Recently I faced issue with my Service Tests created for ENOVIA application. Java was upgraded from Java 1.6_24 to Java1.7_79 on our Enovia Servers.
Everytime when I perform verify Service test I get “Remote host closed connection during handshake– https://chapxxx.oii.xxx.com:9010/enovia/emxLogin.jsp” Error message .
Since then all the Service Test for ENOVIA were showing down but on the contrary all other Service tests for other applications are working fine.
Now OEM12c supports only till Java 6 Update 95, and this java upgrade was causing the Service Test to failed at every run. So the only workaround I was thinking was either upgrade my OEM to 13c which support JAVA or if possible lower the version of JAVA on ENOVIA servers.
What I did to resolve this Issue.
Issue:
Service test failed: “Remote host closed connection during handshake– https://chapxxx.oii.xxx.com:9010/enovia/emxLogin.jsp” Error message .
Cause:
Java upgrade from Java 1.6_24 to Java1.7_79
Resolution:
Steps for Implementing TLSv1 with OEM 12.1.0.4 to Fix Poodle Attack (Doc ID 2059368.1)
Steps to be followed:
- Applied recommended patches and update java on OMS to jdk 6 update 95.
- Update Java on the agent {Beacon Agent} host to jdk 6 update 95.
- [NOTE: This step is required only when the agents are monitoring TLSv1 enabled 12.1.3 middleware targets]
- Download the Patch 20418674 from Doc ID 1439822.1 All Java SE Downloads on MOS
- Follow the instructions as per the example given in Doc ID 1944044.1 EM12c: How to Use / Update JDK 1.6u Version on Agent.
- Configure the Agent to switch to TLSv1 as per the following document under the section “Oracle Management Agent”.
- Doc ID 1938799.1 CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka “Poodle Attack”) in Oracle Enterprise Manager Grid / Cloud Control
Once you have performed all the steps make you your result look like this.
[oracle@hanoemxxx1 ~]$ openssl s_client -connect hanoemxxx1 .oii.xxx.com:3872 -tls1
CONNECTED(00000003) depth=1 O = EnterpriseManager on hanoemxxx1 .oii.xxx.com, OU = EnterpriseManager on hanoemxxx1 .oii.xxx.com, L = EnterpriseManager on hanoemxxx1 .oii.xxx.com, ST = CA, C = US, CN = hanoemxxx1 .oii.xxx.com verify error:num=19:self signed certificate in certificate chain verify return:0 — Certificate chain 0 s:/CN=hanoemxxx1 .oii.xxx.com i:/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemxxx1 .oii.xxx.com 1 s:/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemxxx1 .oii.xxx.com i:/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemxxx1 .oii.xxx.com — Server certificate —–BEGIN CERTIFICATE—– MIIC4DCCAkmgAwIBAgIJBBqdIBqYL6a0MA0GCSqGSIb3DQEBDQUAMIH5MTswOQYD VQQKEzJFbnRlcnByaXNlTWFuYWdlciBvbiBoYW5vZW1hcDEub2lpLm9jZWFuZWVy aW5nLmNvbTE7MDkGA1UECxMyRW50ZXJwcmlzZU1hbmFnZXIgb24gaGFub2VtYXAx Lm9paS5vY2VhbmVlcmluZy5jb20xOzA5BgNVBAcTMkVudGVycHJpc2VNYW5hZ2Vy IG9uIGhhbm9lbWFwMS5vaWkub2NlYW5lZXJpbmcuY29tMQswCQYDVQQIEwJDQTEL MAkGA1UEBhMCVVMxJjAkBgNVBAMTHWhhbm9lbWFwMS5vaWkub2NlYW5lZXJpbmcu Y29tMB4XDTE1MDUxMjIxMDA1MVoXDTI1MDUxMDIxMDA1MVowKDEmMCQGA1UEAxQd aGFub2VtYXAxLm9paS5vY2VhbmVlcmluZy5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBAMZGbWxsmL+/HraSuevWybcBI2zY+3rgFOQTbRijL7pyO1jQV9bX 6NodoTBTrHp8l+s1+OWfy6SsBgz5EYwxBtsSMpmMd3zWy1b8hWeuZLBk77tPKYZL JgMg2RY/QMjRe7l5i3rcdyNigpwBLR9VB4UI04Hhj7TDcHSzrR9QiNA3AgMBAAGj QDA+MAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUDAwfoADAdBgNVHQ4EFgQUJbLM QJPLTX0/RlaijJ3qT05BGxowDQYJKoZIhvcNAQENBQADgYEAVmBOWk2rIZX5Ew6I iTt1xQujqPk4EtJUPwy2iGhHhCeYvr4SDoqXD6A2za7hlqD79tENYLPZOWWHnw9H ZihRye9vqQkQ1k+fqLyXlPCpVpUaYZnL+kjVJVGShx69Tv1Xjl4lobemcXidbIiY mNYNa9USae70oZdlJ+63hYbcU8E= —–END CERTIFICATE—– subject=/CN=hanoemxxx1 .oii.xxx.com issuer=/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemap1.oii.xxx.com — No client certificate CA names sent — SSL handshake has read 1815 bytes and written 345 bytes — New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DES-CBC3-SHA Session-ID: 56FB0E61209B62179FB5E17A9DBF49D882EB5A5BB8F4E77ACC1753E5D8050467 Session-ID-ctx: Master-Key: 3F6A0D03114C02914B757164F843DB8F2A8A17124445E2DB77ADFA5F21CB94A6012D92D5D771898C5FB3701F3058CD55 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1459293793 Timeout : 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain) — |
Now re-run your Service Test, it application URL which was being monitored will show as Up and Running now.
Thanks
Deepak Sharma