Node Manager Fails with JSSE SSL Configured at the Admin Server

by AjitSaturday, March 01, 20140 Comments


After enabling JSSE on Admin server, Node Manager was throwing the following error and unable to start managed servers using Node Manager.
  SSL header was received from peer aubdc00-ofm03s - aa.bb.cc.dd during SSL handshake.>
javax.net.ssl.SSLHandshakeException: [Security:090476]Invalid/unknown SSL header was received from peer aubdc00-ofm03s - aa.bb.cc.dd during SSL handshake.


       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
       at com.certicom.tls.record.ReadHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.ReadHandler.getProtocolVersion(Unknown Source)
       at com.certicom.tls.record.ReadHandler.checkVersion(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.ReadHandler.read(Unknown Source)
       at com.certicom.io.InputSSLIOStreamWrapper.read(Unknown Source)
       at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:452)
       at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:494)
       at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:222)
       at java.io.InputStreamReader.read(InputStreamReader.java:177)
       at java.io.BufferedReader.fill(BufferedReader.java:136)
       at java.io.BufferedReader.readLine(BufferedReader.java:299)
       at java.io.BufferedReader.readLine(BufferedReader.java:362)
       at weblogic.nodemanager.server.Handler.run(Handler.java:71)
       at java.lang.Thread.run(Thread.java:736)

Cause 

The Node Mananger was not set properly to use JSSE. This parameter was used to enable JSSE:
-Dweblogic.SSL.enableJSSE=true
But this parameter is invalid.

Solution 

To enable JSSE in Node Manager in WLS 10.3.3 and higher, the following parameter has to be used:
-Dweblogic.security.SSL.enableJSSE=true
  This can be added in the startNodeManager.sh/startNodeManager.cmd residing under Oracle_Home\wlserver_10.3\server\bin
JAVA_OPTIONS="-Dweblogic.security.SSL.enableJSSE=true"
export JAVA_OPTIONS

0 Comments