Oracle Soa Suite 12C: Solving a bug
Back to overview

Oracle Soa Suite 12C: Solving a bug

Published on: Category: Oracle

For a customer in the Netherlands, in the healthcare division, Qualogy is implementing Oracle SOA Suite 12c(12.1.3) and Oracle Service Bus 12c(12.1.3). For connection with a WebService to a backoffice system, we enabled SSL and the OWSM Policy oracle/wss_username_token_over_ssl_service_policy:

We enabled SSL on domain level, created the necessary keystores regarding trust and Identity. After restarting the domain, all alerts in the Fusion Middleware Console seems to have dissappeared.

Oracle raised an official bug for this, Bug 20599654 – OSB Pipeline alerts are not displayed in EM console when SSL is enabled which is under investigation at Oracle Product Development since begin of march, upto now.

What we saw appearing in the logs was that, when we enabled SSL at domainlevel, the OSB aggregator, which aggregates all OSB alert data, was not able to connect over the t3s protocol WebLogic uses for internal applications to connect with eachother over RMI. We saw these messages:

  1. Caused by: javax.naming.CommunicationException: t3://<hostname>.local:7010,<hostname>.local:7020: Destination <ip adress>, 7020 unreachable; nested exception is: 
  2. java.net.ConnectException: Connection refused; No available router to destination [Root exception is java.net.ConnectException: t3://<hostname>.local:7010,<hostname>.local:7020: Destination <ip adress>, 7020 unreachable; nested exception is: 
  3. java.net.ConnectException: Connection refused; No available router to destination] 
  4. at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)

Besides of Product Development working on the bug, I started an investigation and found the solution for this.

These are the steps I took:

WebLogic Domain Level

Only the managed servers contained the SSL domain config; I also configured AdminServer not to use demo certificates but the configured trust and identity stores:

 Nodemanagers

After further investigation, I discovered the Nodemanagers were not included to use the SSL keystore configuration, so I added to the nodemanager.properties ( in <Domain home>/nodemanager) on all hosts:

  1. KeyStores=CustomIdentityAndCustomTrust
  2. CustomIdentityKeyStoreFileName=<location Identity Keystore >
  3. CustomIdentityKeyStorePassPhrase=<Password Identity Keystore>
  4. CustomIdentityAlias=<Alias in ID Keysotre >
  5. CustomIdentityPrivateKeyPassPhrase=<Password Identity Keystore>

After this, the Nodemanagers needs to be restarted. After restart you see the password entries are encrypted.

Also the entire domain had to be restarted. To check if the WebLogic domain was listening on SSL  the linux command:

  1. netstat -ntpl | grep 70

Alerts in Fusion Middleware console

Now after restart, we saw that we are using SSL now. We generated some testmessages and did some pipeline validations, and voila.

Publicatiedatum: 20 april 2015

Michel Schildmeijer
About the author Michel Schildmeijer

Michel started his career as a medical officer in the Royal Dutch Airforce, with a focus on pharma. After the air force, he continued in pharma, followed by time working in clinical pharmacology. While there, he transitioned to IT by learning UNIX and MUMPS, and developed a system for managing patients’ medical records. As his career developed, his responsibility shifted from a deep technical perspective to a more visionary role. At the end of 2011, Michel authored a book on WebLogic Administration for beginners. He joined Qualogy in April 2012 where he expanded his repertoire significantly, serving a wide range of customers with his knowledge about Java Application Servers, Middleware and Application Integration. He also increased his multiple-industry knowledge in his role as Solutions or IT architect by working for customers in a range of sectors, including financials, telecom, public transportation and government organizations. In 2012, he received the IT Industry-recognized title of Oracle ACE for being an ambassador and community leader in his area of expertise. In 2019, this was enhanced to Oracle ACE Director. Michel is asked regularly to speak about technology and the impact of innovation at national and international conferences such as KubeCon, Oracle OpenWorld, Groundbreakers Developers Tours and others. He contributes actively to the OpenSource community and solutions regarding containerization, CI/CD and DevOps. In October 2021, Michel took an exciting step in his career by becoming Business Unit Manager for Qualogy Managed Services. While he still has a finger on the pulse in terms of technology, he is expanding his scope by combining his experience with the new insights gained in his new position. Read more via blog: https://bit.ly/3fAxrqf | Medium: https://mschildmeijer.medium.com/ | Books: Oracle Weblogic Server 11gR1 PS2: Administration Essentials: https://bit.ly/3IhALmf | Oracle WebLogic Server 12c: First Look1: https://bit.ly/31olbpj

More posts by Michel Schildmeijer
Comments
Reply