EM 11g and 12.1.0.1 OMS [Not for other 12c versions] Startup Failures Due to WLS Default Certificate Expiry on October 25th 2022
(Doc ID 3000661.1)
Last updated on FEBRUARY 27, 2024
Applies to:
Enterprise Manager Base Platform - Version 11.1.0.1 to 12.1.0.5.0 [Release 11.1 to 12.1]Information in this document applies to any platform.
Symptoms
This document provides instructions on How to opt for Self signed certificates for 11g and 12.1.0.1 OMS versions
For other 12c versions i.e 12.1.0.5, 12.1.0.4, 12.1.0.3, 12.1.0.2 Follow:
Due to this problem, these EM versions are failed to start (whoever attempted a restart after October 25th) with Security certificate errors.
$../gc_inst/em/EMGC_OMS1/sysman/log/emctl.log reports following error:
2022-11-03 12:36:59,564 [Thread-2] INFO wls.OMSController run.1154 - <ERR>javax.net.ssl.SSLKeyException: [Security:090479]Certificate chain received from <MachineName> - <IP address> failed date validity checks.
OR
2022-11-25 13:52:33,179 [Thread-1] INFO commands.BaseCommand run.554 - <OUT>NMProcess: javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from hostname - ipaddress. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
Certificate expiry can be verified using the following command:
Example:
$../gc_inst/user_projects/domains/GCDomain/bin/
. ./setDomainEnv.sh
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
For 11.1.0.1 to 12.1.0.1 versions of OMS |
I. Stop OMS components |
II. Generate the Certificate |
III. Start Admin Server using non-ssl port |
IV. Configure the certificates to Admin server and EMGC_OMS1 server through weblogic Admin console |
V. Configure the certificates to Nodemanager |
VI. Importing Self Signed certificate into JVM trust Store |
VII. Importing Self Signed certificate into DemoTrust.jks |
VIII. Restart OMS Cleanly |
References |