Recently I faced issue with my Service Tests created for ENOVIA application. Java was upgraded from Java 1.6_24 to Java1.7_79 on our Enovia Servers.

Everytime when I perform verify Service test I get “Remote host closed connection during handshake– https://chapxxx.oii.xxx.com:9010/enovia/emxLogin.jsp” Error message .

Since then all the Service Test for ENOVIA were showing down but on the contrary all other Service tests for other applications are working fine.

Now OEM12c supports only till Java 6 Update 95, and this java upgrade was causing the Service Test to failed at every run. So the only workaround I was thinking was either upgrade my OEM to 13c which support JAVA or if possible lower the version of JAVA on ENOVIA servers.

What I did to resolve this Issue.

Issue:

Service test failed: “Remote host closed connection during handshake– https://chapxxx.oii.xxx.com:9010/enovia/emxLogin.jsp” Error message .

Cause:

Java upgrade from Java 1.6_24 to Java1.7_79

Resolution:

Steps for Implementing TLSv1 with OEM 12.1.0.4 to Fix Poodle Attack (Doc ID 2059368.1)

Steps to be followed:

  1. Applied recommended patches and update java on OMS to jdk 6 update 95.
  2. Update Java on the agent {Beacon Agent} host to jdk 6 update 95.
    1. [NOTE: This step is required only when the agents are monitoring TLSv1 enabled 12.1.3 middleware targets]
    2. Download the Patch 20418674 from Doc ID 1439822.1 All Java SE Downloads on MOS
    3. Follow the instructions as per the example given in Doc ID 1944044.1 EM12c: How to Use / Update JDK 1.6u Version on Agent.
  3. Configure the Agent to switch to TLSv1 as per the following document under the section “Oracle Management Agent”.
    1. Doc ID 1938799.1 CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka “Poodle Attack”) in Oracle Enterprise Manager Grid / Cloud Control

Once you have performed all the steps make you your result look like this.

[oracle@hanoemxxx1 ~]$ openssl s_client -connect hanoemxxx1 .oii.xxx.com:3872 -tls1
CONNECTED(00000003)
depth=1 O = EnterpriseManager on hanoemxxx1 .oii.xxx.com, OU = EnterpriseManager on hanoemxxx1 .oii.xxx.com, L = EnterpriseManager on hanoemxxx1 .oii.xxx.com, ST = CA, C = US, CN = hanoemxxx1 .oii.xxx.com
verify error:num=19:self signed certificate in certificate chain
verify return:0

Certificate chain
0 s:/CN=hanoemxxx1 .oii.xxx.com
i:/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemxxx1 .oii.xxx.com
1 s:/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemxxx1 .oii.xxx.com
i:/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemxxx1 .oii.xxx.com

Server certificate
—–BEGIN CERTIFICATE—–
MIIC4DCCAkmgAwIBAgIJBBqdIBqYL6a0MA0GCSqGSIb3DQEBDQUAMIH5MTswOQYD
VQQKEzJFbnRlcnByaXNlTWFuYWdlciBvbiBoYW5vZW1hcDEub2lpLm9jZWFuZWVy
aW5nLmNvbTE7MDkGA1UECxMyRW50ZXJwcmlzZU1hbmFnZXIgb24gaGFub2VtYXAx
Lm9paS5vY2VhbmVlcmluZy5jb20xOzA5BgNVBAcTMkVudGVycHJpc2VNYW5hZ2Vy
IG9uIGhhbm9lbWFwMS5vaWkub2NlYW5lZXJpbmcuY29tMQswCQYDVQQIEwJDQTEL
MAkGA1UEBhMCVVMxJjAkBgNVBAMTHWhhbm9lbWFwMS5vaWkub2NlYW5lZXJpbmcu
Y29tMB4XDTE1MDUxMjIxMDA1MVoXDTI1MDUxMDIxMDA1MVowKDEmMCQGA1UEAxQd
aGFub2VtYXAxLm9paS5vY2VhbmVlcmluZy5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMZGbWxsmL+/HraSuevWybcBI2zY+3rgFOQTbRijL7pyO1jQV9bX
6NodoTBTrHp8l+s1+OWfy6SsBgz5EYwxBtsSMpmMd3zWy1b8hWeuZLBk77tPKYZL
JgMg2RY/QMjRe7l5i3rcdyNigpwBLR9VB4UI04Hhj7TDcHSzrR9QiNA3AgMBAAGj
QDA+MAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUDAwfoADAdBgNVHQ4EFgQUJbLM
QJPLTX0/RlaijJ3qT05BGxowDQYJKoZIhvcNAQENBQADgYEAVmBOWk2rIZX5Ew6I
iTt1xQujqPk4EtJUPwy2iGhHhCeYvr4SDoqXD6A2za7hlqD79tENYLPZOWWHnw9H
ZihRye9vqQkQ1k+fqLyXlPCpVpUaYZnL+kjVJVGShx69Tv1Xjl4lobemcXidbIiY
mNYNa9USae70oZdlJ+63hYbcU8E=
—–END CERTIFICATE—–
subject=/CN=hanoemxxx1 .oii.xxx.com
issuer=/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemap1.oii.xxx.com

No client certificate CA names sent

SSL handshake has read 1815 bytes and written 345 bytes

New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 56FB0E61209B62179FB5E17A9DBF49D882EB5A5BB8F4E77ACC1753E5D8050467
Session-ID-ctx:
Master-Key: 3F6A0D03114C02914B757164F843DB8F2A8A17124445E2DB77ADFA5F21CB94A6012D92D5D771898C5FB3701F3058CD55
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1459293793
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

Now re-run your Service Test, it application URL which was being monitored will show as Up and Running now.

 

Thanks

Deepak Sharma