agent.SecureAgentCmd.getOMSSecurePort(SecureAgentCmd.java:811)
at oracle.sysman.emctl.secure.agent.SecureAgentCmd.secureAgent(SecureAgentCmd.java:238)
at oracle.sysman.emctl.secure.agent.SecureAgentCmd.main(SecureAgentCmd.java:207)
[16-01-2013 10:37:00] USERINFO ::Securing agent... Failed.
Revealing a key process error:
openssl s_client -host <HOSTNAME> -port <PORT>|grep issuer
10185:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583:
From the command session:
./emctl secdiag openurl -url https://<HOSTNAME>:<PORT>/empbs/upload
Oracle Enterprise Manager Cloud Control 12c Release 2
Copyright (c) 1996, 2012 Oracle Corporation. All rights reserved.
Log file: /tmp/OpenPage_2013_02_08_09_16_029112911131616887348.log
Opening page: https://<HOSTNAME>:<PORT>/empbs/upload
Using protocol: ssl
Using non-validating trust manager; all certificates will be blindly accepted.
Proxy server is not set
Getting the certificate chain
Following exception occurred when running OpenPage
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:401)
at oracle.sysman.emctl.secdiag.OpenURL.main(OpenURL.java:223)
Additionally:
Opening the wallet using OWM shows the status as Requested, which means there is a open certificate request but the signed user certificate has not been imported into the wallet
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |