Navigation

    Best APM Solution for Oracle WebLogic Server & FMW Product Family
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Download

    SOLVED WL-OPC Connection with WLSDM Over https

    General Support & Troubleshooting
    wl-opc wlsdm
    2
    23
    268
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wlcommunityusers
      wlcommunityusers last edited by

      Hi,

      I’m trying to configure WL-OPC with my WLSDMs domains over https (I checked connection through telnet and it works ok) but it seems OPC doesn’t reach targets over https, just over http.

      Could you please help me with this?

      Regards.

      Community Users Case Notes (Diary)

      wlsdmsupport 1 Reply Last reply Reply Quote 0
      • wlcommunityusers
        wlcommunityusers @wlcommunityusers last edited by

        @wlcommunityusers

        Hi,

        Finally, I found the solution.
        I changed java.security in WL-OPC disabling jdk.tls.disabledAlgorithms like this:

        b0d4cae9-48f2-4ce0-9bf1-0afdaf93dcde-image.png

        And then I removed all the arguments in JAVA_OPTIONS to default OPC installation.

        I restarted OPC and I could add the domains without any problem.

        Regards.

        Community Users Case Notes (Diary)

        1 Reply Last reply Reply Quote 0
        • wlsdmsupport
          WLSDM Support @wlcommunityusers last edited by

          @wlcommunityusers

          Hi,

          When you enabled SSL WL-OPC, you are facing WL-OPC to WLSDM connecting issues?

          Could you send “OPC_HOME\bin\WLOPC\logs\wl-opc.log” ?

          Regards

          WLSDM Community Support Team

          wlsdmsupport 1 Reply Last reply Reply Quote 0
          • wlsdmsupport
            WLSDM Support @wlsdmsupport last edited by can.sahin-wlsdmteam

            @can-sahin-wlsdmteam

            Hi,

            There is missing certificate configuration. You need to add certificate for SSL WL-OPC.

            Could you check attached configuration for below error please?

            "Caused by: java.io.FileNotFoundException: /u01/opc/bin/keystore.p12 (No such file or directory)"
            

            b9bc4ad3-effd-44d9-862b-11245cfe3444-image.png

            WLSDM Community Support Team

            wlcommunityusers 1 Reply Last reply Reply Quote 0
            • wlcommunityusers
              wlcommunityusers @wlsdmsupport last edited by

              @can-sahin-wlsdmteam

              I added certificates to WL-OPC and WLSDM is still not reachable.

              Community Users Case Notes (Diary)

              wlsdmsupport 1 Reply Last reply Reply Quote 0
              • wlsdmsupport
                WLSDM Support @wlcommunityusers last edited by

                @wlcommunityusers

                Hi,

                Can you explain with screenshots what you want to do and whats is the issue?

                Regards.

                WLSDM Community Support Team

                wlcommunityusers 1 Reply Last reply Reply Quote 0
                • wlcommunityusers
                  wlcommunityusers @wlsdmsupport last edited by can.sahin-wlsdmteam

                  @can-sahin-wlsdmteam

                  This is what happened when I try to register a new domain from WL-OPC (http or https) to WLSDM/Weblogic console (over https)

                  0071a865-edfd-47ec-920a-8d469cd6c7c6-image.png

                  b7d10bdc-2159-4b2a-b737-a6006706d99d-image.png


                  This is what I have in log files

                  90d9f741-afa3-435e-bdf7-63f5f6af31fc-image.png

                  Telnet test:
                  a0f62519-4b43-460c-9c6d-e5505802cca3-image.png

                  From WLSDM side
                  URL: https://…:9002/console/WLSDM/config/system

                  59c8ca6b-e336-46d2-9b9e-a106a5fd8f5f-image.png

                  This is a strange thing I see from tcpdump in WLSDM server
                  d127e292-e6ca-4ba9-a09d-2197397935a7-image.png

                  OPC is trying to connect to WLSDM through http instead https
                  This is the configuration from WLSDM to OPC

                  39d96555-274c-429d-b405-3cdb5e56f1ed-image.png

                  Community Users Case Notes (Diary)

                  wlsdmsupport 1 Reply Last reply Reply Quote 0
                  • wlsdmsupport
                    WLSDM Support @wlcommunityusers last edited by

                    @wlcommunityusers

                    Hi,

                    I understand your case and you want HTTPS communication. Why you are not considering to add WebLogic admin’s HTTP port? When you add as https port; you need to also take care of adding trust certificates on both side?

                    Thank you for your communication.

                    Kind Regards.

                    WLSDM Community Support Team

                    wlcommunityusers 1 Reply Last reply Reply Quote 0
                    • wlcommunityusers
                      wlcommunityusers @wlsdmsupport last edited by

                      @can-sahin-wlsdmteam

                      Hi,

                      Thanks for your feedback.

                      I understand we will need to create certificates for https communication between OPC and WLS AdminServers but it’s our default procedure for any WebLogic managed server or AdminServer.

                      Thank you very much for your update.

                      Regards,

                      Community Users Case Notes (Diary)

                      wlsdmsupport 1 Reply Last reply Reply Quote 0
                      • wlsdmsupport
                        WLSDM Support @wlcommunityusers last edited by

                        @wlcommunityusers

                        Hi,

                        In WL-OPC https and http traffic both can be enabled at the same time. The WLSDM & WL-OPC traffic based on token and without a registered token WLSDM cannot publish to WL-OPC. Currently we are supporting both https and http.

                        As a result, we fixed the problem and you are going to able to add your https and t3s domains. On the other hand, are you prefer https traffic from WLSDM to WL-OPC, too? Our default setting is http from WLSDM to WL-OPC but you can disable HTTP on WL-OPC setting. Take below screen capture as a reference.

                        We are waiting your reply back.

                        Regards.

                        WLSDM Community Support Team

                        wlsdmsupport 1 Reply Last reply Reply Quote 0
                        • wlsdmsupport
                          WLSDM Support @wlsdmsupport last edited by

                          @can-sahin-wlsdmteam

                          8e0d95ad-6408-40c9-8593-27a1b595dd5d-image.png

                          WLSDM Community Support Team

                          wlcommunityusers 1 Reply Last reply Reply Quote 0
                          • wlcommunityusers
                            wlcommunityusers @wlsdmsupport last edited by

                            @can-sahin-wlsdmteam
                            Hi,

                            For now, it’s ok having http traffic from WLSDM to WL-OPC, by the way, it would be great to have both options in future releases.

                            Regards.

                            Community Users Case Notes (Diary)

                            wlsdmsupport 1 Reply Last reply Reply Quote 0
                            • wlsdmsupport
                              WLSDM Support @wlcommunityusers last edited by can.sahin-wlsdmteam

                              @wlcommunityusers

                              Hi ,

                              You can follow below path to setup your HTTPS traffic. If any help needed please let us know.


                              1. Generate keystore wlopc.p12
                              keytool -genkeypair -alias wlopc -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore wlopc.p12 -validity 3650
                              
                              1. Update WL-OPC settings as below screen capture.

                              2. Export & download WL-OPC’s certificate from browser (Use firefox and the output is volthread-technology.pem)

                              3. Convert pem format to der format.

                              openssl x509 -outform der -in volthread-technology.pem  -out volthread-technology.der
                              
                              1. Then import to WebLogic AdminServer’s JKS file, set WebLogic AdminServer’s HostName Verification to NONE and finally restart admin server.
                              keytool -import -alias volthread -keystore DemoTrust.jks -file volthread-technology.der
                              

                              Anymore WLSDM and WL-OPC works as HTTPS

                              c8561c3d-ca31-498c-9e53-48799ed7b6a1-image.png

                              WLSDM Community Support Team

                              wlcommunityusers 1 Reply Last reply Reply Quote 0
                              • wlcommunityusers
                                wlcommunityusers @wlsdmsupport last edited by fevzi.korkutata-wlsdmteam

                                @can-sahin-wlsdmteam

                                Hi,

                                By the way, when I try to add the domain from WL-OPC I get this.

                                Handshake failed: TLSv1.3, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                
                                Handshake failed: TLSv1.2, error = The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
                                
                                Handshake failed: TLSv1.1, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                
                                Handshake failed: TLSv1, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                
                                Handshake failed: TLSv1.3, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                
                                Handshake failed: TLSv1.2, error = The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
                                
                                Handshake failed: TLSv1.1, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                
                                Handshake failed: TLSv1, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                

                                It looks like TLS version is not supported.

                                Regards.

                                Community Users Case Notes (Diary)

                                wlsdmsupport 1 Reply Last reply Reply Quote 0
                                • wlsdmsupport
                                  WLSDM Support @wlcommunityusers last edited by

                                  @wlcommunityusers

                                  Hi,

                                  Please increase the timeout and re-try again. This time remember to select “Overwrite” option on WL-OPC.

                                  Then let me know the result?

                                  a458423b-1d1f-4ef0-ac05-2b8206469853-image.png

                                  WLSDM Community Support Team

                                  wlcommunityusers 1 Reply Last reply Reply Quote 0
                                  • wlcommunityusers
                                    wlcommunityusers @wlsdmsupport last edited by

                                    @can-sahin-wlsdmteam

                                    Hi,

                                    I did the changes:

                                    55ddbddf-8515-4174-ace7-86071b8676a2-image.png

                                    Community Users Case Notes (Diary)

                                    wlcommunityusers 1 Reply Last reply Reply Quote 0
                                    • wlcommunityusers
                                      wlcommunityusers @wlcommunityusers last edited by

                                      @wlcommunityusers
                                      Hi,

                                      Some additional information:

                                      From the domains side, I can see http post in tcpdump

                                      7c97268c-e51b-4e8a-9c95-608721efa551-image.png

                                      Regards.

                                      Community Users Case Notes (Diary)

                                      wlsdmsupport 1 Reply Last reply Reply Quote 0
                                      • wlsdmsupport
                                        WLSDM Support @wlcommunityusers last edited by can.sahin-wlsdmteam

                                        @wlcommunityusers

                                        Hi,

                                        This problem can be something according to your environment. Please follow below steps, if it is not going to solve your problem let’s have a teams support meeting.

                                        1. Add this JVM argument to WL-OPC.
                                          Open $WLOPC_HOME/bin/setenv.properties and apend the value to JAVA_OPTIONS parameter.

                                        -Dweblogic.security.SSL.minimumProtocolVersion=ALL

                                        1. Increase the timeout as below.
                                          b1cde56d-7c49-4394-bf97-1e41fee38497-image.png

                                        2. Hard restart the OPC instance.

                                        $WLOPC_HOME/bin/opc stop
                                        $WLOPC_HOME/bin/opc start
                                        
                                        1. Then re-try adding the domain as I explained before.

                                        Kind Regards.

                                        WLSDM Community Support Team

                                        wlcommunityusers 1 Reply Last reply Reply Quote 0
                                        • wlcommunityusers
                                          wlcommunityusers @wlsdmsupport last edited by fevzi.korkutata-wlsdmteam

                                          @can-sahin-wlsdmteam

                                          Hi,

                                          I’m still facing the same issue

                                          c9c5787f-3c2f-4195-ba9d-c7b89e7a4161-image.png

                                           Handshake failed: TLSv1.3, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                          
                                          Handshake failed: TLSv1.2, error = The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
                                          
                                          Handshake failed: TLSv1.1, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                          
                                          Handshake failed: TLSv1, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                          
                                          Handshake failed: SSLv3, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                          
                                          Handshake failed: SSLv2Hello, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                          
                                          Handshake failed: TLSv1.3, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                          
                                          Handshake failed: TLSv1.2, error = The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
                                          
                                          Handshake failed: TLSv1.1, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                          
                                          Handshake failed: TLSv1, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                          
                                          Handshake failed: SSLv3, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                          
                                          Handshake failed: SSLv2Hello, error = No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
                                          

                                          Thank you very much.

                                          Regards,

                                          Community Users Case Notes (Diary)

                                          wlsdmsupport 1 Reply Last reply Reply Quote 0
                                          • wlsdmsupport
                                            WLSDM Support @wlcommunityusers last edited by

                                            @wlcommunityusers

                                            Hi ,

                                            Could you send us your WebLogic version, Adminserver and Managed Server JVM startup parameters, java version and java vendor please?

                                            Regards.

                                            WLSDM Community Support Team

                                            wlsdmsupport 1 Reply Last reply Reply Quote 0
                                            • wlsdmsupport
                                              WLSDM Support @wlsdmsupport last edited by fevzi.korkutata-wlsdmteam

                                              @can-sahin-wlsdmteam

                                              Hi,

                                              By the way may be your WebLogic TLS version is legacy. Could you please let me know the WL-OPC’s JDK version with below command output?

                                              cat $JAVA_HOME/jre/lib/security | grep "jdk.tls.disabledAlgorithms"

                                              Send us the value of “jdk.tls.disabledAlgorithms”

                                              f885a9f3-c838-4f54-b53a-786f2fa257a5-image.png

                                              WLSDM Community Support Team

                                              wlsdmsupport 1 Reply Last reply Reply Quote 0
                                              • wlsdmsupport
                                                WLSDM Support @wlsdmsupport last edited by can.sahin-wlsdmteam

                                                @can-sahin-wlsdmteam

                                                Hi,

                                                After you have sent the environment details of your WebLogic and Java version we have realized that the client is legacy and we are compatible with TLS legacy Java version. We have detected the problem by reproducing in our LAB environments.

                                                Please add below JVM argument to WL-OPC setenv.properties file then bounce the OPC instance by using opc command executable.

                                                -Djdk.tls.client.protocols=TLSv1,TLSv1.1

                                                After restarting OPC please retry to add the client then let us know the result.

                                                Kind Regards.

                                                WLSDM Community Support Team

                                                wlcommunityusers 1 Reply Last reply Reply Quote 0
                                                • wlcommunityusers
                                                  wlcommunityusers @wlsdmsupport last edited by

                                                  @can-sahin-wlsdmteam

                                                  Hi,

                                                  I added the argument to setenv, I send you the errors I have in log files.

                                                  Regards.

                                                  Community Users Case Notes (Diary)

                                                  wlcommunityusers 1 Reply Last reply Reply Quote 0
                                                  • wlcommunityusers
                                                    wlcommunityusers @wlcommunityusers last edited by

                                                    @wlcommunityusers

                                                    Hi,

                                                    Finally, I found the solution.
                                                    I changed java.security in WL-OPC disabling jdk.tls.disabledAlgorithms like this:

                                                    b0d4cae9-48f2-4ce0-9bf1-0afdaf93dcde-image.png

                                                    And then I removed all the arguments in JAVA_OPTIONS to default OPC installation.

                                                    I restarted OPC and I could add the domains without any problem.

                                                    Regards.

                                                    Community Users Case Notes (Diary)

                                                    1 Reply Last reply Reply Quote 0
                                                    • 1 / 1
                                                    • First post
                                                      Last post

                                                    WLSDM: Native WebLogic Monitoring & Diagnostics

                                                    Copyright © 2021 WLSDM Community & Support Portal | WLSDM.COM | WLSDM Blog