Management nodes SSL.

Hello

I created a keystore certificate, identity and free to replace the demo/keystore certificates signed approval. When I start the node agent, it is said that it loads the DemoIdentity.jks. I remember to add a JAVA_OPTION parameter to the startup script to make it to load my own identity keystore but I don't remember what the parameter is (after trying many times with different parameters). Unfortunately, I deleted my old script and I have

Nobody knows what the parameter is to replace the demo identity with my own keystore keystore?

Thank you!

p.s. Do not know why but the edition of the nodemanager.properties to replace the demonstration with mine, files will not work.

Hello..

Put yourself in the nodemanager.properties (located in your directory home nodemanager).

for example

# SSL definitions
Keystore = CustomIdentityAndCustomTrust
CustomIdentityKeyStoreFileName=/progs/bea/wls10mp1/wlserver_10.0/server/lib/MyCustomIdentity.jks
CustomIdentityKeyStoreType = jks
CustomIdentityKeyStorePassPhrase = myStorePassword
CustomIdentityAlias = myIdentityAlias
CustomIdentityPrivateKeyPassPhrase = myIdentityKeyPassword

.. Select this option.

Tags: Fusion Middleware

Similar Questions

Coherence 12 c - JMX Management Node starts

Hello
Recently we have improved our cluster of coherence version stand alone from 3.7 to 12 c,.
as a result we are more able to start a JMX management Node.
Startup fails with:
'Cannot use the class com.tangosol.net.ExtensibleConfigurableCacheFactory' (see full log below).
We noticed that ExtensibleConfigurableCacheFactory.class belongs to the coherence.jar, added in version 12 c.
"JMX Management Node startup script built according to ' 17.3.1 from a JMX management node ' in the getting started with the Oracle coherence - 12 c Release 2 (12.1.0.2) Management Pack
Management agents updated to version 12.1.0.3, the coherenceEMIntg.jar and the bulkoperationsmbean.jar identical to that previous version 3.7.
From script:
Java-serveur - showversion-Xms1024m-Xmx1024m - XX : + HeapDumpOnOutOfMemoryError-Dtangosol.coherence.clusterport=$CLS_PORT-Dtangosol.coherence.clusteraddress=$CLS_ADDRESS-Dcom.sun.management.jmxremote.ssl=false-Dcom.sun.management.jmxremote.authenticate=false-Dtangosol.coherence.management.remote=true-Dtangosol.coherence.management=all-Dcom.sun.management.jmxremote.port=4444-Doracle.coherence.startscript=$START_SCRIPT-Doracle.coherence.home=$7-Dtangosol.coherence.member=$1-Dtangosol.coherence.cluster=$CLS_NAME-Dtangosol.coherence.localhost=$2-Dtangosol.coherence.machine=$HOST-Doracle.coherence.machine=$HOST-Dtangosol.coherence.localport=$3-Dtangosol.coherence.distributed.localstorage=false-Dtangosol.pof.enabled=false-Dtangosol.coherence.management.refresh.expiry=1m - Dtangosol.coherence.ttl=0 - Dtangosol.coherence.log.level=9 -cp $COHERENCE_HOME/libs/c3p0-0.9.1.jar:$COHERENCE_HOME/libs/coherence-hibernate.jar:$COHERENCE_HOME/libs/coherence-jpa.jar:$COHERENCE_HOME/libs/coherence.jar:$COHERENCE_HOME/libs/commons-collections-3.1.jar:$COHERENCE_HOME/libs/dom4j-1.6.1.jar:$COHERENCE_HOME/libs/hibernate-jpa-2.0-api-1.0.1.Final.jar:$COHERENCE_HOME/libs/hibernate3.jar:$COHERENCE_HOME/libs/javassist-3.12.0.GA.jar:$COHERENCE_HOME/libs/jta-1.1.jar:$COHERENCE_HOME/libs/jtds-1.2.5.jar:$COHERENCE_HOME/libs/ojdbc14.jar:$COHERENCE_HOME/libs/slf4j-api-1.6.1.jar:$COHERENCE_HOME/libs/sqljdbc4.jar:$COHERENCE_HOME/libs/bulkoperationsmbean.jar : $COHERENCE_HOME/libs/coherenceEMIntg.jar oracle.sysman.integration.coherence.EMIntegrationServer
Any advice would be much appreciated.
Arkady.
Full of the error:
version Java "1.7.0.
Java (TM) SE Runtime Environment (build 1.7.0 - b147)
Java for 64-bit Server VM (build 21, 0 - b17, mixed mode)
2014-03-04 09:18:55.420/0.763 Oracle coherence 12.1.2.0.0 < Info > (thread = main Member, = n/a): responsible operational configuration of "jar:file:/etc/coherenceSrv/libs/coherence.jar!/tangosol-coherence.xml".
2014-03-04 09:18:55.507/0.850 Oracle coherence 12.1.2.0.0 < Info > (thread = main Member, = n/a): responsible for operational substitutions of "jar:file:/etc/coherenceSrv/libs/coherence.jar!/tangosol-coherence-override-dev.xml".
2014-03-04 09:18:55.508/0.851 Oracle coherence 12.1.2.0.0 < D5 > (thread = main Member, = n/a): configuration optional override ' / tangosol-coherence - override.xml ' is not specified
2014-03-04 09:18:55.514/0.857 Oracle coherence 12.1.2.0.0 < D5 > (thread = main Member, = n/a): configuration optional override "cache-factory - config.xml" is not specified
2014-03-04 09:18:55.514/0.857 Oracle coherence 12.1.2.0.0 < D5 > (thread = main Member, = n/a): configuration optional override "cache-factory-generator - config.xml" is not specified
2014-03-04 09:18:55.515/0.858 Oracle coherence 12.1.2.0.0 < D5 > (thread = main Member, = n/a): configuration optional override "/ custom - mbeans.xml ' is not specified
2014-03-04 09:18:55.516/0.859 Oracle coherence 12.1.2.0.0 < D6 > (thread = main Member, = n/a): loaded data edition of "jar:file:/etc/coherenceSrv/libs/coherence.jar!/coherence-grid.xml".
Oracle Version 12.1.2.0.0 Build 44396 consistency
Grid edition: development Mode
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
2014-03-04 09:18:55.871/1.214 Oracle coherence GE 12.1.2.0.0 < Info > (thread = main Member, = n/a): configuration of the loaded cache of 'jar:file:/etc/coherenceSrv/libs/coherence.jar!/coherence-cache-config.xml '.
2014-03-04 09:18:56.090/1.433 Oracle coherence GE 12.1.2.0.0 < Info > (thread = main Member, = n/a): configuration of the loaded cache of 'jar:file:/etc/coherenceSrv/libs/coherence.jar!/internal-txn-cache-config.xml '.
2014-03-04 09:18:56.316/1.659 Oracle coherence GE 12.1.2.0.0 < Info > (thread = main Member, = n/a): configuration of journalist in charge of "jar:file:/etc/coherenceSrv/libs/coherence.jar!/reports/report-group.xml".
2014-03-04 09:18:56.643/1.986 Oracle coherence GE 12.1.2.0.0 < Info > (thread = main Member, = n/a): created cache factory com.tangosol.net.ExtensibleConfigurableCacheFactory
Cannot use the com.tangosol.net.ExtensibleConfigurableCacheFactory class

We try to update the agents 12.1.0.5 OEM version

will update if it worked.

WLST - do not run the command nmConnect() / Manager node becomes unreachabl
Hello guys,.

I am facing a few questions to set up certain configurations of an application I deployed on weblogic 10.3.3.0.

One of the steps required to configure this application is open the WLST offline, run 2 commands:

*/BEA/mytrack/wlserver_10.3/common/bin/WLST.sh*

Then I try to connect in the nodemanager:

* wls: / offline > nmConnect ('admin30800', 'weblogic_password', port = '30801', domainName = 'track30800') *.

Returns the following error:

Connection to the node Manager...
< July 13, 2011 2:23:45 PM CDT > < opinion > < security > < BEA-090898 > < without taking account of the approved CA 'CN is thawte Primary Root CA - G3, OR = (c) 2008 thawte\, Inc. - authorized only use, OR = Division Certification Service, O = thawte\, Inc., C = US ". Loading certificate trust list triggered a certificate of analysis exception PKIX: OID not supported in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
< 13 July 2011 2:23:45 PM CDT > < opinion > < security > < BEA-090898 > < without taking account of the approved CA ' CN = T-TeleSec GlobalRoot class 3, OU = T - Systems Trust Center, O = T - Systems Enterprise Services GmbH, C = OF. Loading certificate trust list triggered a certificate of analysis exception PKIX: OID not supported in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
< 13 July 2011 2:23:45 PM CDT > < opinion > < security > < BEA-090898 > < without taking account of the approved CA ' CN = T-TeleSec GlobalRoot class 2, OR = T - Systems Trust Center, O = T - Systems Enterprise Services GmbH, C = OF. Loading certificate trust list triggered a certificate of analysis exception PKIX: OID not supported in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
< 13 July 2011 2:23:45 PM CDT > < opinion > < security > < BEA-090898 > < without taking account of the approved CA 'CN = GlobalSign, O = GlobalSign, OU = GlobalSign Root CA - R3. Loading certificate trust list triggered a certificate of analysis exception PKIX: OID not supported in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
"" < 13 July 2011 2:23:45 PM CDT > < opinion > < security > < BEA-090898 > < without taking account of the approved CA "OU = safety Communication RootCA2, O = SECOM Trust Systems CO.\,LTD.,C=JP. Loading certificate trust list triggered a certificate of analysis exception PKIX: OID not supported in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
< 13 July 2011 2:23:45 PM CDT > < opinion > < security > < BEA-090898 > < without taking account of the approved CA ' CN = VeriSign universal Root Certification Authority, OR = (c) 2008 VeriSign\, Inc. - For authorized use only, OU = VeriSign Trust Network, O = VeriSign\, Inc., C = US ". Loading certificate trust list triggered a certificate of analysis exception PKIX: OID not supported in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
< 13 July 2011 2:23:45 PM CDT > < opinion > < security > < BEA-090898 > < without taking account of the approved CA 'CN = AC KEYNECTIS ROOT, OU = ROOT, O is KEYNECTIS, C = EN ". Loading certificate trust list triggered a certificate of analysis exception PKIX: OID not supported in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
< July 13, 2011 2:23:45 PM CDT > < opinion > < security > < BEA-090898 > < without taking account of the approved CA 'CN = GeoTrust Primary Certification Authority - G3, OR = (c) 2008 GeoTrust Inc. - only for authorized usage, O = GeoTrust Inc., C = US'. Loading certificate trust list triggered a certificate of analysis exception PKIX: OID not supported in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
Traceback (innermost last):
Folder "system <>", line 1, in?
File '< iostream >", line 123, in nmConnect
File '< iostream >", line 646, in raiseWLSTException
WLSTException: An error occurred when executing nmConnect: unable to connect to the Node Manager. : Access denied to the field 'track30800' for the user 'admin30800'

I did some research and found this thread here: http://kr.forums.oracle.com/forums/thread.jspa?threadID=788163
that solves the initial problem, but after I did the nmConnect and an storeUserConfig() order exit() the WLST, I restart the management node successfully, the node Manager becomes inaccessible.

I used the console SMA WL and access-> appdomain-> environment-> machinery-> surveillance-> State of the node Manager to check the inaccessible State.

Thanks in advance,

Davinod
Hi Davinod,

This issue seems to occur due to the name of user and password credentials Manager node in the console using some unwanted username and password incorrect.

Please, try the following to resolve this problem:
1. change username and password console NodeManager NodeManager and put them as well as the credentials of username/password of domain name.
2. restart the whole field, Nodemanager process after the change.

Here is the procedure to change the user and password name Nodemanager console:
1. connect to the WebLogic console--> click on Domain--> go to the Security tab and advanced options.
2. change the identification information in the console for NodeManager username and password NodeManager, activate the changes.

Thank you
Cree

Management node for two areas located on the same server
I need help to understand how to set up management node for two areas on the same servers. My configuration is:

Server A:
AdminServer to area D1
ManagedServer1 area D1
ManagedServer2 domain D2
ServerB:
AdminServer for domain D2
ManagedServer1 domain D2
ManagedServer2 area D1

Just to clarify, D1 and D2 are dev and qa environment. WebLogic configurations and domain are all in different and completely separate folders.

I started a manager based on java node on each server. Managers node configs are in different folders as well. Something is messed up, because it does not work properly. For example when I start nodes on server B Manager, he kills AdminServer for D2.

Can I have that one manager of the nodes in this configuration, and the problem is in the config somewhere?
I should have a management node on each server for each domain (two per server node managers?)

Sorry if this is a basic trick, I am newbie in the weblogic configurations.

Thank you
Oleg
Not sure why you have several domains. A server administrator can manage multiple clusters in a single domain. A domain is just a group admin servers and clusters. You could do something like:

Server A:
AdminServer domain D1 with 2 groups C1, C2
ManagedServer1 cluster C1
ManagedServer2 cluster C2
ServerB:
ManagedServer1 cluster C2
ManagedServer2 cluster C1

that would allow you to use only 1 nodemanager by server

With your current setup, make sure that each of your domains using a Nodemanager port separate from each other. The default value is 5556, so if two of your domains use the same port NM, there will be a problem.

For example, with your domain name:

Server A:
AdminServer to area D1
ManagedServer1 domain D1 - use port 5556 NM
ManagedServer2 domain D2 - use NM port 5557
ServerB:
AdminServer for domain D2
ManagedServer1 domain D2 - use NM port 5557
ManagedServer2 domain D1 - use port 5556 NM

You will need set the nodemanager.properties and the configuration of the Machine in BOTH appropriate for each administration console. You should be able to run multiple nodemanagers on different ports.

Configure Manager node for the two areas in weblogic

Hi friends,
I'm kinda new to weblogic. I need help to configure nodemanager to two areas.
I created two areas
1 Classicdomain
2 RPMdomain
For classic field, I created the machine and all the server has added to this machine.
MachineName: localmachine
Port: 5556
Plain
For RPMdomain I created the machine with the same name and the port and all servers added to this machine.
I registered both server using nmroll().
First domain has been configured with nodemanager.
In the second area, I am not able to start a stop managed server via the console.
Could someone please let me know how to configure the nodemanager.
Kind regards
Prates

Are able to launch those instances successfully from the command line using the command startManagedWeblogic.sh? Once you have started it, try stopping through the node Manager and then start it upward.

Also, do you have JSSE enabled in your case and/or disabled hostname verification? These errors indicate fundamentally flawed SSL handshakes with the node Manager.

Replacement App Manager volume SSL

Version AppVolume Version: 2.10.0.1412
Someone has managed to replace the SSL certificate for Appvolume Manager? I followed the article replacement App Manager SSL certificate Volumes (2095969) for the creation of cert CSR, restarted service manager but still by default in the old cert.
Thanks in advance...

Ah yes, the certificate number.

I can't open the link you provided (vmware new offline KB) but according to me, they say that you need create your own certificate file (.crt file and .key vial right?) and replace the original svserver.crt and the .key file right?

Unfortenately which is not enough. Apparently they now continue to use appvol_self_vmware.com.crt and .key file. You must also replace those files with your newly created certificate and your good to go.

In addition, restart the server, not only the service, we found that it works better.

Manager node of competitor name question
Hi all

Recently one of the EBS 11i (11.5.10.2 + RHEL 4.7) node (node VM) has been cloned to another node. So I had to change the cloned application host name. I followed the link meta notes 338003.1 and 341322.1. I changed the host name successfully and able to access the application as well. When I check the status of the concurrent process manager, its real-1 display and target-1. B * c the problem is that some of the process node name shows the name of the previous node (the name of the node where cloned). * for output example node name Post Processor shows the previous and his status showing real - 0 and target - 1. Please let me know why this has happened and also how can I solve this problem?

Thank you
Mani
Run the cmclean.sql script according to the (simultaneous treatment - CMCLEAN. SQL - Non destructive Script own competitor Manager tables [134007.1 ID]) and then check.

If you still have the same problem, update FND_CONCURRENT_QUEUES table (column TARGET_NODE) - troubleshooting the "error occurred while attempting to establish a connection to the server file Applications" [117012.1 ID]

See also (simultaneous treatment - CCM.sql Script of diagnosis to diagnose the problems of Common competitor Manager [171855.1 ID]).

Thank you
Hussein

The IIOP listener/Manager with SSL security
Hello

I'm looking in securing client connections CORBA to ISL/ISH with SSL. The client authentication is not required, just the server authentication and encryption. After reviewing the documentation, I have a few questions about it.

1. the manual of ' security in the CORBA Applications using"indicates that an LDAP server is used as the repository of certificate for the certificate server ISL/ISH. Are there alternatives to this like using a key file or LDAP is the only option?

2. is it possible to configure the LDAP server (server name, port, etc.) without having to re - install Tuxedo?

Concerning
Ian
Ian,

Tuxedo uses a plugin framework architecture to manage the certificates and it is possible to replace the plugin framework implementations.

In order to change the framework plugin interfaces that you need to get the information about the orders of FRP * and the framework of plugin, interfaces, and you will need to write code. Plugin framework documentation is made available on a basis as needed.

As documented in http://download.oracle.com/docs/cd/E15261_01/tuxedo/docs11gr1/sec/secadm.html#wp1239453, "For more information about security plug-ins, including the installation and configuration procedures, see your Oracle account manager."

The 'epifregedt g' command shows the current configuration of the plugin framework.
The command "epifregedt g k SYSTEM/impl/security/BEA/certificate_lookup" simply shows security/BEA/certificate_lookup interface settings.
The command "epifregedt g k SYSTEM/impl/security/BEA/certificate_lookup-a Params" shows that the parameters of this interface is instantiated.
Suppose that the result of this command is
Security/BEA/certificate_lookup of the ŒUVRE layout

Instantiation settings:
"userCertificateLdap = ldap://localhost:389".
'filterFileLocation=file:///home/tuxdir/udataobj/security/bea_ldap_filter.dat '.

Then the command
epifregedt s k SYSTEM/impl/security/BEA/certificate_lookup.
-a Params = userCertificateLdap = ldap://abcxyz:1389 /------.
-a Params=filterFileLocation=file:///home/tuxdir/udataobj/security/bea_ldap_filter.dat

will change the location of LDAP to ldap://abcxyz:1389.
Note that it is necessary to specify the filterFileLocation with this command, even if it does not evolve.

Thus, it is not necessary to reinstall Tuxedo to change LDAP settings.

Because the registry change orders can be difficult to use, you can experiment with these commands on a development system or you can
Export REG_KEY_SYSTEM =System.rdp
CP $TUXDIR/udataobj/System.rdp $REG_KEY_SYSTEM
before experimenting with epifregedt-s. (the value of REG_KEY_SYSTEM replaces the default value of $TUXDIR/udataobj/System.rdp).

Kind regards
Ed

Whit SSL Node Manager comunication problem
Hello, I have a problem whit node Manager (SSL protocol).

My configuration is:

HOST A (contains the administration server and managed_server1)
The HOST B (contain managed_ server2 in the cluster managed_server1 of Pentecost)

When I startup scrip to HOST B starManagedWebLogic.sh managed_server2 Pentecost all right (. / startManagedWebLogic managed_server2 http://HOST A: 7001). But I can not start the managed_server2 in the Administration Console (HOST A) (using the associated Manager node of Pentecost a suitable machine).

For the server managed_server2, the Associate Manager node machine computer2 is not accessible.
All selected servers are currently in a State that is not compatible with this operation or are not associated with a Node Manager running or you are not authorized to perform the requested action. No action will be taken.

I find the following:

javax.net.ssl.SSLKeyException: security alert: 090482BAD_CERTIFICATE received from server1.das.cites - 46.34.5.15. Check the peer to determine why it rejected the certificate chain (trust CA configuration, check the host name). Debugging SSL monitoring may be necessary to determine the exact reason that the certificate was rejected.

When I go into the Administration Console to:

Machine-> Computer1-> monitoring:
Status: available
Version: 10.3

Machine-> computer2-> monitoring:
Status: Inactive
Description of the problem: javax.net.ssl.SSLKeyException
Version: (not available)

How I can solve this problem. Thanks for any response.
Try to start the server with the property weblogic:

-Dweblogic.security.SSL.ignoreHostnameVerification = true.

Please also enable debugging for details indicators:

-Dweblogic.security.SSL.verbose = true
-Dssl.debug = true
-Dweblogic.StdoutDebugEnabled = true

Thank you.

Error connecting to Node Manager?
Could someone help me solve the problem... Error is as follows

WLS: / OIDM/serverConfig > nmConnect ('weblogic', 'weblogic1 ', 'localhost', ' 5556' ',
OIDM ',' C: / Oracle/Middleware/user_projects/domains/OIDM "," ssl ")"
Connection to the node Manager...
< 3 sep 2012 8:01:45 PM GMT + 05:30 > < Info > < security > < BEA-090906 > < modification of the
default Random Number Generator in ECDRBG to FIPS186PRNG RSA CryptoJ. To di
sand this change, specify - Dweblogic.security.allowCryptoJDefaultPRNG = true >
< 3 sep 2012 8:01:46 PM GMT + 05:30 > < opinion > < security > < BEA-090898 > < ignorant th
E trust certification authority "CN = CA root Entrust - G2, OR (c) 20 =
09-Entrust\, Inc. - for authorized use, OR = www.entrust.net/legal-terms see, O
= Entrust\, Inc., C = US". Loading certificate trust list triggered a cert
ificatsanitai exception PKIX analysis re: OID not supported in the AlgorithmIdentifier objectives
t: 1.2.840.113549.1.1.11. >
< 3 sep 2012 8:01:46 PM GMT + 05:30 > < opinion > < security > < BEA-090898 > < ignorant th
CA e trust "CN = thawte Primary Root CA - thawte\ of G3, OR = (c) 2008, in.
c. - only, authorized use OR = Division of Certification services, O = thawte\, Inc..,.
C = US". Loading certificate trust list triggered a certificate of analysis
PKIX exception: Unsupported OIDS of the AlgorithmIdentifier object: 1.2.840.11354
9.1.1.11 >
< 3 sep 2012 8:01:46 PM GMT + 05:30 > < opinion > < security > < BEA-090898 > < ignorant th
E trust certification authority "CN = T-TeleSec GlobalRoot class 3, OU = T-Systems Trust Cen
"ter, O = T - Systems Enterprise Services GmbH, C = OF. Loading trust certi
list ficate triggered a certificate of analysis exception PKIX: OID not supported in the
AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
< 3 sep 2012 8:01:46 PM GMT + 05:30 > < opinion > < security > < BEA-090898 > < ignorant th
E trust certification authority "CN = T-TeleSec GlobalRoot class 2, OR = T-Systems Trust Cen
"ter, O = T - Systems Enterprise Services GmbH, C = OF. Loading trust certi
list ficate triggered a certificate of analysis exception PKIX: OID not supported in the
AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
< 3 sep 2012 8:01:46 PM GMT + 05:30 > < opinion > < security > < BEA-090898 > < ignorant th
CA e trust "CN = GlobalSign, O = GlobalSign, OU = GlobalSign Root CA - R3"
. Loading certificate trust list triggered a certificate except for analysis
tion PKIX: Unsupported OIDS of the AlgorithmIdentifier object: 1.2.840.113549.1.1
. 11. >
< 3 sep 2012 8:01:46 PM GMT + 05:30 > < opinion > < security > < BEA-090898 > < ignorant th
e certificate of trust 'OR = RootCA2, O = SECOM Trust System Communication Security
s CO.\,LTD.,C=JP ". Loading certificate trust list triggered a certificated
ate PKIX parse exception: OID not supported in the AlgorithmIdentifier object: 1
. 2.840.113549.1.1.11. >
< 3 sep 2012 8:01:46 PM GMT + 05:30 > < opinion > < security > < BEA-090898 > < ignorant th
E trust certification authority "CN = CA root universal VeriSign, OR =
(c) 2008 VeriSign\, Inc. - authorized only, use UO the Group VeriSign Trust Network, O = V
eriSign\, Inc., C = US". Loading certificate trust list triggered a certi
ficate parsing exception PKIX: OID not supported in the AlgorithmIdentifier object
: 1.2.840.113549.1.1.11. >
< 3 sep 2012 8:01:46 PM GMT + 05:30 > < opinion > < security > < BEA-090898 > < ignorant th
e trust certificate from CA 'CN = AC ROOT of KEYNECTIS, OU = ROOT, O = KEYNECTIS, C = EN'. The lo
The certificate trust list ADing triggered a parsing exception PKI certificate
X: not supported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
< 3 sep 2012 8:01:46 PM GMT + 05:30 > < opinion > < security > < BEA-090898 > < ignorant th
CA e trust "CN = primary GeoTrust Certification Authority - G3, OU = (c.
') 2008 GeoTrust Inc. - only, authorized use O is GeoTrust Inc.., C = US ". The loadin
g the certificate trust list triggered a certificate of analysis exception PKIX: U
supportΘ OID of the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. >
< 3 sep 2012 8:01:46 PM GMT + 05:30 > < WARNING > < security > < BEA-090476 > < invalid / United Nations
known header SSL has been received from the peer - localhost127.0.0.1 for handsha SSL
Ke. >
Traceback (innermost last):
Folder "system <>", line 1, in?
File '< iostream >", line 1411, in nmConnect
File "< iostream >", line of 1848, in raiseWLSTException
WLSTException: An error occurred when executing nmConnect: unable to connect to the node
Manager. : [Security: 090476] SSL invalid/unknown header has been received from the peer l
ocalhost - 127.0.0.1 during the SSL handshake.
DumpStack() to view the full stacktrace
Make sure that the nm_password.properties located in repertoire_domaine/config/nodemanager has the name of username/password OK for Manager nodes. You can change the password ecrypted text and next time you run NM it will get encrypted. Make sure that they are correct.

If not look at the link for detailed below
http://middlewaremagic.com/WebLogic/?p=6580

Manager certificates 're-record of lstool' failed: 1 / VCSA Certificate Manager Option 1: certificate to replace Machine SSL with certificate custom

As a result of this post...
Configuration of VMware vSphere 6.0 CA VMware as a subordinate certification authority
.. .we have now installed a brand-new VCSA. This is a clean install.
"In accordance with the recommendation of support, I am now trying to do ' Option 1: certificate to replace Machine SSL with certificate custom" using a Microsoft CA
This is the error message:

2016 07-13 T 15: 24:25.268Z of INFORMATION serial number of the certificate manager before replacement: < redacted >

2016 07-13 T 15: 24:25.268Z of INFORMATION: < redacted Certificate Manager after replacement serial number >

2016 07-13 T 15: 24:25.268Z INFO-Certificate Manager footprint before replacement:< redacted >

2016 07-13 T 15: 24:25.268Z INFO-Certificate Manager footprint after replacement:< redacted >

2016 07-13 T 15: 24:25.268Z certificate MACHINE_SSL_CERT certificate INFORMATION-Manager replaced successfully. Serial number and the fingerprint has changed.

2016 07-13 T 15: 24:44.90Z ERROR-certificate error when replacing Manager machine SSL Cert, please visit /var/log/vmware/vmcad/certificate-manager.log for more information.

2016 07-13 T 15: 24:44.91Z "lstool record" has no certificate ERROR Manager: 1

A pension case is ongoing. But if someone has any ideas?
<>rant
It is incredibly frustrating that something (replacement of a SSL certificate) that should be so simple is so hard.
It's extremely annoying to know that the Certificate Manager is able to completely screw up a VCSA.
How VMware is justified in the marketing of this new approach ver.6 as a 'simplification' of the management of SSL certificates?
< / end of rant >
Thank you
Robert

This has been fixed by an Incident of Support VMware

I don't know how to fix them, but it took over 2 days (except "waiting for a response" time)

Can I run more than one Node Manager by machine?
EIS,

We have a situation in our project, where we need to run different areas on a Solaris machine in modes different from java.
Domain1 say must be running in the 32-bit version of java while Domain2 should be run in 64-bit mode because of the nature of the tests currently underway in different areas.
We could successfully get both running in different modes of java at the same time by changing the startup scripts to decide what data model South to start the servers based on some parameters. However, the pain here is with the node Manager.

I believe that there should be a Node Manager running by the machine for all areas currently running on this computer. Whenever I have to run a different mode than what Node Manager domain runs on java, so I had to kill the node Manager and launch it in the same version that I want to start other servers in as Node Manager uses his departure parms internally to start managed servers (Note: there is no problem in running the administration server regardless of the node as expected Manager mode).

Can someone tell me if there is a way around these problems?
I want to know if we can run more than one Manager node by machine.

Here are the details of my approx.

WebLogic Server 10.3
Solaris 10 SPARC 64 bit (SunOS 5.10 Generic_142900-14 sun4v sparc)
Java version "1.6.0_20.

Hope that all makes sense...

See you soon,.
Satish.

Published by: apsnaidu on March 15, 2013 15:29
Running multiple NodeManagers with different settings on the same box: -.

http://Tim.blackamber.org.UK/?p=797

Could not start the server via the SOA node Manager
Hi all

I try to install AIA 11.1.1.6.0 on top of the SOA Suite 11.1.1.6.0.

I was able to install the weblogic, UCR, soa and osb servers server correctly. Now, before installing the AIA, the document I am following it says, make sure to start the server soa through the Manager of nodes.

Now I start to the administrator of the server, then the node Manager, to make sure I checked the node Manager is in place, I logged the weblogic console, went to the Machines, and I see that it's upward and accessible.

Now using WLST commands, first of all, I have connected to Manager nodes by using the nmConnect() command, so I try to start the server soa through node Manager with the command start ('soa_server1').

I get an error when you try to start the server with the command nmStart() soa, below is the error message...

«Error at startup server soa_server1: weblogic.nodemanager.NMException: Exception when starting Server «soa_server1»»

I ran the command dumpStack(), and I get the output as 'no trace available battery.

If I am able to start the server soa through the node Manager, I can go ahead and install the pack of AIA, but wrong to let me go forward.

I also tried to boot the server from soa through the weblogic console, go to the servers tab, select the soa_server1 and start, the State of the soa server will "FAILED_NOT_RESTARTABLE".

I followed some of those blogs like...

http://Neeraj-SOA-tips.blogspot.com/2010/06/starting-admin-and-managed-servers.html

http://www.javamonamour.org/2011/09/nmconnect-nmstart-nmkill.html

Experts, please give your opinion.

Thank you very much
N
Hi Patricia,

I had exactly the same problem some time ago...

The cause:
There are two servers trying to run in debug mode and use the same debug port
-Xrunjdwp: transport = dt_socket, address = 8453, server = y, suspend = n

Possible solutions:
1. turn off debugging (this is what I did)
2 use the various debugging ports to different servers (difficult to do because the servers share the same scripts)

What worked for me was:
1. in % DOMAIN_HOME%\bin, I created a script called startWebLogic_nodebug.cmd with the following content:
%CD%\bin\startWebLogic.cmd /nodebug % *.
2. in nodemanager.properties, I changed the following property
StartScriptName = startWebLogic_nodebug.cmd

Now my servers start without debugging...

I hope this helps.

See you soon,.
Vlad

Node Boot Manager Error
Hi guys,.

Its been days now that im fixing the error I found whenever I start the node Manager, this error occurs:

Configuration settings:

NodeManagerHome=C:\Oracle\MIDDLE~1\WLSERV~1.3\common\NODEMA~1
ListenAddress =
ListenPort = 5556
ListenBacklog = 50
SecureListener = true
AuthenticationEnabled = true
NativeVersionEnabled = true
CrashRecoveryEnabled = false
JavaHome=C:\PROGRA~1\Java\JROCKI~1.1\jre
StartScriptEnabled = true
StopScriptEnabled = true
StartScriptName = startWebLogic.cmd
StopScriptName =
LogFile=C:\Oracle\MIDDLE~1\WLSERV~1.3\common\NODEMA~1\nodemanager.log
LogLevel = INFO
LogLimit = 0
LogCount = 1
LogAppend = true
LogToStderr = true
LogFormatter = weblogic.nodemanager.server.LogFormatter
DomainsFile=C:\Oracle\MIDDLE~1\WLSERV~1.3\common\NODEMA~1\nodemanager.domains
DomainsFileEnabled = true
StateCheckInterval = 500
< 02/02/2012-16:46:01 > < SEVERE > < fatal error in the Server Manager node >
java.lang.NullPointerException
at java.util.Hashtable.containsKey(Hashtable.java:314)
at weblogic.nodemanager.server.NMServerConfig.initNetworkInfoList (NMServ
erConfig.java:495)
at weblogic.nodemanager.server.NMServerConfig.getNetworkInfoList (NMServe
rConfig.java:485)
at weblogic.nodemanager.server.NMServerConfig.print(NMServerConfig.java:)
603)
at weblogic.nodemanager.server.NMServerConfig.print(NMServerConfig.java:)
565)
to weblogic.nodemanager.server.NMServer. < init > (NMServer.java:166)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:390)
in weblogic. NodeManager.main (NodeManager.java:31)

02/02/2012-16:46:01 main weblogic.nodemanager.server.NMServer
SEVERE: Fatal error in the Server Manager node.
java.lang.NullPointerException
at java.util.Hashtable.containsKey(Hashtable.java:314)
at weblogic.nodemanager.server.NMServerConfig.initNetworkInfoList (NMServ
erConfig.java:495)
at weblogic.nodemanager.server.NMServerConfig.getNetworkInfoList (NMServe
rConfig.java:485)
at weblogic.nodemanager.server.NMServerConfig.print(NMServerConfig.java:)
603)
at weblogic.nodemanager.server.NMServerConfig.print(NMServerConfig.java:)
565)
to weblogic.nodemanager.server.NMServer. < init > (NMServer.java:166)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:390)
in weblogic. NodeManager.main (NodeManager.java:31)

C:\Oracle\MIDDLE~1\WLSERV~1.3\common\NODEMA~1 > end goto

C:\Oracle\MIDDLE~1\WLSERV~1.3\common\NODEMA~1 > ENDLOCAL

C:\Oracle\Middleware\wlserver_10.3\server\bin >

I hope you can help me guys! Thanks in advance
the value must be changed to: %WL_SERVER%/common/nodemanager/nodemanager.properties

Thank you
Sandeep

NPE when starting Node Manager in SOA 11.1.1.5
I have installed SOA Suite 11 g (11.1.1.5) as directed by the Start Guide quick Oracle SOA Suite 11.1.1.5.

I start the database and the Weblogic administration server. When I try to start the node Manager, I get following error:
-----------------------------------------
November 1, 2011 09:23:28 < init > weblogic.nodemanager.server.NMServer
Warning: property Node file manager configuration ' C:\Oracle\MIDDLE~3\WLSERV~1
.3\common\NODEMA ~ 1\nodemanager. Properties' could not be found. Using the default settings.
< November 1, 2011 09:23:28 > < INFO > < save the configuration properties node manager for
"C:\Oracle\MIDDLE~3\WLSERV~1.3\common\NODEMA~1\nodemanager.properties" >
November 1, 2011 09:23:28 < init > weblogic.nodemanager.server.NMServer
INFO: Save the configuration properties node manager to ' C:\Oracle\MIDDLE~3\WLSERV
~ ' 1.3\common\NODEMA~1\nodemanager.properties
< November 1, 2011 09:23:28 > < SEVERE > < fatal error in the Server Manager node >
java.lang.NullPointerException
at java.util.Hashtable.containsKey(Hashtable.java:314)
at weblogic.nodemanager.server.NMServerConfig.initNetworkInfoList (NMServ
erConfig.java:491)
at weblogic.nodemanager.server.NMServerConfig.getNetworkInfoList (NMServe
rConfig.java:481)
at weblogic.nodemanager.server.NMServerConfig.getConfigProperties (NMServ
erConfig.java:545)
to weblogic.nodemanager.server.NMServer. < init > (NMServer.java:154)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:375)
in weblogic. NodeManager.main (NodeManager.java:31)

November 1, 2011 09:23:28 main weblogic.nodemanager.server.NMServer
SEVERE: Fatal error in the Server Manager node.
java.lang.NullPointerException
at java.util.Hashtable.containsKey(Hashtable.java:314)
at weblogic.nodemanager.server.NMServerConfig.initNetworkInfoList (NMServ
erConfig.java:491)
at weblogic.nodemanager.server.NMServerConfig.getNetworkInfoList (NMServe
rConfig.java:481)
at weblogic.nodemanager.server.NMServerConfig.getConfigProperties (NMServ
erConfig.java:545)
to weblogic.nodemanager.server.NMServer. < init > (NMServer.java:154)
at weblogic.nodemanager.server.NMServer.main(NMServer.java:375)
in weblogic. NodeManager.main (NodeManager.java:31)

C:\Oracle\MIDDLE~3\WLSERV~1.3\common\NODEMA~1 > end goto

C:\Oracle\MIDDLE~3\WLSERV~1.3\common\NODEMA~1 > ENDLOCAL

C:\Oracle\Middleware\wlserver_10.3\server\bin >
---------------------------------------------------

I checked the directory 'C:\Oracle\Middleware\wlserver_10.3\common\nodemanager '. There is no nodemanager.properties file there. I have to create manually?

Please notify.
Thank you
Vivek
I copy and paste the description of the note. There is a statement with the cause that States

"This problem only occurs when the display name of a NETWORK card configured for the nodemanager migrations is null"

and it is a bit ambiguous. It implies, it is a solution to put the full name, but isn't discussing how to apply this workaround; the display name, it refers to generated by a call to the method NetworkInterface.getDisplayName () of the JDK.

I guess the name displayed here is the parameter called Interface within the nodemanger.properties, but there is nothing in the note which confirms this, or if this naming NICE will fix this problem. Here is a complete list of the file nodemanger.propertes-> http://download.oracle.com/docs/cd/E12840_01/wls/docs103/nodemgr/java_nodemgr.html#wp1068415

I would like to download and try the patch in your place; It of a WLS patch (like nodemanager belongs to WLS) so should not affect the SOA Suite. Otherwise, open a SR.

Management nodes SSL.

Similar Questions

Maybe you are looking for