Unable to initialize SSL environment, nzos call nzosSetCredential returned 28791-Weblogic 12.2.1.4

 

 Error while starting node manager

 nodemanager was failing to start collocated ohs with below error



Unable to initialize SSL environment, nzos call nzosSetCredential returned 28791

OHS:2171 NZ Library Error: Unknown error 


nodemanger.log

WARNING: Bootstrap services are used by OPSS internally and clients should never need to directly read/write bootstrap cred...skipping...

io.IOException: Failed to start the server ohs1

Check log file /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/system_components/OHS/ohs_nm.log

Check log file /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/servers/ohs1/logs/ohs1.log>

java.io.IOException: Failed to start the server ohs1

Check log file /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/system_components/OHS/ohs_nm.log

Check log file /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/servers/ohs1/logs/ohs1.log

at oracle.ohs.plugin.nodemanager.OhsProcessManagementPlugin$ProcessImpl.buildIoException(Unknown Source)

at oracle.ohs.plugin.nodemanager.OhsProcessManagementPlugin$ProcessImpl.start(Unknown Source)

at weblogic.nodemanager.server.DecoratedSystemComponentManager$DecoratedProcess.start(DecoratedSystemComponentManager.java:129)

at weblogic.nodemanager.server.ServerMonitor.startProcess(ServerMonitor.java:664)

at weblogic.nodemanager.server.ServerMonitor.start(ServerMonitor.java:124)

at weblogic.nodemanager.server.ServerManager.startServer(ServerManager.java:323)

at weblogic.nodemanager.server.ServerManager.recoverServer(ServerManager.java:208)

at weblogic.nodemanager.server.DomainManager.initialize(DomainManager.java:180)

at weblogic.nodemanager.server.DomainManager.<init>(DomainManager.java:69)

at weblogic.nodemanager.server.NMServer.initDomains(NMServer.java:384)

at weblogic.nodemanager.server.NMServer.start(NMServer.java:360)

at weblogic.nodemanager.server.NMServer.main(NMServer.java:591)

at weblogic.NodeManager.main(NodeManager.java:31)



Content from ohs1.log (trimmed)


/u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/servers/ohs1/logs/ohs1.log

[2023-04-28T15:28:48.2986+03:00] [OHS] [ERROR:32] [OH99999] [ossl] [host_id: tfictapps] [host_addr: 192.168.1.133] [pid: 7443] [tid: 1] [user: apps] [VirtualHost: tfictapps.test.com:4443] OHS:2057 Init: (tfictapps.test.com:4443) Unable to initialize SSL environment, nzos call nzosSetCredential returned 28791

[2023-04-28T15:28:48.2988+03:00] [OHS] [ERROR:32] [OH99999] [ossl] [host_id: tfictapps] [host_addr: 192.168.1.133] [pid: 7443] [tid: 1] [user: apps] [VirtualHost: tfictapps.test.com:4443] OHS:2171 NZ Library Error: Unknown error



Content from ohs_nm.log (trimmed)

/u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/system_components/OHS/ohs_nm.log


<2023-04-28 11:06:57> <WARNING> <OHS-4034> <SSL is not enabled for the admin port of ohs1. Thus, the connection between NodeManager and the admin port of ohs1 is not secure. SSL must be enabled for this connection. For more information on how to enable SSL for this connection, refer to OHS documentation>

<2023-04-28 11:06:57> <INFO> <OHS-0> <Running /u01/app/apps/middleware/product/12.2.1/ohs/bin/launch httpd -DOHS_MPM_WORKER -d /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/config/fmwconfig/components/OHS/instances/ohs1 -k start -f /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/config/fmwconfig/components/OHS/instances/ohs1/httpd.conf>

<2023-04-28 11:06:58> <INFO> <OHS-0> <(126)Cannot assign requested address: AH00072: make_sock: could not bind to address 192.168.1.115:7777>

<2023-04-28 11:06:58> <INFO> <OHS-0> <no listening sockets available, shutting down>

<2023-04-28 11:06:58> <INFO> <OHS-0> <AH00015: Unable to open logs>

<2023-04-28 11:06:58> <SEVERE> <OHS-0> </u01/app/apps/middleware/product/12.2.1/ohs/bin/launch httpd -DOHS_MPM_WORKER -d /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/config/fmwconfig/components/OHS/instances/ohs1 -k start -f /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/config/fmwconfig/components/OHS/instances/ohs1/httpd.conf: exit status = 1>

<2023-04-28 11:06:58> <INFO> <OHS-4005> <Check the instance log file for more information: /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/servers/ohs1/logs/ohs1.log>

<2023-04-28 11:06:58> <SEVERE> <OHS-0> <Failed to start the server ohs1>

<2023-04-28 13:57:04> <INFO> <OHS-0> <Domain initialized for /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn>

<2023-04-28 13:57:04> <SEVERE> <OHS-0> <ServerName directive is not configured in admin.conf of ohs1>

<2023-04-28 13:57:04> <INFO> <OHS-4018> <Starting server ohs1>

<2023-04-28 13:57:04> <SEVERE> <OHS-4035> <nm-wallet is not configured for ohs1 in ohs.plugins.nodemanager.properties. Hence ohs1 failed to start>

<2023-04-28 13:57:04> <SEVERE> <OHS-0> <Failed to start the server ohs1>

 

The cause of the issue was that the default certificate for ohs1 has expired


Check existing certificate information for OHS

the location of the certificate is: /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/config/fmwconfig/components/OHS/instances/ohs1/keystores/default


Display the wallet

apps@tfictapps:/u01/app/apps/middleware/product/12.2.1/oracle_common/bin$ ./orapki wallet display -wallet /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/config/fmwconfig/components/OHS/instances/ohs1/keystores/default



Oracle PKI Tool : Version 12.2.1.4.0

Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:

User Certificates:

Subject: CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY

Trusted Certificates:

Subject: CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY

 

This information will be used while exporting the wallet 


Export wallet

./orapki wallet export -wallet /u01/app/apps/middleware/product/12.2.1/user_projects/domains/tfict_dmn/config/fmwconfig/components/OHS/instances/ohs1/keystores/default -dn 'CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY' -cert certificate.crt


Display the certificate using openssl and verify expiry date

openssl x509 -in certificate.crt -noout -text

This clearly shows the certificate has already expired 


 


recreate the wallet to extend the certificate validity

loc: /u01/app/apps/middleware/product/12.2.1/oracle_common/bin/orapki

orapki wallet create -wallet . -auto_login_only

orapki wallet add -wallet . -dn 'CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY' -keysize 2048 -self_signed -validity 3650 -auto_login_only

orapki wallet display -wallet .

Check the expiry again with above given method


 

 

A self-signed certificate/wallet has been created, in the same old directory.
Now node manager is able to start ohs succesfully


Ref:

2314626.1

2729766.1





Comments

Post a Comment

Popular posts from this blog

APP-FND-01436: List of Values cannot find any values for you to choose error from concurrent request program parameter (R12 12.1.3)

Image
APP-FND-01436: List of Values cannot find any values for you to choose error from concurrent request program parameter After upgrading oracle application 11i(11.5.10.2) to R12(12.1.3) running concurrent program request caused this issue When concurrent program is run for a concurrent request after upgrading to R12 12.1.3 the lov, which is attached to a parameter, gives APP-FND-01436: “List of Values cannot find any values for you to choose”. When the same request is run from oracle applications 11i 11.5.10.2 the same value set is working fine. The value set is based on a table. If you go and test the value set query from the value set definition screen it returns complete successful message yet if you go to the parameter of the concurrent request program form where the particular value set is used it gives you the above error. After searching google and oracle support I found metalink note 1400963.1, EBS R12.1: Parameter for Concurrent Request Using Table Based LOV G...
Read more

WEB ADI - issues encountered during initial access

Image
On accessing create document link under Desktop Integrator responsibility browser was showing following error Set BNE UIX Physical Directory profile value to proper directory at site level Location = $COMMON_TOP/html/cabo/  (11i) Location = $COMMON_TOP/webapps/oacore/html/cabo/  (R12) As this was a cloned instance the value of this profile setting was pointing to a wrong location. set as BNE UIX Physical Directory /u03/oracle/prodcomn/html/cabo/ Access to functions are controlled by function security so to access and work with web adi the user should have proper access. You should have access to particular integrator to access and work with it Find out responsibility which is created to work with web adi check the main menu for this responsibility. Modify the responsibility or Menu if default is not fitting to your needs. For instance Desktop Integration Menu has create document, Define Lay out, Define Mapping, Manage Documents, Setup options Note : you...
Read more

Error processing request - Contact your application administrator apex 20.1

Image
After upgrading 11.2.0.4 to 19c with apex 20.1 accessing apex_admin/apex pages was throwing “Error processing request” Contact your application administrator. There were three invalid objects for APEX_200100 WWV_FLOW_SESSION_RAS WWV_FLOW_WIZARD_API WWV_FLOW_DATA_LOADER Tried compiling these objects but compile was completing with PL/SQL: ORA-00942: table or view does not exist To resolve the issue following rant needs to be given then compile (ran both grant and compile as sysdba) grant select on SYS.DBA_XS_DYNAMIC_ROLES to APEX_200100; grant select on SYS.DBA_TAB_IDENTITY_COLS to APEX_200100; alter package APEX_200100.WWV_FLOW_SESSION_RAS compile body; alter package APEX_200100.WWV_FLOW_WIZARD_API compile body; alter package APEX_200100.WWV_FLOW_DATA_LOADER compile body; Returned 0 invalid object for APEX_200100  select * from dba_objects where status = 'INVALID' and owner = 'APEX_200100' ; Now both admin and apex pages ar...
Read more