• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

BAD_CERTIFICATE alert

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,
I am setting up Weblogic8.1 to run in production mode using JRocketJVM having an admin instance and a managing instance. Iniatially, when I set up I was running Weblogic on 7010(Admin), 7012(where all Applications wil be deployed). The server instances ran fine.
Then, I modified the configuration from console application and Enabled Administration Port on 9002. I restarted the server, but the server instance running as managed server instance(7012) fails to start. The following error I see on the command line:
<Warning> <Security> <BEA-090482> <BAD_CERTIFICATE alert was received from <supernet-test.YMCA.NET - 10.17.4.19. Check the peer to determine why it rejected the certificate <trusted CA configuration, hostname verifcation>. SSl debug tracing may be required to determine the exact reason the certificate was rejected>.
thank you,
-nikhil
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First: excuse my bad english.
I have same problem. You know some soluction ?
I am trying...
Thanks
 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Check that you have SSL configured correctly on the admin server and that the CA of the managed server certs are trusted by the admin server.
By electing to have an administration port, you have elected to use SSL between admin and managed servers. The erorr you are seeing, seems to indicate that the admin server has a problem trusting the managed server's certificate.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The error "... BEA-090482 ... BAD_CERTIFICATE ... hostname verifcation ..." indicates that the common name (cn) of the server's private key does not match the expected server name.
This is very good documented under Limitation on CertGen Usage.

To solve the issue correct the common name (cn) of the private key or disable host name verification (Java option -Dweblogic.security.SSL.ignoreHostnameVerification=true).

If you are using the WebLogic demo identity and trust you can create a new private key with these commands:

JAVA_HOME=/opt/weblogic/jdk160_14
WL_HOME=/opt/weblogic/wlserver_10.3
PATH=$JAVA_HOME/bin:$PATH
export PATH

. $WL_HOME/server/bin/setWLSEnv.sh

java utils.CertGen -cn YOURSERVER.DOMAIN.COM -keyfilepass DemoIdentityPassPhrase -certfile mycert -keyfile mykey

java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile mykey.pem -keyfilepass DemoIdentityPassPhrase -certfile mycert.pem -alias demoidentity

Copy the newly created demo identity key store to $WL_HOME/server/lib directory.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic