weblogic NodeManager的 [Security:090482]BAD_CERTIFICATE alert 错误

之前由于虚拟机换了ip，所以出现了如下错误：javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from 192.168.1.127 - 192.168.1.127. Check the peer to determine why it rejected th

rocklei123

5968人浏览 · 2013-09-12 16:27:38

rocklei123 · 2013-09-12 16:27:38 发布

之前由于虚拟机换了ip，所以出现了如下错误：

<Sep 12, 2013 4:17:12 AM BRT> <Warning> <Security> <BEA-090482> <BAD_CERTIFICATE alert was received from 192.168.1.127 - 192.168.1.127. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.> 
<Sep 12, 2013 4:17:12 AM> <WARNING> <Uncaught exception in server handlerjavax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from 192.168.1.127 - 192.168.1.127. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from 192.168.1.127 - 192.168.1.127. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
	at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
	at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
	at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
	at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
	at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
	at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
	at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
	at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
	at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
	at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
	at com.certicom.tls.record.ReadHandler.read(Unknown Source)
	at com.certicom.io.InputSSLIOStreamWrapper.read(Unknown Source)
	at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
	at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
	at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
	at java.io.InputStreamReader.read(InputStreamReader.java:167)
	at java.io.BufferedReader.fill(BufferedReader.java:136)
	at java.io.BufferedReader.readLine(BufferedReader.java:299)
	at java.io.BufferedReader.readLine(BufferedReader.java:362)
	at weblogic.nodemanager.server.Handler.run(Handler.java:70)
	at java.lang.Thread.run(Thread.java:619)

1.修改adminserver的ssl默认参数Hostname Verification:None

2.startWeblogic.cmd中追加:
set JAVA_OPTIONS=%JAVA_OPTIONS% -Dweblogic.security.SSL.ignoreHostnameVerification=true

Admin Server and Other managed Servers (Startup Scripts):
-Dweblogic.security.SSL.ignoreHostnameVerification=true

For Node Manager (in startNodeManager.sh):
-Dweblogic.nodemanager.sslHostNameVerificationEnabled=false

我只用了第一种就解决了，设置Hostname Verification None 重启管理server，问题解决。

参考地址：https://forums.oracle.com/thread/1031567

http://tonydlut.iteye.com/blog/1291326

华为开发者空间

华为开发者空间，是为全球开发者打造的专属开发空间，汇聚了华为优质开发资源及工具，致力于让每一位开发者拥有一台云主机，基于华为根生态开发、创新。

更多推荐