Share the content if you found it is useful (You can share using 300 community websites) click "share" at the end of the post.

You are encouraged to leave a comment.








Friday, August 16, 2013

faststartstop utility fails with [Security:090479]Certificate chain received from fusionapp - 192.168.0.200 failed date validity checks.

Today,

when about to start fusion applications using faststartstop utility,

We encountered a problem like:

[TRACE:16] [] [WLC] [oracle.apps.startstop.util.WLSTCommand: checkNodeManagerStatus.785] [tid:10] Calling command nmConnect() in Thread#Main Thread for domain BIDomain
[2013-08-16T14:45:26.026+05:30] [fastartstop] [ERROR:1] [SSUTIL023] [Util] [oracle.apps.startstop.util.WLSTCommand: checkNodeManagerStatus.795] [tid:10] Error connecting to Node manager on host [fusionapp:5557] for domain BIDomain. Please verify node manager status.
[2013-08-16T14:45:26.026+05:30] [fastartstop] [ERROR:1] [] [Util] [oracle.apps.startstop.util.WLSTCommand: checkNodeManagerStatus.795] [tid:10] SSUTIL023
Traceback (innermost last):
  File "", line 1, in ?
  File "", line 123, in nmConnect
  File "", line 648, in raiseWLSTException
WLSTException: Error occured while performing nmConnect : Cannot connect to Node Manager. : [Security:090479]Certificate chain received from fusionapp - 192.168.0.200 failed date validity checks.
Use dumpStack() to view the full stacktrace

        at org.python.core.Py.makeException(Unknown Source)
        at org.python.pycode._pyx2.raiseWLSTException$38(:648)
        at org.python.pycode._pyx2.call_function()
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.pycode._pyx2.nmConnect$3(:123)
        at org.python.pycode._pyx2.call_function()
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.pycode._pyx12.f$0(:1)
        at org.python.pycode._pyx12.call_function()
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyCode.call(Unknown Source)
        at org.python.core.Py.runCode(Unknown Source)
        at org.python.core.Py.exec(Unknown Source)
        at org.python.util.PythonInterpreter.exec(Unknown Source)
        at weblogic.management.scripting.utils.WLSTInterpreter.exec(WLSTInterpreter.java:509)
        at oracle.apps.startstop.util.WLSTCommand.checkNodeManagerStatus(WLSTCommand.java:789)
        at oracle.apps.startstop.util.SSUtils.checkNodeManagerOnAllAdminHosts(SSUtils.java:376)
        at oracle.apps.startstop.invoke.InvocationMgrImpl.invoke(InvocationMgrImpl.java:208)
        at oracle.apps.startstop.cli.FAEnv.runStartStop(FAEnv.java:109)
        at oracle.apps.startstop.cli.FAEnv.main(FAEnv.java:170)

[2013-08-16T14:45:26.026+05:30] [fastartstop] [ERROR:1] [SSUTIL023] [UTIL] [oracle.apps.startstop.util.SSUtils: checkNodeManagerOnAllAdminHosts.383] [tid:10] Error connecting to Node manager on host [fusionapp:5557] for domain BIDomain. Please verify node manager status.



FIX:

Navigate to fusionapplications weblogic home/server/lib

 cd wlserver_10.3/server/lib
[oracle@fusionapp lib]$ ls -lrt *.jks
-rwxr-x--- 1 oracle dba  2629 Jan 16  2013 DemoTrust.jks
-rwxr-x--- 1 oracle dba   994 Jan 16  2013 DemoIdentity.jks
-rw-r--r-- 1 oracle dba  1378 Jan 16  2013 fusionapp_fusion_identity.jks
-rw-r--r-- 1 oracle dba 82498 Jan 17  2013 fusion_trust.jks

[oracle@fusionapp lib]$ keytool -list -v -keystore fusionapp_fusion_identity.jks -storepass Welcome1

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: fusionapp_fusion
Creation date: Jan 16, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=fusionapp.chainsys.com, OU=defaultOrganizationUnit, O=defaultOrganization, C=US
Issuer: CN=fusionapp.chainsys.com, OU=defaultOrganizationUnit, O=defaultOrganization, C=US
Serial number: 50f6a124
Valid from: Wed Jan 16 18:16:28 IST 2013 until: Mon Jul 15 18:16:28 IST 2013
Certificate fingerprints:
         MD5:  A9:C5:1E:7A:88:1F:C1:0B:26:38:B7:C1:E9:E9:FD:15
         SHA1: F8:61:53:4D:99:CC:25:DE:2C:96:A6:A7:3D:D1:3E:4F:54:1D:26:0E
         Signature algorithm name: SHA1withRSA
         Version: 3


*******************************************
*******************************************


cp fusionapp_fusion_identity.jks fusionapp_fusion_identity.jks_bk
[oracle@fusionapp lib]$ cd /tmp
[oracle@fusionapp tmp]$ mkdir certificate
[oracle@fusionapp tmp]$ cd certificate

[oracle@fusionapp certificate]$ keytool -genkeypair -keyalg RSA -alias "fusionapp_fusion" -keystore fusionapp_fusion_identity.jks -validity 365 -dname 'CN=fusionapp.chainsys.com, OU=defaultOrganizationUnit, O=defaultOrganization, C=US'
Enter keystore password:
Re-enter new password:
Enter key password for
        (RETURN if same as keystore password):

-------------------
[oracle@fusionapp certificate]$ keytool -export -alias fusionapp_fusion -rfc -keystore fusionapp_fusion_identity.jks -file fusionapp_fusion_identity.cer
Enter keystore password:
Certificate stored in file
---------------------

[oracle@fusionapp certificate]$ ls -lrt
total 8
-rw-r--r-- 1 oracle dba 1378 Aug 16 15:22 fusionapp_fusion_identity.jks
-rw-r--r-- 1 oracle dba  865 Aug 16 15:29 fusionapp_fusion_identity.cer
[oracle@fusionapp certificate]$
----------
[oracle@fusionapp lib]$ keytool -delete -alias fusionapp_fusion -keystore fusion_trust.jks
Enter keystore password:
[oracle@fusionapp lib]$

--------------

[oracle@fusionapp lib]$ keytool -import -alias fusionapp_fusion -keystore fusion_trust.jks -file fusionapp_fusion_identity.cer
Enter keystore password:
Owner: CN=fusionapp.chainsys.com, OU=defaultOrganizationUnit, O=defaultOrganization, C=US
Issuer: CN=fusionapp.chainsys.com, OU=defaultOrganizationUnit, O=defaultOrganization, C=US
Serial number: 520df643
Valid from: Fri Aug 16 15:22:03 IST 2013 until: Sat Aug 16 15:22:03 IST 2014
Certificate fingerprints:
         MD5:  AC:47:60:B0:12:5F:0B:83:CD:32:CE:E7:07:5B:56:EF
         SHA1: 66:7E:CB:E4:26:12:0D:63:CD:C1:9B:98:2A:7E:15:DC:BC:B2:40:DA
         Signature algorithm name: SHA1withRSA
         Version: 3
Trust this certificate? [no]:  Yes
Certificate was added to keystore
[oracle@fusionapp lib]$

---------


[oracle@fusionapp lib]$ cp /tmp/certificate/fusionapp_fusion_identity.jks .
[oracle@fusionapp lib]$ keytool -list -v -keystore fusionapp_fusion_identity.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: fusionapp_fusion
Creation date: Aug 16, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=fusionapp.chainsys.com, OU=defaultOrganizationUnit, O=defaultOrganization, C=US
Issuer: CN=fusionapp.chainsys.com, OU=defaultOrganizationUnit, O=defaultOrganization, C=US
Serial number: 520df643
Valid from: Fri Aug 16 15:22:03 IST 2013 until: Sat Aug 16 15:22:03 IST 2014
Certificate fingerprints:
         MD5:  AC:47:60:B0:12:5F:0B:83:CD:32:CE:E7:07:5B:56:EF
         SHA1: 66:7E:CB:E4:26:12:0D:63:CD:C1:9B:98:2A:7E:15:DC:BC:B2:40:DA
         Signature algorithm name: SHA1withRSA
         Version: 3


*******************************************
*******************************************


Now start the nodemanager, managed servers.


Now it should start normally.



Cheers!!!

No comments:

Related Posts Plugin for WordPress, Blogger...

Let us be Friends...

Share |

Popular Posts

Labels

11.5.1. to 11.5.5 Cloning Procedure. 11g 11i 11i and R12 11i Autoconfig 11i Cloning 12.1.1 SSL 2 Node RAC Adconfig.sh errors out adgennls.pl adop Advanced Replication Apache version Apex Apex for Oracle database Apex Installation Apex Installation on Oracle E Business Suite. 11i with Apex Apex on 11i Apex on Oracle 11i Apex402 apexins.sql APPL_TOP Character Application Express Application server Issue APPLSYS password Apps Password Asynchronous Replication Autoconfig Autoconfig Managed Beehive Bit of operating system Block block media corrupt BPEL Central Inventory Character Set Conversion Cloning of 11i Cloning of Oracle Applications Clusterware Concurrent CPU 2011 CPU 2012 April CPU 2012 January. CPU 2012 October CRS custom top Custom Top Creation Database . Database Query Dataguard DBMS_REPAIR Demantra . Domain Name E Business Suite Migration EBS 12.2 EPM exp/imp Oracle Applications Flashback table flows_020200 FND_TOP/resource FNDCPASS FNDCPUCF Forms server upgrade Forms startup FRM-92101 Fusion Middleware Hostname Hot Backup Hot cloning HotBackup Hotbackup Cloning of Oracle Apps hrglobal.drv. NLS Saudi Arabian HRMS hyperion Import and Export Oracle Applications Install Oracle Installation of R12 Installation Steps integration Oracle EBS Issues Database issues Oracle EBS Issues with Upgrade 12.1.1 Java Mission Control Java Upgrade java/sql/SavePoint JInitiator Junk Characters Language Translation Linux Linux Migration listener trace Listner version Local Inventory Login Page Master-Master Replication Memory Tuning Multiple Language NLS Non-Autoconfig Enabled OBIEE 11g Installation OBIEE Issues OIM Opatch version OpenSSL ora-01031 Oracle oracle 11g Oracle Announcement Oracle Application servers Oracle Application services Oracle Applications Oracle Applications 11i oracle applications 12.2 Oracle Applications Cloning Oracle Applications Upgrade Oracle Applications. Oracle Apps cloning Oracle BPEL oracle certifications oracle database Oracle Database RMAN Oracle Database upgradation Oracle DB oracle E Business suite 12.2 Oracle EBS oracle EPM Oracle Forms Logo oracle Fusion Applications Oracle Inventory oracle news Oracle OUI Oracle R12 oracle Sun Solaris Oracle Tuning Oracle Virtual Box Oracle Webgate Oracle WMA configuration orcladmin password for Oracle Applications Pasta Configuration pasta.cfg patch PDF Performance Physical Standby Platform migration Printer Configuration Profile Option R12 RAC Rapid Install Rapidwiz Real Application Clusters 10g Recovery RMAN RMAN Recovery SA Gosi Service Oriented Architecture SOA SQLTXPLAIN SSL Configuration step-by-step upgrade Sun solaris Swap Tablespace Trace Enable Trace file Translation Synchronization Patch transport tablespace tuning Tuning SGA uifont.ali Underscore Universal Content Management updates.oracle.com Upgradation of 12.0.5 to 12.1.1 Upgrade Upgrade 11g Upgrade Apps Upgrade DB Upgrade to 11g UTF8 version of oracle applications versions Web server upgrade weblogic windows workflow version XML Publisher version