EM 11g and 12c OMS Startup Failures Due to WLS Default Certificate Expiry on October 25th 2022
(Doc ID 2911658.1)
Last updated on JANUARY 09, 2023
Applies to:
Enterprise Manager Base Platform - Version 11.1.0.1 to 12.1.0.5.0 [Release 11.1 to 12.1]Information in this document applies to any platform.
Symptoms
Impacted versions:
WLS: 10.3.6, 10.3.5 and 10.3.2
EM: 12.1.0.5, 12.1.0.4, 12.1.0.3, 12.1.0.2, 12.1.0.1, 11.1.0.1
Due to this problem, these EM versions are failed to start (whoever attempted a restart after October 25th) with Security certificate errors.
$../gc_inst/em/EMGC_OMS1/sysman/log/emctl.log reports following error:
2022-11-03 12:36:59,564 [Thread-2] INFO wls.OMSController run.1154 - <ERR>javax.net.ssl.SSLKeyException: [Security:090479]Certificate chain received from <MachineName> - <IP address> failed date validity checks.
OR
2022-11-25 13:52:33,179 [Thread-1] INFO commands.BaseCommand run.554 - <OUT>NMProcess: javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from hostname - ipaddress. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
Certificate expiry can be verified using the following command:
Example:
$../gc_inst/user_projects/domains/GCDomain/bin/
. ./setDomainEnv.sh
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| For 12.1.0.2 to 12.1.0.5 versions of OMS |
| I. Stop OMS components |
| II. Generate the Certificate |
| III. Start Admin Server using non-ssl port |
| IV. Secure WLS components with newly generated certs |
| For 11g OMS version |