Translate

2018년 8월 17일 금요일

[WebLogic][Error] HTTPS(SSL) 설정 후 서버 기동 시 BEA-000297 / BEA-090034 / BEA-090132 / BEA-090133 / BEA-090164 / BEA-090172 / BEA-090503 에러










실습환경
 - OS: OracleLinux 5
 - WebLogic ver: 10.3.6



증상

매니지드서버(Managed Server) 기동 시 아래와 같은 에러가 발생하며 HTTP 통신은 정상적으로 되나 telnet 으로 확인 시 HTTPS(SSL) 포트가 열려있지 않으며 웹브라우저에서 접속이 되지 않는다.
1004lucifer






원인


 - 잘못 만든 인증서로 키저장소 설정을 하거나 인증서 정보를 잘못 기입 시 문제가 발생을 하므로 로그를 확인하여 어느부분이 문제인지 파악하여 해당 정보를 올바르게 수정해 준다.





1. '키저장소' 항목의 개인인증서 또는 보안인증서 정보가 잘못되어 HTTPS(SSL)가 정상적으로 동작하지 않았다.
(보안인증서의 경우 잘못된 값을 넣어도 에러로그만 나올 뿐, HTTPS(SSL)가 동작을 했다.)





'사용자 정의 ID 키 저장소' 정보가 잘못된 경우
- 잘못 만들어진 개인키인증서를 입력한 경우

[weblogic@ae2793daea03 bin]$ ./startManagedWebLogic.sh ManagedServer01 t3://localhost:7001
.
.
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m  -XX:MaxPermSize=256m
.
WLS Start Mode=Development
. 1004lucifer
CLASSPATH=/app/weblogic1036/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/app/jdk1.6.0_45/lib/tools.jar:/app/weblogic1036/wlserver_10.3/server/lib/weblogic_sp.jar:/app/weblogic1036/wlserver_10.3/server/lib/weblogic.jar:/app/weblogic1036/modules/features/weblogic.server.modules_10.3.6.0.jar:/app/weblogic1036/wlserver_10.3/server/lib/webservices.jar:/app/weblogic1036/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/app/weblogic1036/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/app/weblogic1036/wlserver_10.3/common/derby/lib/derbyclient.jar:/app/weblogic1036/wlserver_10.3/server/lib/xqrl.jar
.
PATH=/app/weblogic1036/wlserver_10.3/server/bin:/app/weblogic1036/modules/org.apache.ant_1.7.1/bin:/app/jdk1.6.0_45/jre/bin:/app/jdk1.6.0_45/bin:/usr/local/bin:/bin:/usr/bin:/home/weblogic/bin
.
***************************************************
*  To start WebLogic Server, use a username and   *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at http://hostname:port/console        *
***************************************************
starting weblogic with Java version:
java version "1.6.0_45"
Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
Starting WLS with line:
/app/jdk1.6.0_45/bin/java -client   -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m  -XX:MaxPermSize=256m -Dweblogic.Name=ManagedServer01 -Djava.security.policy=/app/weblogic1036/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.security.SSL.trustedCAKeyStore=/app/weblogic1036/wlserver_10.3/server/lib/cacerts  -Xverify:none  -da -Dplatform.home=/app/weblogic1036/wlserver_10.3 -Dwls.home=/app/weblogic1036/wlserver_10.3/server -Dweblogic.home=/app/weblogic1036/wlserver_10.3/server   -Dweblogic.management.discover=false -Dweblogic.management.server=t3://localhost:7001  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/app/weblogic1036/patch_wls1036/profiles/default/sysext_manifest_classpath  weblogic.Server
<Aug 17, 2018 5:16:02 AM UTC> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Aug 17, 2018 5:16:02 AM UTC> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Aug 17, 2018 5:16:02 AM UTC> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 20.45-b01 from Sun Microsystems Inc.>
<Aug 17, 2018 5:16:03 AM UTC> <Info> <Security> <BEA-090065> <Getting boot identity from user.>
Enter username to boot WebLogic server:1004lucifer
Enter password to boot WebLogic server:
<Aug 17, 2018 5:16:07 AM UTC> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050 >
<Aug 17, 2018 5:16:08 AM UTC> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Aug 17, 2018 5:16:08 AM UTC> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Aug 17, 2018 5:16:08 AM UTC> <Notice> <LoggingService> <BEA-320400> <The log file /app/weblogic1036/domains/1004lucifer_domain/servers/ManagedServer01/logs/ManagedServer01.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Aug 17, 2018 5:16:08 AM UTC> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to /app/weblogic1036/domains/1004lucifer_domain/servers/ManagedServer01/logs/ManagedServer01.log00035. Log messages will continue to be logged in /app/weblogic1036/domains/1004lucifer_domain/servers/ManagedServer01/logs/ManagedServer01.log.>
<Aug 17, 2018 5:16:08 AM UTC> <Notice> <Log Management> <BEA-170019> <The server log file /app/weblogic1036/domains/1004lucifer_domain/servers/ManagedServer01/logs/ManagedServer01.log is opened. All server side log events will be written to this file.>
<Aug 17, 2018 5:16:10 AM UTC> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Aug 17, 2018 5:16:11 AM UTC> <Notice> <LoggingService> <BEA-320400> <The log file /app/weblogic1036/domains/1004lucifer_domain/servers/ManagedServer01/logs/access.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Aug 17, 2018 5:16:11 AM UTC> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to /app/weblogic1036/domains/1004lucifer_domain/servers/ManagedServer01/logs/access.log00010. Log messages will continue to be logged in /app/weblogic1036/domains/1004lucifer_domain/servers/ManagedServer01/logs/access.log.>
<Aug 17, 2018 5:16:11 AM UTC> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<Aug 17, 2018 5:16:11 AM UTC> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Aug 17, 2018 5:16:12 AM UTC> <Warning> <Munger> <BEA-2156203> <A version attribute was not found in element web-app in the deployment descriptor in /tmp/testapp/WEB-INF/web.xml. A version attribute is required, but this version of the Weblogic Server will assume that the JEE5 is used. Future versions of the Weblogic Server will reject descriptors that do not specify the JEE version.>
<Aug 17, 2018 5:16:12 AM UTC> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
<Aug 17, 2018 5:16:12 AM UTC> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Aug 17, 2018 5:16:12 AM UTC> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Aug 17, 2018 5:16:12 AM UTC> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias 1004lucifer from the JKS keystore file /app/weblogic1036/ssl/1004lucifer_key.jks.>
<Aug 17, 2018 5:16:12 AM UTC> <Warning> <Security> <BEA-090503> <The public key from the configured server certificate and the configured server private key do not match.>
<Aug 17, 2018 5:16:12 AM UTC> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: The public key from the configured server certificate and the configured server private key do not match.>
<Aug 17, 2018 5:16:12 AM UTC> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: The public key from the configured server certificate and the configured server private key do not match..>
<Aug 17, 2018 5:16:12 AM UTC> <Warning> <Security> <BEA-090503> <The public key from the configured server certificate and the configured server private key do not match.>
<Aug 17, 2018 5:16:12 AM UTC> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: The public key from the configured server certificate and the configured server private key do not match.>
<Aug 17, 2018 5:16:12 AM UTC> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: The public key from the configured server certificate and the configured server private key do not match..>
<Aug 17, 2018 5:16:12 AM UTC> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 172.17.0.2:9001 for protocols iiop, t3, ldap, snmp, http.>
<Aug 17, 2018 5:16:12 AM UTC> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:9001 for protocols iiop, t3, ldap, snmp, http.>
<Aug 17, 2018 5:16:12 AM UTC> <Notice> <WebLogicServer> <BEA-000332> <Started WebLogic Managed Server "ManagedServer01" for domain "1004lucifer_domain" running in Development Mode>
<Aug 17, 2018 5:16:13 AM UTC> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Aug 17, 2018 5:16:13 AM UTC> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>









'사용자 정의 ID 키 저장소' 정보가 잘못된 경우
- 개인인증서 대신 보안인증서 넣은경우
(에러부분 로그만 첨부)

<Aug 17, 2018 7:14:30 AM UTC> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias 1004lucifer from the JKS keystore file /app/weblogic1036/ssl/1004lucifer_cert.jks.> 1004lucifer
<Aug 17, 2018 7:14:30 AM UTC> <Alert> <Security> <BEA-090168> <No identity key/certificate entry was found under alias 1004lucifer in keystore /app/weblogic1036/ssl/1004lucifer_cert.jks on server ManagedServer01>
<Aug 17, 2018 7:14:30 AM UTC> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: No identity key/certificate entry was found under alias 1004lucifer in keystore /app/weblogic1036/ssl/1004lucifer_cert.jks on server ManagedServer01>
<Aug 17, 2018 7:14:30 AM UTC> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: No identity key/certificate entry was found under alias 1004lucifer in keystore /app/weblogic1036/ssl/1004lucifer_cert.jks on server ManagedServer01.>
<Aug 17, 2018 7:14:30 AM UTC> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias 1004lucifer from the JKS keystore file /app/weblogic1036/ssl/1004lucifer_cert.jks.>
<Aug 17, 2018 7:14:30 AM UTC> <Alert> <Security> <BEA-090168> <No identity key/certificate entry was found under alias 1004lucifer in keystore /app/weblogic1036/ssl/1004lucifer_cert.jks on server ManagedServer01>
<Aug 17, 2018 7:14:30 AM UTC> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: No identity key/certificate entry was found under alias 1004lucifer in keystore /app/weblogic1036/ssl/1004lucifer_cert.jks on server ManagedServer01>
<Aug 17, 2018 7:14:30 AM UTC> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: No identity key/certificate entry was found under alias 1004lucifer in keystore /app/weblogic1036/ssl/1004lucifer_cert.jks on server ManagedServer01.>
<Aug 17, 2018 7:14:30 AM UTC> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 172.17.0.2:9001 for protocols iiop, t3, ldap, snmp, http.>








'사용자 정의 ID 키 저장소 비밀번호' 정보가 잘못된 경우
(에러부분 로그만 첨부)

<Aug 17, 2018 7:28:02 AM UTC> <Error> <Security> <BEA-090133> <Could not load a JKS keystore from the file /app/weblogic1036/ssl/1004lucifer_key.jks. Exception: java.io.IOException: Keystore was tampered with, or password was incorrect>
<Aug 17, 2018 7:28:02 AM UTC> <Alert> <Security> <BEA-090166> <Failed to load identity keystore of type JKS from file /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01>
<Aug 17, 2018 7:28:02 AM UTC> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: Failed to load identity keystore of type JKS from file /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01>
<Aug 17, 2018 7:28:02 AM UTC> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to load identity keystore of type JKS from file /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01.>
<Aug 17, 2018 7:28:02 AM UTC> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias 1004lucifer from the JKS keystore file /app/weblogic1036/ssl/1004lucifer_key.jks.>
<Aug 17, 2018 7:28:02 AM UTC> <Error> <Security> <BEA-090133> <Could not load a JKS keystore from the file /app/weblogic1036/ssl/1004lucifer_key.jks. Exception: java.io.IOException: Keystore was tampered with, or password was incorrect>
<Aug 17, 2018 7:28:02 AM UTC> <Alert> <Security> <BEA-090166> <Failed to load identity keystore of type JKS from file /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01> 1004lucifer
<Aug 17, 2018 7:28:02 AM UTC> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: Failed to load identity keystore of type JKS from file /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01>
<Aug 17, 2018 7:28:02 AM UTC> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to load identity keystore of type JKS from file /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01.>






'사용자 정의 보안 키 저장소' 정보가 잘못된 경우
- 실제로 없는 파일을 경로로 넣은 경우
(에러부분 로그만 첨부)

<Aug 17, 2018 11:56:01 AM UTC> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Aug 17, 2018 11:56:02 AM UTC> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias 1004lucifer from the JKS keystore file /app/weblogic1036/ssl/1004lucifer_key.jks.> 1004lucifer
<Aug 17, 2018 11:56:02 AM UTC> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file /app/weblogic1036/ssl/1004lucifer.jks.>
<Aug 17, 2018 11:56:02 AM UTC> <Error> <Security> <BEA-090132> <Could not open the keystore file /app/weblogic1036/ssl/1004lucifer.jks for read access. Exception: java.io.FileNotFoundException: /app/weblogic1036/ssl/1004lucifer.jks (No such file or directory)>
<Aug 17, 2018 11:56:02 AM UTC> <Warning> <Security> <BEA-090164> <Failed to load trusted certificates from keystore /app/weblogic1036/ssl/1004lucifer.jks of type JKS>
<Aug 17, 2018 11:56:02 AM UTC> <Warning> <Security> <BEA-090172> <No trusted certificates have been loaded. Server will not trust to any certificate it receives.>






'사용자 정의 보안 키 저장소 비밀번호' 정보가 잘못된 경우
(에러부분 로그만 첨부)

<Aug 17, 2018 12:02:29 PM UTC> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file /app/weblogic1036/ssl/1004lucifer_cert.jks.>
<Aug 17, 2018 12:02:29 PM UTC> <Error> <Security> <BEA-090133> <Could not load a JKS keystore from the file /app/weblogic1036/ssl/1004lucifer_cert.jks. Exception: java.io.IOException: Keystore was tampered with, or password was incorrect>
<Aug 17, 2018 12:02:29 PM UTC> <Warning> <Security> <BEA-090164> <Failed to load trusted certificates from keystore /app/weblogic1036/ssl/1004lucifer_cert.jks of type JKS> 1004lucifer
<Aug 17, 2018 12:02:29 PM UTC> <Warning> <Security> <BEA-090172> <No trusted certificates have been loaded. Server will not trust to any certificate it receives.>
<Aug 17, 2018 12:02:29 PM UTC> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 172.17.0.2:9001 for protocols iiop, t3, ldap, snmp, http.>









2. SSL 항목의 인증서 정보가 잘못되어 HTTPS(SSL)이 정상적으로 동작하지 않았다.






별칭(alias) 정보가 잘못된 경우
(에러부분 로그만 첨부)

<Aug 17, 2018 5:36:48 AM UTC> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias 1004lucifer_key from the JKS keystore file /app/weblogic1036/ssl/1004lucifer_key.jks.>
<Aug 17, 2018 5:36:48 AM UTC> <Alert> <Security> <BEA-090168> <No identity key/certificate entry was found under alias 1004lucifer_key in keystore /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01>
<Aug 17, 2018 5:36:48 AM UTC> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: No identity key/certificate entry was found under alias 1004lucifer_key in keystore /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01>
<Aug 17, 2018 5:36:48 AM UTC> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: No identity key/certificate entry was found under alias 1004lucifer_key in keystore /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01.>
<Aug 17, 2018 5:36:48 AM UTC> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias 1004lucifer_key from the JKS keystore file /app/weblogic1036/ssl/1004lucifer_key.jks.> 1004lucifer
<Aug 17, 2018 5:36:48 AM UTC> <Alert> <Security> <BEA-090168> <No identity key/certificate entry was found under alias 1004lucifer_key in keystore /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01>
<Aug 17, 2018 5:36:48 AM UTC> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: No identity key/certificate entry was found under alias 1004lucifer_key in keystore /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01>
<Aug 17, 2018 5:36:48 AM UTC> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: No identity key/certificate entry was found under alias 1004lucifer_key in keystore /app/weblogic1036/ssl/1004lucifer_key.jks on server ManagedServer01.>
<Aug 17, 2018 5:36:48 AM UTC> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 172.17.0.2:9001 for protocols iiop, t3, ldap, snmp, http.>






비밀번호 정보가 잘못된 경우
(에러부분 로그만 첨부)

<Aug 17, 2018 5:52:36 AM UTC> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias 1004lucifer from the JKS keystore file /app/weblogic1036/ssl/1004lucifer_key.jks.>
<Aug 17, 2018 5:52:36 AM UTC> <Alert> <Security> <BEA-090716> <Failed to retrieve identity key/certificate from keystore /app/weblogic1036/ssl/1004lucifer_key.jks under alias 1004lucifer on server ManagedServer01>
<Aug 17, 2018 5:52:36 AM UTC> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: Failed to retrieve identity key/certificate from keystore /app/weblogic1036/ssl/1004lucifer_key.jks under alias 1004lucifer on server ManagedServer01>
<Aug 17, 2018 5:52:36 AM UTC> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /app/weblogic1036/ssl/1004lucifer_key.jks under alias 1004lucifer on server ManagedServer01.>
<Aug 17, 2018 5:52:36 AM UTC> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias 1004lucifer from the JKS keystore file /app/weblogic1036/ssl/1004lucifer_key.jks.> 1004lucifer
<Aug 17, 2018 5:52:36 AM UTC> <Alert> <Security> <BEA-090716> <Failed to retrieve identity key/certificate from keystore /app/weblogic1036/ssl/1004lucifer_key.jks under alias 1004lucifer on server ManagedServer01>
<Aug 17, 2018 5:52:36 AM UTC> <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: Failed to retrieve identity key/certificate from keystore /app/weblogic1036/ssl/1004lucifer_key.jks under alias 1004lucifer on server ManagedServer01>
<Aug 17, 2018 5:52:36 AM UTC> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /app/weblogic1036/ssl/1004lucifer_key.jks under alias 1004lucifer on server ManagedServer01.>
<Aug 17, 2018 5:52:36 AM UTC> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 172.17.0.2:9001 for protocols iiop, t3, ldap, snmp, http.>




댓글 없음 :

댓글 쓰기