Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Security:090508]Certificate chain received from 'hostname' was incomplete

0 views
Skip to first unread message

Cabell Fisher

unread,
Mar 11, 2004, 10:29:32 AM3/11/04
to

Hey All,

I am trying to set up a Managed Server and have it talk to the NodeManager running
(Weblogic 8.1 SP2) on the same machine. I can't, however, seem to get a good
SSL handshake between the two. I get the following error:

####<Mar 11, 2004 9:55:56 AM EST> <Warning> <Security> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <BEA-090508>
<Certificate chain received from hostname - ipaddress was incomplete.>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Validation
error = 4>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Certificate
chain is incomplete>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <SSLTrustValidator
returns: 4>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <Trust
status (4): CERT_CHAIN_INCOMPLETE>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <NEW
ALERT: com.certicom.tls.record.alert.Alert@1642565 Severity: 2 Type: 42
java.lang.Throwable: Stack trace
at weblogic.security.utils.SSLSetup.debug(SSLSetup.java:265)
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown
Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.ReadHandler.interpretContent(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown
Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
at java.io.BufferedWriter.flush(BufferedWriter.java:230)
at weblogic.nodemanager.client.CommandInvoker.execute(CommandInvoker.java:113)
at weblogic.nodemanager.client.CommandInvoker.invoke(CommandInvoker.java:91)
at weblogic.nodemanager.client.NodeManagerClient.executeCommand(NodeManagerClient.java:161)
at weblogic.nodemanager.client.NodeManagerRuntime.executeNMCommand(NodeManagerRuntime.java:1058)
at weblogic.nodemanager.client.NodeManagerRuntime.ping(NodeManagerRuntime.java:688)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl.java:711)
at weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:690)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.java:947)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:908)
at weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:946)
at weblogic.management.internal.MBeanProxy.invokeForCachingStub(MBeanProxy.java:481)
at weblogic.management.runtime.NodeManagerRuntimeMBean_Stub.ping(NodeManagerRuntimeMBean_Stub.java:543)
at weblogic.management.console.webapp._domain.__machine._jspService(__machine.java:669)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:301)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:150)
at weblogic.management.console.actions.ForwardAction.perform(ForwardAction.java:35)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doGet(ActionServlet.java:91)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <write
ALERT offset = 0 length = 2>
####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> <close():
28959207>


Here is what I have done:

1) I created a managed server using admin console
2) I created both an Identity and Trust keystore (jks type file) with the server's
private key (Identity) and the root trusted certificate authority (Trust).
3) I configured my managed server to use the two keystores
4) I edited the NodeManager.properties file to use the same keystores.
5) I started the NodeManager on the machine and I used the following command line
options by editing the %WL_HOME%\server\bin\startNodeManager.cmd file:
-Dweblogic.nodemanager.debugLevel=90
-Dssl.debug=true
-Djava.protocol.handler.pkgs=weblogic.net
6) I also added the following commands to my startWebLogic.cmd file:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dssl.debug=true
-Djava.protocol.handler.pkgs=weblogic.net

7) I started my admin server and created a Machine that included the managed server.
8) I configured the NodeManager properties for the Machine I created to point
to the NodeManager already running on that physical box.
9) I clicked on the tab to "Monitor" the NodeManager/Machine and it died giving
the above exception.

I would have no idea why the Certificate chain would be "incomplete". The Issuer
and Subject DNs match up fine:

PRIVATE KEY BEING LOADED BY SSL MANAGER:

####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[0]
= [
[
Version: V3
Subject: CN=host dns name, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@1a0
Validity: [From: Fri Mar 05 08:59:26 EST 2004,
To: Mon Mar 06 08:59:26 EST 2006]
Issuer: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US

ROOT CERTIFICATE AUTHORITY BEING LOADED:

####<Mar 11, 2004 9:55:56 AM EST> <Debug> <TLS> <GENESIS2> <GENESIS2_Admin_Server>
<ExecuteThread: '1' for queue: 'weblogic.admin.HTTP'> <admin> <> <000000> < cert[1]
= [
[
Version: V3
Subject: CN=DOD CLASS 3 CA-3, OU=PKI, OU=DoD, O=U.S. Government, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffa28
Validity: [From: Wed Jul 05 09:00:29 EDT 2000,
To: Tue Jul 04 09:00:29 EDT 2006]
Issuer: CN=DoD CLASS 3 Root CA, OU=PKI, OU=DoD, O=U.S. Government, C=US


Anyway, if anyone could provide me with some insight as to why I might be receiving
this error I would be sincerely indebted to you. I can't seem to find any other
people with the same problem in the Support archives. Thanks for all of the help!

Regards,
Cabell Fisher

0 new messages