HandShake Failure - Weblogic

This is a discussion on HandShake Failure - Weblogic ; Hi, I am trying to configure the nodemanager with weblogic 8.1. I have used custom identity and custom trust for the admin server, managed server and nodeManager. After the configuration done, I click on the managed server on the console ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: HandShake Failure

  1. HandShake Failure

    Hi,
    I am trying to configure the nodemanager with weblogic 8.1. I have used custom identity and custom trust for the admin server, managed server and nodeManager. After the configuration done, I click on the managed server on the console trying to start it. Just to display the status of the managed server, I got a certicom.tls.record.alert.Alert@1c69f7b Severity: 1 Type: 0. I haven't enabled the administration port yet. Here is the how error log:

    Can somebody help me? I used the openssl to generate a self-signed CA to be my trusted CA and I used this CA to sign for my certificate.

    Thanks

    #### read: '1' for queue: 'weblogic.admin.HTTP'> <> <000000> certicom.tls.record.alert.Alert@110506e Severity: 1 Type: 0
    java.lang.Throwable: Stack trace
    at weblogic.security.utils.SSLSetup.debug(SSLSetup.ja va:265)
    at com.certicom.tls.record.alert.Alert.(Unknown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.c loseWriteHandler(Unk
    nown Source)
    at com.certicom.tls.interfaceimpl.TLSConnectionImpl.c lose(Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handle( Unknown Source)
    at com.certicom.tls.record.alert.AlertHandler.handleA lertMessages(Unknown
    Source)
    at com.certicom.tls.record.ReadHandler.interpretConte nt(Unknown Source)
    at com.certicom.tls.record.ReadHandler.readRecord(Unk nown Source)
    at com.certicom.tls.record.ReadHandler.read(Unknown Source)
    at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Strea mDecoder.java:408)
    at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Stream Decoder.java:450)
    at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:1 82)
    at java.io.InputStreamReader.read(InputStreamReader.j ava:167)
    at java.io.BufferedReader.fill(BufferedReader.java:13 6)
    at java.io.BufferedReader.readLine(BufferedReader.jav a:299)
    at java.io.BufferedReader.readLine(BufferedReader.jav a:362)
    at weblogic.nodemanager.client.CommandInvoker.execute (CommandInvoker.java
    :169)
    at weblogic.nodemanager.client.CommandInvoker.invoke( CommandInvoker.java:
    91)
    at weblogic.nodemanager.client.NodeManagerClient.exec uteCommand(NodeManag
    erClient.java:161)
    at weblogic.nodemanager.client.NodeManagerRuntime.get State(NodeManagerRun
    time.java:584)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.j
    ava:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccess
    orImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at weblogic.management.internal.DynamicMBeanImpl.invo keLocally(DynamicMBe
    anImpl.java:731)
    at weblogic.management.internal.DynamicMBeanImpl.invo ke(DynamicMBeanImpl.
    java:710)
    at com.sun.management.jmx.MBeanServerImpl.invoke(MBea nServerImpl.java:155
    7)
    at com.sun.management.jmx.MBeanServerImpl.invoke(MBea nServerImpl.java:152
    5)
    at weblogic.management.internal.RemoteMBeanServerImpl .private_invoke(Remo
    teMBeanServerImpl.java:985)
    at weblogic.management.internal.RemoteMBeanServerImpl .invoke(RemoteMBeanS
    erverImpl.java:943)
    at weblogic.management.internal.MBeanProxy.invoke(MBe anProxy.java:946)
    at weblogic.management.internal.MBeanProxy.invokeForC achingStub(MBeanProx
    y.java:481)
    at weblogic.management.runtime.NodeManagerRuntimeMBea n_Stub.getState(Node
    ManagerRuntimeMBean_Stub.java:665)
    at weblogic.server.ServerLifeCycleRuntime.getState(Se rverLifeCycleRuntime
    java:421)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.j
    ava:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccess
    orImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at weblogic.management.internal.DynamicMBeanImpl.getA ttribute(DynamicMBea
    nImpl.java:574)
    at com.sun.management.jmx.MBeanServerImpl.getAttribut e(MBeanServerImpl.ja
    va:1183)
    at com.sun.management.jmx.MBeanServerImpl.getAttribut e(MBeanServerImpl.ja
    va:1153)
    at weblogic.management.internal.RemoteMBeanServerImpl .getAttribute(Remote
    MBeanServerImpl.java:287)
    at weblogic.management.internal.MBeanProxy.getAttribu te(MBeanProxy.java:6
    10)
    at weblogic.management.internal.MBeanProxy.invokeForC achingStub(MBeanProx
    y.java:442)
    at weblogic.management.runtime.ServerLifeCycleRuntime MBean_Stub.getState(
    ServerLifeCycleRuntimeMBean_Stub.java:306)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.j
    ava:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccess
    orImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at weblogic.management.console.info.ReflectingAttribu te.doGet(ReflectingA
    ttribute.java:110)
    at weblogic.management.console.info.CompositeAttribut e.doGet(CompositeAtt
    ribute.java:115)
    at weblogic.management.console.tags.table.AttributeCe llPrinter.doCellCont
    ents(AttributeCellPrinter.java:58)
    at weblogic.management.console.tags.table.ColumnTag.p rintColumnValue(Colu
    mnTag.java:315)
    at weblogic.management.console.tags.table.TableTag.pr intTable(TableTag.ja
    va:723)
    at weblogic.management.console.tags.table.TableTag.do EndTag(TableTag.java
    :387)
    at weblogic.management.console.webapp._domain.__serve rcontroltab._jspServ
    ice(__servercontroltab.java:1077)
    at weblogic.servlet.jsp.JspBase.service(JspBase.java: 33)
    at weblogic.servlet.internal.ServletStubImpl$ServletI nvocationAction.run(
    ServletStubImpl.java:996)
    at weblogic.servlet.internal.ServletStubImpl.invokeSe rvlet(ServletStubImp
    l.java:419)
    at weblogic.servlet.internal.ServletStubImpl.invokeSe rvlet(ServletStubImp
    l.java:315)
    at weblogic.servlet.internal.RequestDispatcherImpl.in clude(RequestDispatc
    herImpl.java:622)
    at weblogic.servlet.internal.RequestDispatcherImpl.in clude(RequestDispatc
    herImpl.java:412)
    at weblogic.management.console.tags.IncludeTag.doDisp atcherInclude(Includ
    eTag.java:121)
    at weblogic.management.console.tags.IncludeTag.doStar tTag(IncludeTag.java
    :83)
    at weblogic.management.console.webapp._domain.__serve r._jspService(__serv
    er.java:524)
    at weblogic.servlet.jsp.JspBase.service(JspBase.java: 33)
    at weblogic.servlet.internal.ServletStubImpl$ServletI nvocationAction.run(
    ServletStubImpl.java:996)
    at weblogic.servlet.internal.ServletStubImpl.invokeSe rvlet(ServletStubImp
    l.java:419)
    at weblogic.servlet.internal.ServletStubImpl.invokeSe rvlet(ServletStubImp
    l.java:315)
    at weblogic.servlet.internal.RequestDispatcherImpl.fo rward(RequestDispatc
    herImpl.java:312)
    at weblogic.servlet.jsp.PageContextImpl.forward(PageC ontextImpl.java:150)
    --More--

  2. Re: HandShake Failure

    Do you see any other errors in the log? Otherwise this looks as if connection is being closed normally in response to CLOSE_NOTIFICATION alert received from peer. The NEW ALERT stack in the log does not indicate the error by itself. This is just a debug message which happened to include the method call stack.

    Pavel.

  3. Re: HandShake Failure

    Hi Pavel,

    Thanks for your response. I don't have any other errors other than this one. This happens when I tried to display the status of managed server and nodemanger on console. This alert didn't happen any other time when I tried to start the managed server using console. Anyway to get rid of this alert?

    BTW, when I look at the log of NodeManager, I find that the NodeManager use http://admin_server_listen_addressort when starting the managed server instead of https. Is it the case that the communication btw the NodeManager, Admin server and the Managed server are all 2-way ssl ? If I don't want to use NodeManager to start the managed server, should I change the ADMIN_URL in startManagedServer.sh to use https instead ?

  4. Re: HandShake Failure

    The ssl debug messages are not displayed by default. If you do not want to see them remove ssl.debug=true property from the managed server command line.

    The admin URL is just the URL the managed server will use to retrieve its config from the admin server - it does not matter whether you use node manager or not. Managed server can connect over secure or non-secure protocol, just make sure the port used is consistent with the protocol. See http://e-docs.bea.com/wls/docs81/Con...p.html#1244430
    for more info on this.

    Pavel.

  5. Re: HandShake Failure

    Hi Pavel,

    Thanks for your help. I tried using the Demo keystors with SSL debug on, the same alerts did appear in my log file again.

    BTW, how can I specify the node manager to use secure protocol to retrieve its config from the admin server when it starts the managed server? In the log file of the node manager, it uses http://admin_urlort

    Thanks again.

    -xin

  6. Re: HandShake Failure

    All communications between nodemanager and servers already happen over SSL. It is the managed server that can be configured to use either secure or non-secure protocol for communication with the admin server. See the document referenced in my previous posting.
    Also see these pages for more info about nodemanageer communications:
    http://e-docs.bea.com/wls/docs81/adm...r.html#1150959
    , and configuration: http://e-docs.bea.com/wls/docs81/adm...ignodemgr.html

    Pavel.

  7. Re: HandShake Failure

    Hi Pavel,

    Thanks for your reply. I tried to start the managed server to use ssl for communication with the admin server and the configuration is as following. Somehow the custom identity and trust are not loaded as specified, instead the demo trust and java trust files and demon identity file are loaded by default. Please see the log file attached in the end.

    Your help is greatly appreciated.


    "$JAVA_HOME/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} \
    -Dweblogic.Name=${SERVER_NAME} \
    -Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy" \
    -Dweblogic.server.CustomIdentityKeyStoreFileName="./ssl/wlApptierIdentity.jks
    " \
    -Dweblogic.ssl.ListenPort=7401 \
    -Dweblogic.server.CustomIdentityKeyStorePassPhrase= weblogic \
    -Dweblogic.server.CustomIdentityKeyStoreType=JKS \
    -Dweblogic.server.CustomTrustKeyStoreFileName="./ssl/wlApptierTrust.jks" \
    -Dweblogic.server.CustomTrustKeyStoreType=JKS \
    -Dweblogic.server.CustomTrustKeystorePassPhrase=web logic \
    -Dweblogic.security.SSL.ignoreHostnameVerification= true \
    -Dweblogic.security.ssl.verbose=ture \
    -Dssl.debug=true \
    -Dweblogic.StdoutDebugEnabled=true \
    -Dweblogic.management.username=${WLS_USER} \
    -Dweblogic.management.password=${WLS_PW} \
    -Dweblogic.management.server=${ADMIN_URL} \
    weblogic.Server

    ---------------------------
    Log file:

    <000000>
    <000000> tes>
    <000000> ed
    weblogic.security.service.NotYetInitializedExcepti on: [Security:090392]SecurityServiceManager
    not yet initialized.
    at weblogic.security.service.SecurityServiceManagerDe legateImpl.getSecurityService(Se
    curityServiceManagerDelegateImpl.java:156)
    at weblogic.security.service.SecurityServiceManager.g etSecurityService(SecurityServic
    eManager.java:175)
    at weblogic.security.utils.SSLSetup.getTrustedCAs(SSL Setup.java:705)
    at weblogic.security.utils.SSLSetup.getSSLContext(SSL Setup.java:548)
    at weblogic.security.SSL.SSLSocketFactory.(SSLSocketFactory.java:71)
    at weblogic.security.SSL.SSLSocketFactory.getJSSE(SSL SocketFactory.java:101)
    at weblogic.net.http.HttpClient.New(HttpClient.java:2 09)
    at weblogic.net.http.HttpsURLConnection.getHttpClient (HttpsURLConnection.java:246)
    at weblogic.net.http.HttpsURLConnection.connect(Https URLConnection.java:217)
    at weblogic.management.Admin.checkAdminServerIsRunnin g(Admin.java:1545)
    at weblogic.management.Admin.isAdminServerRunning(Adm in.java:1617)
    at weblogic.management.Admin.createInstance(Admin.jav a:1399)
    at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java :770)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670 )
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
    at weblogic.Server.main(Server.java:32)
    >

    from the jks keystore file /apps/weblogic81/bea/weblogic81/server/lib/DemoTrust.jks.>

  8. Re: HandShake Failure

    Your command line is missing:
    -Dweblogic.security.TrustKeyStore=CustomTrust

    The following properties:
    weblogic.server.CustomIdentityKeyStoreFileName
    weblogic.server.CustomIdentityKeyStorePassPhrase
    weblogic.server.CustomIdentityKeyStoreType

    that you pass on the command line are not supported and not necessary. Managed server will connect to the admin server over one-way ssl and get the ssl identity configuration that you set in the console.

    Pavel.

  9. Re: HandShake Failure

    Hi Pavel,

    -Dweblogic.security.TrustKeyStore=CustomTrust is not recongnized.

  10. Re: HandShake Failure

    Probably because the other CustomTrust properties you use should start with weblogic.security not weblogic.server.

    Pavel.

+ Reply to Thread