在配置weblogic 10.3的nodemanager使用SSL时遇到BAD_CERTIFICATE错误。该错误由于私钥的Common Name与实际Server Name不匹配导致。解决方案包括修改adminserver的SSL参数禁用hostname验证,或者重新生成公钥和私钥,并更新keystore。具体步骤包括使用utils.CertGen生成新证书并导入到DemoIdentity.jks中。
在使用weblogic 10.3自带的demo identity keystore(DemoIdentity.jks and DemoTrust.jks),配置使用SSL方式连接NodeManager时出现下面问题:
<Warning> <Uncaught exception in server handler: javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from hellokitty - 192.168.1.133. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
workaround是
[b]1.修改adminserver的ssl默认参数Hostname Verification:None[/b]
[b]2.startWeblogic.cmd中追加:
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.security.SSL.ignoreHostnameVerification=true[/b]
真正引起这个问题的原因是:[color=red]在私钥(private key)中使用的Common Name并不是真正的Server Name,因此在验证hostname的时候会出错[/color]
解决方法是:
[b]重新生产公钥和私钥[/b]
参考:
(
JAVA_HOME=/opt/weblogic/jdk160_14
<Warning> <Uncaught exception in server handler: javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from hellokitty - 192.168.1.133. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
workaround是
[b]1.修改adminserver的ssl默认参数Hostname Verification:None[/b]
[b]2.startWeblogic.cmd中追加:
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.security.SSL.ignoreHostnameVerification=true[/b]
真正引起这个问题的原因是:[color=red]在私钥(private key)中使用的Common Name并不是真正的Server Name,因此在验证hostname的时候会出错[/color]
解决方法是:
[b]重新生产公钥和私钥[/b]
参考:
(
JAVA_HOME=/opt/weblogic/jdk160_14
最低0.47元/天 解锁文章
扫一扫
8971
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
