EM 13c: Agent Secure Fails with "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" After Importing Third Party SSL Certificate at the SLB
(Doc ID 2169380.1)
Last updated on JULY 21, 2020
Applies to:
Enterprise Manager Base Platform - Version 13.1.0.0.0 and laterInformation in this document applies to any platform.
Symptoms
Attempting to secure 13c Agent with an SLB upload URL at the OMS, fails with:
./emctl secure agent -emdWalletSrcUrl https://slbhost.domain:4903/em Oracle Enterprise Manager Cloud Control 13c Release 1 Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved. Agent successfully stopped... Done. Securing agent... Started. Enter Agent Registration Password : Agent successfully restarted... Done. Securing agent... Failed.
- Upload and pingOMS works fine:
$ ./emctl pingOMS Oracle Enterprise Manager Cloud Control 13c Release 1 Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved. --------------------------------------------------------------- EMD pingOMS completed successfully
$ ./emctl upload Oracle Enterprise Manager Cloud Control 13c Release 1 Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved. --------------------------------------------------------------- EMD upload completed successfully
- The <AGENT_INST>/sysman/log/secure.log reports the below error at the last stage of the secure activity, when attempting to validate the SLB upload URL connectivity:
2016-07-15 09:07:50,296 [main] INFO agent.SecureAgentCmd secureAgent.441 - Computed Upload url :https://slbhost.domain:4903/empbs/upload 2016-07-15 09:07:50,296 [main] INFO agent.SecureAgentCmd secureAgent.442 - Checking if HTTPS Upload URL is accessible from the agent... 2016-07-15 09:07:50,296 [main] INFO agent.SecureAgentCmd secureAgent.443 - Accessing: https://slbhost.domain:4903/empbs/upload 2016-07-15 09:07:50,300 [main] ERROR agent.SecureAgentCmd main.348 - Failed to secure the Agent: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:470) at oracle.sysman.emctl.secure.agent.SecureAgentCmd.checkUpload(SecureAgentCmd.java:660) at oracle.sysman.emctl.secure.agent.SecureAgentCmd.secureAgent(SecureAgentCmd.java:445) at oracle.sysman.emctl.secure.agent.SecureAgentCmd.main(SecureAgentCmd.java:341) 2016-07-15 09:07:50,301 [main] INFO agent.SecureAgentCmd main.350 - Re-trying. Trials left:0
- The agent is pointing to a multi-OMS setup with a SLB configured.
- Third party signed SSL Certificate has been configured at the SLB. The SLB certificate has been imported into the OMS
Changes
<Patch 23208577> or the 13c agent bundled patch has been applied to the agent as mentioned in <Document 2144775.1>.
If the patch is rolled back, it is possible to secure the agent successfully.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |