Recently I cloned an OAM VM. When I started NodeManager for the cloned machine, I got below errors:-
06-May-2014 10:58:08 weblogic.nodemanager.server.Handler run
WARNING: Uncaught exception in server handlerjavax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from newmachine.OraWorld – 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from newmachine.OraWorld – 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
The cause of the above issue was the certificates corresponded to the old machine. So, there are two ways to solve it.
1. Disable Flags – Workaround
Put the following flags at the right places.
Node Manager: -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false
Admin Server: -Dweblogic.security.SSL.ignoreHostnameVerification=true
2. Recreate the Certificates – The recommended way.
Node manager by default uses the WebLogic demo identity keystore. The keystore is generated at install time using the CertGen utility. The generated private key uses the common name (cn) resolved by Java.
2.1 Set the PATH . $WL_HOME/server/bin/setWLSEnv.sh
2.2 Backup DemoIdentity.jks under $WL_HOME/server/lib
2.3 Generate the private key. java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile newcert -keyfile newkey
2.4 Import the key generated above to the keystore. java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile newkey.pem -keyfilepass DemoIdentityPassPhrase -certfile newcert.pem -alias demoidentity
2.5 Copy DemoIdentity.jks to $WL_HOME/server/lib
2.6 Restart your nodemanager