My Oracle Support Banner

EM 11g and 12c OMS Startup Failures Due to WLS Default Certificate Expiry on October 25th 2022 (Doc ID 2911658.1)

Last updated on FEBRUARY 27, 2024

Applies to:

Enterprise Manager Base Platform - Version to [Release 11.1 to 12.1]
Information in this document applies to any platform.


Impacted versions:

WLS: 10.3.6, 10.3.5 and 10.3.2


Due to this problem, these EM versions are failed to start (whoever attempted a restart after October 25th) with Security certificate errors.

$../gc_inst/em/EMGC_OMS1/sysman/log/emctl.log reports following error:

2022-11-03 12:36:59,564 [Thread-2] INFO wls.OMSController run.1154 - <ERR> [Security:090479]Certificate chain received from <MachineName> - <IP address> failed date validity checks.


2022-11-25 13:52:33,179 [Thread-2] INFO commands.BaseCommand run.554 - <ERR> at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
2022-11-25 13:52:33,179 [Thread-1] INFO commands.BaseCommand run.554 - <OUT>NMProcess: [Security:090482]BAD_CERTIFICATE alert was received from hostname - ipaddress. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.

Certificate expiry can be verified using the following command:



. ./


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 For to versions of OMS
 I. Stop OMS components
 II. Generate the Certificate
 III. Start Admin Server using non-ssl port
 IV. Secure WLS components with newly generated certs
 For 11g OMS version

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.