Be Secure
I did not mention it in my not so "OAM-in-a-day" entry, but when you run a clustered environment, make sure to set the "Secure" flag on the AdminServer and Managed Server configuration screens. It does have more impact that setting the "Use JSSE" flag on the SSL/Advanced section of the Weblogic console, but when you failed to do so, that's one place to correct it.Why?
No particular reason, other than the fact OAM will check whether distribution and activation of custom plug ins was done correctly, by checking a HeartBeat. This is SSL, whatever your settings.You see the problem arising...
Even is no SSL configuration is available, the HeartBeat is SSL - and will fail.
<BEA-090898> <Ignoring the trusted CA certificate "CN=CertGenCA,OU=FOR TESTING ONLY,O=MyOrganization,L=MyTown,ST=MyState,C=US".
The loading of the trusted certificate list raised a certificate parsing exception PKIX:
Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
The plugin status will get status "activation failed".The loading of the trusted certificate list raised a certificate parsing exception PKIX:
Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
Workaround
Make sure your settings in the (optional...) Configure Servers, Clusters and Machines screens have "Secure" selected.This configuration will prevent this error from happening.
Else, stop your Managed and Admin Servers, alter oam-config.xml: change "activation-failed status for the plugin(s) into activated, increase Version by 1, save oam-config.xml and start all servers again.
Mind you, this will bring down your services, and have impact on SLA times.
Peter Abé of Oracle figured this out, and it has been fixed as-of BP2
No comments:
Post a Comment