Hi All, I am setting up Weblogic8.1 to run in production mode using JRocketJVM having an admin instance and a managing instance. Iniatially, when I set up I was running Weblogic on 7010(Admin), 7012(where all Applications wil be deployed). The server instances ran fine. Then, I modified the configuration from console application and Enabled Administration Port on 9002. I restarted the server, but the server instance running as managed server instance(7012) fails to start. The following error I see on the command line: <Warning> <Security> <BEA-090482> <BAD_CERTIFICATE alert was received from <supernet-test.YMCA.NET - 10.17.4.19. Check the peer to determine why it rejected the certificate <trusted CA configuration, hostname verifcation>. SSl debug tracing may be required to determine the exact reason the certificate was rejected>. thank you, -nikhil
Check that you have SSL configured correctly on the admin server and that the CA of the managed server certs are trusted by the admin server. By electing to have an administration port, you have elected to use SSL between admin and managed servers. The erorr you are seeing, seems to indicate that the admin server has a problem trusting the managed server's certificate.
BEA Certified WebLogic Server Specialist.<br />Author of Whizlabs Weblogic 7.0 Simulator:<br /><a href="http://www.whizlabs.com/weblogic/weblogic.html" target="_blank" rel="nofollow">http://www.whizlabs.com/weblogic/weblogic.html</a><p>Moderator of Whizlabs Weblogic Certification forum:<br /><a href="http://www.whizlabs.com/ubbthreads/postlist.php?Cat=&Board=Weblogic" target="_blank" rel="nofollow">http://www.whizlabs.com/ubbthreads/postlist.php?Cat=&Board=Weblogic</a>
The error "... BEA-090482 ... BAD_CERTIFICATE ... hostname verifcation ..." indicates that the common name (cn) of the server's private key does not match the expected server name.
This is very good documented under Limitation on CertGen Usage.
To solve the issue correct the common name (cn) of the private key or disable host name verification (Java option -Dweblogic.security.SSL.ignoreHostnameVerification=true).
If you are using the WebLogic demo identity and trust you can create a new private key with these commands: