My Oracle Support Banner

Unable to Log On to the OAMCONSOLE Application after Configuring WebLogic to Listen on SSL only (Doc ID 1924497.1)

Last updated on OCTOBER 20, 2023

Applies to:

Oracle Access Manager - Version 11.1.2.1.0 and later
Information in this document applies to any platform.
Weblogic Server configured for SSL only
WebLogic Embedded LDAP server used as the system Identity Store in OAM

Symptoms

The embedded WebLogic LDAP server is used as the OAM system Identity Store.

After the configuration of the WebLogic server processes to listen only on SSL ports ,

The OAM server is unable to authenticate the user accessing the oamconsole application via the WebLogic embedded LDAP server .

The following error is logged in the OAM diagnostic log file:

<> <Warning> <Security> <BEA-090485> <CERTIFICATE_UNKNOWN alert was received from <HOSTNAME>.<DOMAIN>:<PORT> - <IPADDRESS>. The peer has an unspecified issue with the certificate. SSL debug tracing should be enabled on the peer to determine what the issue is.>
<> <Error> <oracle.oam.jndi.ldap> <OAMSSA-00134> <Failure of pool oracle.security.am.common.jndi.ldap.ucp.LdapConnectionPool@253ee69b to start.>
<> <Error> <oracle.oam.user.identity.provider> <OAMSSA-20005> <Error initializing User/Role API : {0}. oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException
      at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getFactoryEnv(LDAPConfigurator.java:274)
...
Caused By: oracle.security.am.common.jndi.ldap.PoolingException [Root exception is oracle.ucp.UniversalConnectionPoolException: javax.naming.CommunicationException: <HOSTNAME>.<DOMAIN>:<PORT> [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]
      at oracle.security.am.common.jndi.ldap.config.LdapPoolConfig.start(LdapPoolConfig.java:421)
...
Caused By: oracle.ucp.UniversalConnectionPoolException: javax.naming.CommunicationException: <HOSTNAME>.<DOMAIN>:<PORT> [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
      at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter.createConnection(LdapConnectionFactoryAdapter.java:432)
...
Caused By: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
...
Caused By: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)

  

 The oamconsole application could be accessed, if the OAM managed server process is stopped.

Changes

The WebLogic server processes are configured for SSL only  as described in the Notes :


Configuring Oracle WebLogic Server (10.3.X - 12.1.X) to use SSL in Fusion Middleware 11g/12c (Doc ID 1235653.1)
How to Configure WebLogic Admin Server to Listen on SSL Only and associated FMW Considerations (Doc ID 1353951.1)

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.