EM 11g and 12.1.0.1 OMS [Not for other 12c versions] Startup Failures Due to WLS Default Certificate Expiry on October 25th 2022 (Doc ID 3000661.1)

Last updated on FEBRUARY 27, 2024

Applies to:

Enterprise Manager Base Platform - Version 11.1.0.1 to 12.1.0.5.0 [Release 11.1 to 12.1]
Information in this document applies to any platform.

Symptoms

This document provides instructions on How to opt for Self signed certificates for 11g and 12.1.0.1 OMS versions

For other 12c versions i.e 12.1.0.5, 12.1.0.4, 12.1.0.3, 12.1.0.2 Follow:

EM 11g and 12c OMS Startup Failures Due to WLS Default Certificate Expiry on October 25th 2022 (Doc ID 2911658.1)

Due to this problem, these EM versions are failed to start (whoever attempted a restart after October 25th) with Security certificate errors.

$../gc_inst/em/EMGC_OMS1/sysman/log/emctl.log reports following error:

2022-11-03 12:36:59,564 [Thread-2] INFO wls.OMSController run.1154 - <ERR>javax.net.ssl.SSLKeyException: [Security:090479]Certificate chain received from <MachineName> - <IP address> failed date validity checks.

2022-11-25 13:52:33,179 [Thread-2] INFO commands.BaseCommand run.554 - <ERR> at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
2022-11-25 13:52:33,179 [Thread-1] INFO commands.BaseCommand run.554 - <OUT>NMProcess: javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from hostname - ipaddress. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.

Certificate expiry can be verified using the following command:

Example:

$../gc_inst/user_projects/domains/GCDomain/bin/

. ./setDomainEnv.sh