Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

HandShake Failure

3 views
Skip to first unread message

Xin Qi

unread,
Nov 18, 2004, 3:56:34 PM11/18/04
to
Hi,
I am trying to configure the nodemanager with weblogic 8.1. I have used custom identity and custom trust for the admin server, managed server and nodeManager. After the configuration done, I click on the managed server on the console trying to start it. Just to display the status of the managed server, I got a <NEW ALERT: com.
certicom.tls.record.alert.Alert@1c69f7b Severity: 1 Type: 0. I haven't enabled the administration port yet. Here is the how error log:

Can somebody help me? I used the openssl to generate a self-signed CA to be my trusted CA and I used this CA to sign for my certificate.

Thanks

####<Nov 18, 2004 10:51:21 AM EST> <Debug> <TLS> <nykcmss3600> <admin> <ExecuteTh
read: '1' for queue: 'weblogic.admin.HTTP'> <system> <> <000000> <NEW ALERT: com.
certicom.tls.record.alert.Alert@110506e Severity: 1 Type: 0
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.closeWriteHandler(Unk
nown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.close(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.read(Unknown Source)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:408)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:450)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:182)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at weblogic.nodemanager.client.CommandInvoker.execute(CommandInvoker.java
:169)
at weblogic.nodemanager.client.CommandInvoker.invoke(CommandInvoker.java:
91)
at weblogic.nodemanager.client.NodeManagerClient.executeCommand(NodeManag
erClient.java:161)
at weblogic.nodemanager.client.NodeManagerRuntime.getState(NodeManagerRun
time.java:584)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
ava:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
orImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBe
anImpl.java:731)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.
java:710)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:155
7)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:152
5)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(Remo
teMBeanServerImpl.java:985)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanS
erverImpl.java:943)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:946)
at weblogic.management.internal.MBeanProxy.invokeForCachingStub(MBeanProx
y.java:481)
at weblogic.management.runtime.NodeManagerRuntimeMBean_Stub.getState(Node
ManagerRuntimeMBean_Stub.java:665)
at weblogic.server.ServerLifeCycleRuntime.getState(ServerLifeCycleRuntime
java:421)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
ava:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
orImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at weblogic.management.internal.DynamicMBeanImpl.getAttribute(DynamicMBea
nImpl.java:574)
at com.sun.management.jmx.MBeanServerImpl.getAttribute(MBeanServerImpl.ja
va:1183)
at com.sun.management.jmx.MBeanServerImpl.getAttribute(MBeanServerImpl.ja
va:1153)
at weblogic.management.internal.RemoteMBeanServerImpl.getAttribute(Remote
MBeanServerImpl.java:287)
at weblogic.management.internal.MBeanProxy.getAttribute(MBeanProxy.java:6
10)
at weblogic.management.internal.MBeanProxy.invokeForCachingStub(MBeanProx
y.java:442)
at weblogic.management.runtime.ServerLifeCycleRuntimeMBean_Stub.getState(
ServerLifeCycleRuntimeMBean_Stub.java:306)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
ava:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
orImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at weblogic.management.console.info.ReflectingAttribute.doGet(ReflectingA
ttribute.java:110)
at weblogic.management.console.info.CompositeAttribute.doGet(CompositeAtt
ribute.java:115)
at weblogic.management.console.tags.table.AttributeCellPrinter.doCellCont
ents(AttributeCellPrinter.java:58)
at weblogic.management.console.tags.table.ColumnTag.printColumnValue(Colu
mnTag.java:315)
at weblogic.management.console.tags.table.TableTag.printTable(TableTag.ja
va:723)
at weblogic.management.console.tags.table.TableTag.doEndTag(TableTag.java
:387)
at weblogic.management.console.webapp._domain.__servercontroltab._jspServ
ice(__servercontroltab.java:1077)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(
ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImp
l.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImp
l.java:315)
at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatc
herImpl.java:622)
at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatc
herImpl.java:412)
at weblogic.management.console.tags.IncludeTag.doDispatcherInclude(Includ
eTag.java:121)
at weblogic.management.console.tags.IncludeTag.doStartTag(IncludeTag.java
:83)
at weblogic.management.console.webapp._domain.__server._jspService(__serv
er.java:524)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(
ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImp
l.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImp
l.java:315)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatc
herImpl.java:312)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:150)
--More--

psmelkov

unread,
Nov 18, 2004, 10:11:14 PM11/18/04
to
Do you see any other errors in the log? Otherwise this looks as if connection is being closed normally in response to CLOSE_NOTIFICATION alert received from peer. The NEW ALERT stack in the log does not indicate the error by itself. This is just a debug message which happened to include the method call stack.

Pavel.

Xin Qi

unread,
Nov 19, 2004, 9:55:53 AM11/19/04
to
Hi Pavel,

Thanks for your response. I don't have any other errors other than this one. This happens when I tried to display the status of managed server and nodemanger on console. This alert didn't happen any other time when I tried to start the managed server using console. Anyway to get rid of this alert?

BTW, when I look at the log of NodeManager, I find that the NodeManager use http://admin_server_listen_address:port when starting the managed server instead of https. Is it the case that the communication btw the NodeManager, Admin server and the Managed server are all 2-way ssl ? If I don't want to use NodeManager to start the managed server, should I change the ADMIN_URL in startManagedServer.sh to use https instead ?

psmelkov

unread,
Nov 19, 2004, 3:18:26 PM11/19/04
to
The ssl debug messages are not displayed by default. If you do not want to see them remove ssl.debug=true property from the managed server command line.

The admin URL is just the URL the managed server will use to retrieve its config from the admin server - it does not matter whether you use node manager or not. Managed server can connect over secure or non-secure protocol, just make sure the port used is consistent with the protocol. See http://e-docs.bea.com/wls/docs81/ConsoleHelp/startstop.html#1244430
for more info on this.

Pavel.

Xin Qi

unread,
Nov 22, 2004, 10:06:52 AM11/22/04
to
Hi Pavel,

Thanks for your help. I tried using the Demo keystors with SSL debug on, the same alerts did appear in my log file again.

BTW, how can I specify the node manager to use secure protocol to retrieve its config from the admin server when it starts the managed server? In the log file of the node manager, it uses http://admin_url:port

Thanks again.

-xin

psmelkov

unread,
Nov 22, 2004, 2:48:55 PM11/22/04
to
All communications between nodemanager and servers already happen over SSL. It is the managed server that can be configured to use either secure or non-secure protocol for communication with the admin server. See the document referenced in my previous posting.
Also see these pages for more info about nodemanageer communications:
http://e-docs.bea.com/wls/docs81/adminguide/nodemgr.html#1150959
, and configuration: http://e-docs.bea.com/wls/docs81/adminguide/confignodemgr.html

Pavel.

Xin Qi

unread,
Nov 23, 2004, 10:43:01 AM11/23/04
to
Hi Pavel,

Thanks for your reply. I tried to start the managed server to use ssl for communication with the admin server and the configuration is as following. Somehow the custom identity and trust are not loaded as specified, instead the demo trust and java trust files and demon identity file are loaded by default. Please see the log file attached in the end.

Your help is greatly appreciated.


"$JAVA_HOME/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} \
-Dweblogic.Name=${SERVER_NAME} \
-Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy" \
-Dweblogic.server.CustomIdentityKeyStoreFileName="./ssl/wlApptierIdentity.jks
" \
-Dweblogic.ssl.ListenPort=7401 \
-Dweblogic.server.CustomIdentityKeyStorePassPhrase=weblogic \
-Dweblogic.server.CustomIdentityKeyStoreType=JKS \
-Dweblogic.server.CustomTrustKeyStoreFileName="./ssl/wlApptierTrust.jks" \
-Dweblogic.server.CustomTrustKeyStoreType=JKS \
-Dweblogic.server.CustomTrustKeystorePassPhrase=weblogic \
-Dweblogic.security.SSL.ignoreHostnameVerification=true \
-Dweblogic.security.ssl.verbose=ture \
-Dssl.debug=true \
-Dweblogic.StdoutDebugEnabled=true \
-Dweblogic.management.username=${WLS_USER} \
-Dweblogic.management.password=${WLS_PW} \
-Dweblogic.management.server=${ADMIN_URL} \
weblogic.Server

---------------------------
Log file:

<Nov 23, 2004 10:35:57 AM EST> <Debug> <TLS> <000000> <Weblogic license allows domestic>
<Nov 23, 2004 10:35:58 AM EST> <Debug> <TLS> <000000> <SSLSetup: loading trusted CA certifica
tes>
<Nov 23, 2004 10:35:58 AM EST> <Debug> <TLS> <000000> <SSLSetup: SSLManager not yet initializ
ed
weblogic.security.service.NotYetInitializedException: [Security:090392]SecurityServiceManager
not yet initialized.
at weblogic.security.service.SecurityServiceManagerDelegateImpl.getSecurityService(Se
curityServiceManagerDelegateImpl.java:156)
at weblogic.security.service.SecurityServiceManager.getSecurityService(SecurityServic
eManager.java:175)
at weblogic.security.utils.SSLSetup.getTrustedCAs(SSLSetup.java:705)
at weblogic.security.utils.SSLSetup.getSSLContext(SSLSetup.java:548)
at weblogic.security.SSL.SSLSocketFactory.<init>(SSLSocketFactory.java:71)
at weblogic.security.SSL.SSLSocketFactory.getJSSE(SSLSocketFactory.java:101)
at weblogic.net.http.HttpClient.New(HttpClient.java:209)
at weblogic.net.http.HttpsURLConnection.getHttpClient(HttpsURLConnection.java:246)
at weblogic.net.http.HttpsURLConnection.connect(HttpsURLConnection.java:217)
at weblogic.management.Admin.checkAdminServerIsRunning(Admin.java:1545)
at weblogic.management.Admin.isAdminServerRunning(Admin.java:1617)
at weblogic.management.Admin.createInstance(Admin.java:1399)
at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:770)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
at weblogic.Server.main(Server.java:32)
>
<Nov 23, 2004 10:35:58 AM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates
from the jks keystore file /apps/weblogic81/bea/weblogic81/server/lib/DemoTrust.jks.>

psmelkov

unread,
Nov 23, 2004, 11:14:41 AM11/23/04
to
Your command line is missing:
-Dweblogic.security.TrustKeyStore=CustomTrust

The following properties:
weblogic.server.CustomIdentityKeyStoreFileName
weblogic.server.CustomIdentityKeyStorePassPhrase
weblogic.server.CustomIdentityKeyStoreType

that you pass on the command line are not supported and not necessary. Managed server will connect to the admin server over one-way ssl and get the ssl identity configuration that you set in the console.

Pavel.

Xin Qi

unread,
Nov 23, 2004, 2:27:28 PM11/23/04
to
Hi Pavel,

-Dweblogic.security.TrustKeyStore=CustomTrust is not recongnized.

psmelkov

unread,
Nov 23, 2004, 6:21:05 PM11/23/04
to
Probably because the other CustomTrust properties you use should start with weblogic.security not weblogic.server.

Pavel.

0 new messages