EM 12c: The Enterprise Manager 12c Cloud Control OMS Fails to Start if WLS Server Certificates are Expired
(Doc ID 1603843.1)
Last updated on AUGUST 29, 2023
Applies to:
Enterprise Manager Base Platform - Version 12.1.0.2.0 to 12.1.0.5.0 [Release 12.1]Information in this document applies to any platform.
Symptoms
For EM 13c,refer to document <Note 2191775.1> : EM 13c: Webtier Fails to Start with Error "nzos call nzosSetCredential returned" if Custom SSL Certificate has Expired
Accessing the Enterprise Manager (EM) 12c Cloud Control console report the following error:
A certificate error is reported on checking the status of OMS:
$emctl status oms -details
Oracle Enterprise Manager Cloud Control 12c Release 3
Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password :
Console Server Host : OMSHOSTNAME.DOMAINNAME
HTTP Console Port : 7797
HTTPS Console Port : 7808
HTTP Upload Port : 4897
HTTPS Upload Port : 4906
EM Instance Home : /u03/12c3vh/gc_inst/em/EMGC_OMS1
OMS Log Directory Location : /u03/12c3vh/gc_inst/em/EMGC_OMS1/sysman/log
OMS is not configured with SLB or virtual hostname
Agent Upload is locked.
OMS Console is locked.
Active CA ID: 6
Console URL: https://OMSHOSTNAME.DOMAINNAME:7808/em
Upload URL: https://OMSHOSTNAME.DOMAINNAME:4906/empbs/upload
WLS Domain Information
Domain Name : GCDomain
Admin Server Host : OMSHOSTNAME.DOMAINNAME
Admin Server HTTPS Port: 7199
Managed Server Information
Managed Server Instance Name: EMGC_OMS1
Managed Server Instance Host: OMSHOSTNAME.DOMAINNAME
WebTier is Up
Oracle Management Server is Up
Restarting the OMS fails with this error:
Oracle Enterprise Manager Cloud Control 12c Release 3
Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
Starting Oracle Management Server...
Starting WebTier...
WebTier Successfully Started
Node Manager Could Not Be Started
Check Node Manager log file for details:
/u03/12c3vh/gc_inst/NodeManager/emnodemanager20130924184822/nodemanager.log
Oracle Management Server is Down
The following error is correspondingly logged in the .../gc_inst/ModeManager/emnodemanager/nodemanager.log (In 13c, ../gc_inst/user_projects/domains/GCDomain/nodemanager/nodemanager.log):
handlerjavax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was
received from OMSHOSTNAME.DOMAINNAME - <IP ADDRESS>. Check the peer to determine
why it rejected the certificate chain (trusted CA configuration, hostname
verification). SSL debug tracing may be required to determine the exact reason the
certificate was rejected.>
and the following error is logged in .../gc_inst/em/EMGC_OMS1/sysman/log/emctl.log
2013-11-27 16:19:33,736 [main] ERROR util.EmctlUtil logp.251 - Failed to get repos
conn by connecting to AdminServer. Ignoring.
java.io.IOException
at weblogic.management.remote.common.ClientProviderBase.makeConnection
(ClientProviderBase.java:196)
at weblogic.management.remote.common.ClientProviderBase.newJMXConnector
(ClientProviderBase.java:84)
at javax.management.remote.JMXConnectorFactory.newJMXConnector
(JMXConnectorFactory.java:338)
at javax.management.remote.JMXConnectorFactory.connect
(JMXConnectorFactory.java:247)
at oracle.sysman.util.jmx.JMXUtil.getMBeanServerConn(JMXUtil.java:103)
at oracle.sysman.emctl.util.EmctlUtil.getMBeanServerConn(EmctlUtil.java:672)
at oracle.sysman.emctl.util.EmctlUtil.getReposConn(EmctlUtil.java:710)
at oracle.sysman.emctl.util.EmctlUtil.getOMSSetupInfo(EmctlUtil.java:818)
at oracle.sysman.emctl.oms.PrintOMSSetupInfo.main(PrintOMSSetupInfo.java:118)
Caused by: javax.naming.CommunicationException [Root exception is
java.net.ConnectException: t3s://OMSHOSTNAME.DOMAINNAME:7199: Destination unreachable; nested
exception is:
javax.net.ssl.SSLKeyException: [Security:090548]The certificate chain received
from OMSHOSTNAME.DOMAINNAME - <IP ADDRESS> contained a V3 CA certificate which was missing the
basic constraints extension; No available router to destination]
or
2013-11-15 10:35:22,352 [Thread-1] INFO commands.BaseCommand run.554 -
<OUT>NMProcess: javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert
was received from OMSHOSTNAME.DOMAINNAME - <IP ADDRESS>. Check the peer to
determine why it rejected the certificate chain (trusted CA configuration, hos
tname verification). SSL debug tracing may be required to determine the exact reason
the certificate was rejected.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |