Forms Status And Metrics Incorrect In AS Console After Restricting Traffic to SSL Only (Doc ID 401401.1)

Last updated on OCTOBER 09, 2023

Applies to:

Symptoms

The Application Server was modified so that only HTTPS traffic is allowed to / from the HTTP
Server. After making these modifications, the Application Server Control (ASC) pages show the following:

- The Forms and Reports services show as being up on the ACS main page.
- However, the individual Forms and Reports Service metrics pages are shown the as being down.

All Forms and Reports processes run normally.

Steps to Lock Down the HTTP Server to SSL traffic only:

1. Installed the 10.1.2.0.2 Application Server

2. Installed <patch 5042134>  MAKEFILE FAILS TO APPLY ANY PATCH ON 10.1.2.0.2:

3. Installed <patch 4505133> 10.1.0.5 PATCH SET FOR ORACLE DATABASE SERVER

4. Implement SSL using Oracle Application Server Administrator's guide chapter 4 managing ports 4.3.3.

    Metalink <Note 341904.1> - Configuring HTTP Server to use SSL in Oracle Application Server 10g (10.1.2.XX)
  Section II and III.

     For Webcache <Note 342155.1> - Configuring WebCache with SSL in Oracle Application Server 10G Release 2 (10.1.2.X.X)


Certificate Chain
------------------------
U of S Primary Cert
|_xyz.abc.com

5. Apply the fix in not published <Note.368922.1> Cannot Start Webcache Using Enterprise Manager Target Not Found to get around a WebCache problem.

At this point, ASC shows the correct status in the Main ASC page and on the individual Forms and Report metric pages.

6. Modify targets.xml to point to the SSL ports (4443 / 4444) instead of the current HTTP ports (7777 / 7778).

At this point, the status on the individual Forms and Report metrics page shows as being down.

emagent.trc shows:

ERROR fetchlets: oracle.sysman.emSDK.emd.fetchlet.FetchletException: java.io.IOException: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainInvalidErr
ERROR engine: [oracle_webcache,inbtest.xyz.abc.com_WebCache,HIST] : nmeegd_GetMetricDatafailed : oracle.s ysman.emSDK.emd.fetchlet.FetchletException: java.io.IOException: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainInvalidErr

The error_log shows:
[error] mod_ossl: SSL proto error [Hint: the client probably speaks HTTPS over HTTP proto ]
[error] mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28860 (server xyz.abc.com:4443, client 111.111.111.11)
[error] mod_ossl: SSL fatal alert
[error] mod_ossl: SSL call to NZ function

If the targets.xml is changed to it's original state, then the ASC main page and the individual Forms and Reports Services metrics pages reflect the correct status.

Changes

Configured the 10.1.2.x.x HTTP Server for the Forms and Reports Services installation to allow SSL traffic only.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.