File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes BEA/Weblogic and the fly likes BAD_CERTIFICATE alert Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "BAD_CERTIFICATE alert " Watch "BAD_CERTIFICATE alert " New topic



Joined: Mar 22, 2004
Posts: 2
Hi All,
I am setting up Weblogic8.1 to run in production mode using JRocketJVM having an admin instance and a managing instance. Iniatially, when I set up I was running Weblogic on 7010(Admin), 7012(where all Applications wil be deployed). The server instances ran fine.
Then, I modified the configuration from console application and Enabled Administration Port on 9002. I restarted the server, but the server instance running as managed server instance(7012) fails to start. The following error I see on the command line:
<Warning> <Security> <BEA-090482> <BAD_CERTIFICATE alert was received from <supernet-test.YMCA.NET - Check the peer to determine why it rejected the certificate <trusted CA configuration, hostname verifcation>. SSl debug tracing may be required to determine the exact reason the certificate was rejected>.
thank you,
Alexandre Fidalgo

Joined: Apr 14, 2004
Posts: 1
First: excuse my bad english.
I have same problem. You know some soluction ?
I am trying...
Dilip Karki

Joined: Apr 20, 2004
Posts: 20
Check that you have SSL configured correctly on the admin server and that the CA of the managed server certs are trusted by the admin server.
By electing to have an administration port, you have elected to use SSL between admin and managed servers. The erorr you are seeing, seems to indicate that the admin server has a problem trusting the managed server's certificate.

BEA Certified WebLogic Server Specialist.<br />Author of Whizlabs Weblogic 7.0 Simulator:<br /><a href="" target="_blank" rel="nofollow"></a><p>Moderator of Whizlabs Weblogic Certification forum:<br /><a href="" target="_blank" rel="nofollow"></a>
Klaus Kreuzwieser

Joined: Dec 19, 2009
Posts: 1
The error "... BEA-090482 ... BAD_CERTIFICATE ... hostname verifcation ..." indicates that the common name (cn) of the server's private key does not match the expected server name.
This is very good documented under Limitation on CertGen Usage.

To solve the issue correct the common name (cn) of the private key or disable host name verification (Java option

If you are using the WebLogic demo identity and trust you can create a new private key with these commands:

export PATH

. $WL_HOME/server/bin/

java utils.CertGen -cn YOURSERVER.DOMAIN.COM -keyfilepass DemoIdentityPassPhrase -certfile mycert -keyfile mykey

java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile mykey.pem -keyfilepass DemoIdentityPassPhrase -certfile mycert.pem -alias demoidentity

Copy the newly created demo identity key store to $WL_HOME/server/lib directory.
I agree. Here's the link:
subject: BAD_CERTIFICATE alert
It's not a secret anymore!