Oracle VM: Importing CA Signed SSL certificate in OVM Manager Fails With "Error configuring client certificate login" (Doc ID 2572014.1)

Last updated on FEBRUARY 08, 2024

Applies to:

Symptoms

When importing CA signed certificate for the Oracle VM Manager as per Doc ID 2296337.1, executing configure_client_cert_login.sh fails with the following error:

#/u01/app/oracle/ovm-manager-3/bin/configure_client_cert_login.sh /u01/app/oracle/java/bin/Certificate_Chain/Essent_Enterprise_Root_CA_3015.cer.pem

....Completed the deployment of Application with status completed
Current Status of your Deployment:
Deployment command type: deploy
Deployment State : completed
Deployment Message : no message
Already in Domain Config Tree

Already in Domain Config Tree

2019-07-12 11:23:53,695 [main] INFO ovm.wlst.domainbuilder.Domain - Created a user named appframework
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/u01/app/oracle/ovm-manager-3/ovm_cli/lib/slf4j-log4j12.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/u01/app/oracle/Middleware/wlserver/modules/features/weblogic.server.merged.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
Jul 12, 2019 11:23:54 AM oracle.security.jps.JpsStartup start
INFO: Jps initializing.
Jul 12, 2019 11:23:56 AM oracle.security.jps.JpsStartup start
INFO: Jps started.
2019-07-12 11:23:57,198 [main] ERROR com.oracle.appfw.ovm.ws.client.SSLClientUtil - Unhandled Exception!
com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection refused (Connection refused)
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java)
at com.sun.jersey.api.client.Client.handle(Client.java)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java)
at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java)
at com.oracle.ovm.mgr.ws.client.RestClient.login(RestClient.java:546)
at com.oracle.ovm.mgr.ws.client.OvmWsRestClient.login(OvmWsRestClient.java:126)
at com.oracle.ovm.mgr.ws.client.RestClient.login(RestClient.java:522)
at com.oracle.appfw.ovm.ws.client.SSLClientUtil.setUpClientCertificateAuthentication(SSLClientUtil.java:284)
...
at com.oracle.ovm.mgr.ws.client.RestClient.logout(RestClient.java:590)
at com.oracle.appfw.ovm.ws.client.SSLClientUtil.setUpClientCertificateAuthentication(SSLClientUtil.java:369)
at com.oracle.appfw.ovm.ws.client.SSLClientUtil.main(SSLClientUtil.java:190)
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:344)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:630)
at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)
at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:993)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1361)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:347)
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java)
... 8 more
Exception in thread "main" com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection refused (Connection refused)  <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java)
at com.sun.jersey.api.client.Client.handle(Client.java)
at com.sun.jersey.api.client.WebResource.voidHandle(WebResource.java)
...
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:347)
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java)
... 8 more
Problem invoking WLST - Traceback (innermost last):
File "/u01/app/oracle/ovm-manager-3/ovm_wlst/jython/reconfigAppFwAuth.py", line 26, in ?
File "/u01/app/oracle/Middleware/oracle_common/common/wlst/modules/ovm/wlst/commands.py", line 316, in configureAppFwAuthentication
File "/u01/app/oracle/Middleware/oracle_common/common/wlst/modules/ovm/wlst/domainbuilder.py", line 629, in configureAppFwAuthentication
WLSTException: Failed to configure AppFramework authentication.

<Jul 12, 2019 11:23:57 AM EDT> <Warning> <JNDI> <BEA-050001> <WLContext.close() was called in a different thread than the one in which it was created.>

Error configuring client certificate login <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

 Checking the AdminServer.log shows the following errors:

####<2019-07-12T11:23:37.798-0400> <Error> <Security> <ovm-mgr3.ux.essent.us>
<AdminServer> <[ACTIVE] ExecuteThread: '0' for queue:
'weblogic.kernel.Default (self-tuning)'> <> <>
<a3fe508e-7265-469f-9288-9403ad981da8-00000007> <1562945017798> <BEA-090929>
<Unable to load key store [keyStoreType="jks",
source="/u01/app/oracle/java/bin/keystore.jks",
exception="java.io.FileNotFoundException",
message="/u01/app/oracle/java/bin/keystore.jks (Permission denied)"]>

Changes

Importing CA certificate instead of default certificate for Oracle VM Manager

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.