Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Upgrade 3.4.2 failed

TakeTheLongPathMar 28 2017 — edited Apr 6 2017

I attempted to upgrade my OVMM to 3.4.2. I have been running 3.4.1 for about 6 months, with custom SSL certificate for management SSL. The CA for the certificate is a federal trust not a commercial 3rd party CA.

The upgrade appeared to be successful, but it would not allow login. I attempted several times, made sure it had booted everything properly, even tried a bad password. My conclusion was password was ok, but it was the internal/api connections that fail. I suspect custom SSL certificate. Even though the upgraded weblogic server was serving with the custom certificate, I believe the certificate is not trusted for the API connections.

I located the "cacerts" files bundled in the JREs and imported our CA and restarted. It did not solve it. So I restored to snapshot in order to research this more thoroughly before attempting again.

I believe I am on the right track. I just am not 100% sure where I need to import the CA cert as a trusted issuer.

Can someone point me to how to make sure that the upgrade will still trust my CA's certificate?

Some log snippets:

####<2017-03-28T13:28:59.888-0500> <Info> <ServletContext-/ovm/console> <iss-lvo-vmm.jsc.nasa.gov> <AdminServer> <[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <88bffaec-b3c7-4e30-9600-1ece35ca709e-00000094> <1490725739888> <BEA-000000> <JspServlet: initialization complete>

####<2017-03-28T13:29:03.492-0500> <Warning> <com.oracle.appfw.ovm.tasks.Synchronizer> <iss-lvo-vmm.jsc.nasa.gov> <AdminServer> <Thread-86> <<anonymous>> <> <88bffaec-b3c7-4e30-9600-1ece35ca709e-0000006c> <1490725743492> <BEA-000000> <Unable to connect to core. Retrying in 30 seconds.>

####<2017-03-28T13:29:03.679-0500> <Info> <com.oracle.appfw.common.utils.AbstractConnectionManager> <iss-lvo-vmm.jsc.nasa.gov> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <admin> <> <88bffaec-b3c7-4e30-9600-1ece35ca709e-00000099> <1490725743679> <BEA-000000> <AppFw session 1001: Using basic authentication to connect to Web Service API.>

####<2017-03-28T13:29:03.757-0500> <Error> <com.oracle.appfw.common.utils.AbstractConnectionManager> <iss-lvo-vmm.jsc.nasa.gov> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <admin> <> <88bffaec-b3c7-4e30-9600-1ece35ca709e-00000099> <1490725743757> <BEA-000000> <AppFw session 1001 has failed to connect to WebService API.

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155)

  at com.sun.jersey.api.client.Client.handle(Client.java:652)

  at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)

  at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)

  at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:560)

  at com.oracle.ovm.mgr.ws.client.RestClient.login(RestClient.java:546)

  at com.oracle.ovm.mgr.ws.client.OvmWsRestClient.login(OvmWsRestClient.java:126)

And

####<2017-03-28T13:29:11.306-0500> <Info> <com.oracle.appfw.common.utils.AbstractConnectionManager> <iss-lvo-vmm.jsc.nasa.gov> <AdminServer> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <admin> <> <88bffaec-b3c7-4e30-9600-1ece35ca709e-000000a7> <1490725751306> <BEA-000000> <AppFw session 1002: Using basic authentication to connect to Web Service API.>

####<2017-03-28T13:29:11.374-0500> <Error> <com.oracle.appfw.common.utils.AbstractConnectionManager> <iss-lvo-vmm.jsc.nasa.gov> <AdminServer> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <admin> <> <88bffaec-b3c7-4e30-9600-1ece35ca709e-000000a7> <1490725751374> <BEA-000000> <AppFw session 1002 has failed to connect to WebService API.

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

  at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155)

  at com.sun.jersey.api.client.Client.handle(Client.java:652)

  at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)

  at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)

  at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:560)

  at com.oracle.ovm.mgr.ws.client.RestClient.login(RestClient.java:546)

  at com.oracle.ovm.mgr.ws.client.OvmWsRestClient.login(OvmWsRestClient.java:126)

TIA!
This post has been answered by TakeTheLongPath on Apr 6 2017
Jump to Answer
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on May 4 2017
Added on Mar 28 2017
#oracle-virtualization, #oracle-vm-server-for-x86, #ssl, #upgrade
3 comments
1,450 views