SSL Verification fails on starting instances

4 Years Ago
JorgeR
MANAGEMENT CONSOLE

Summary

Setting up a JEE Application server to work with Bizagi fails, when attempting to configure the HTTPS protocol (use of server certificates for SSL). 

Applies to

Bizagi 10.x. JEE Using Oracle Weblogic

Symptoms

SSL verification of IP addresses (or hostnames) fails, causing nodes in the JEE server setup to not be started.

The Log displays one or both of the following errors:

BEA-090504 - Certificate chain received from localhost - 127.0.0.1 failed hostname verification check. Certificate contained xyz.abc.com but check expected localhost

BEA-090482 - BAD_CERTIFICATE alert was received from localhost.localdomain - 127.0.0.1. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.

Cause

The problem is caused by a mismatch in the configuration of IP addresses (or hostnames).

The settings of IP addresses (or hostnames) within your JEE application server (in a horizontal or vertical cluster), do not match as valid according to what resolved by the DNS for server certificates. 

Solution

According to your business needs, you may choose one of the next two options:

  • Disable the SSL verification per each node handled in the Management Console
  • Create again the server certificates, ensuring these are properly set.


To disable the SSL verification per each node handled in the Management Console (option #1), follow the next steps:

1. Open the Management console, go to Domain Structure > Environment > Servers.

2. Select each node (including management node) and go to the SSL tab located in the Configuration tab.


3. Open the Advanced tag and select None in the option Hostname Verification.


4. Finally, after the configuration was applied to all servers, restart the management servers in order to apply the changes, then start each of the nodes.

To create again the server certificates to ensure a proper configuration (option #2), follow the next steps:

1. Execute the following script according to your Operative System in order to configure the environment variables in Oracle Weblogic Classpath

<WEBLOGIC_HOME>\wlserver_12.1\server\bin\setWLSEnv.cmd

2. Backup the Demoidentity.jks keystore located in 

<WEBLOGIC_HOME>\wlserver_12.1\server\lib\DemoIdentity.jks

3. Generate the private key of the keystore using the following command:

java utils.CertGen -cn -keyfilepass DemoIdentityPassPhrase -certfile newcert -keyfile newkey

4. Import the generated key in the Demoidentity.jks using the following command:

java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile newkey.pem -keyfilepass DemoIdentityPassPhrase -certfile newcert.pem -alias demoidentity

5. Finally, Restart he management node if you performed the procedure above in the Demoidentity.jks folder. Otherwise, replace the folder and restart the management node.


Details

Last Modified:4 Years Ago
Last Modified By: JorgeR
Type: ERROR
Level: Intermediate
Rated 5 stars based on 1 vote
Article has been viewed 15.4K times.

Options