My Oracle Support Banner

Patch Pre-check Fails on JCS when using Custom Identity and Custom Trust for SSL on WebLogic Server (Doc ID 2358621.1)

Last updated on MARCH 14, 2019

Applies to:

Java Cloud Service - Version N/A and later
Information in this document applies to any platform.

Symptoms

Current Environment: WLS 12.2.1.2.171027


ISSUE:

- While running patch pre-check via JCS UI , we get the following error

- The following error is shown in the activity log..

 

 - The nodemanager process was running when the patch precheck was run from the JCS UI

-  We can use WLST to connect to the nodemanager after setting JAVA_OPTIONS for WLST

 [oracle@xxxxxxxxxxxx~]$ . /u01/app/oracle/middleware/wlserver/server/bin/setWLSEnv.sh
CLASSPATH=/u01/jdk/lib/tools.jar:/u01/app/oracle/middleware/wlserver/modules/features/wlst.wls.classpath.jar:

PATH=/u01/app/oracle/middleware/wlserver/server/bin:/u01/app/oracle/middleware/wlserver/../oracle_common/modules/org.apache.ant_1.9.2/bin:/u01/jdk/jre/bin:/u01/jdk/bin:/u01/jdk/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/u01/app/oracle/tools/home/oracle/bin:/u01/app/oracle/middleware/wlserver/../oracle_common/modules/org.apache.maven_3.2.5/bin

Your environment has been set.
[oracle@xxxxxxxxxxx ~]$ java -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/u01/data/domains/example_domain/ssl/example.jks -Dweblogic.security.SSL.trustedCAkeystore=/u01/data/domains/example_domain/ssl/example.jks weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> nmConnect("username","password","hostname","5556","domain name","domain path","SSL")
Connecting to Node Manager ...
<Feb 7, 2018 9:31:32 PM UTC> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Feb 7, 2018 9:31:32 PM UTC> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Feb 7, 2018 9:31:32 PM UTC> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier.>
Successfully Connected to Node Manager.
wls:/nm/wonopcda_domain>

 

- Using wlst.sh , we cannot connect to the nodemanager 

 

[oracle@xxxxxxxxxxxx ~]$ /u01/app/oracle/middleware/oracle_common/common/bin/wlst.sh

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> nmConnect("weblogic","xxxxxxxxx","xxxxxxxxx","5556","xxxxxxxxxx", "u01/data/domains/xxxxxxxxxx","ssl")
Connecting to Node Manager ...
<Feb 7, 2018 9:23:58 PM UTC> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Feb 7, 2018 9:23:58 PM UTC> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Feb 7, 2018 9:23:58 PM UTC> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier.>
Traceback (innermost last):
File "<console>", line 1, in ?
File "<iostream>", line 111, in nmConnect
File "<iostream>", line 553, in raiseWLSTException
WLSTException: Error occurred while performing nmConnect : Cannot connect to Node Manager. : General SSLEngine problem
Use dumpStack() to view the full stacktrace :
wls:/offline>

 

 

Changes

 - Customer configured WebLogic Server to use Custom Identity and Custom Trust for SSL

 - Nodemanager password was not modified and is the same from the time the instance was provisioned.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.