We were doing OAM 11gR2ps2 to OAM 11gr2Ps3. We also upgraded JDK as part of this upgrade.After that we got errors while starting admin server.
<Feb 23, 2017 6:12:44 AM CST> <Warning> <Coherence> <BEA-000000> <2017-02-23 06:12:44.515/188.594 Oracle Coherence GE 3.7.1.13 <Warning> (thread=PacketListener1, member=n/a): TcpDatagramSocket{bind=ServerSocket[addr=/x.y.z,localport=9097]}, exception regarding peer host-sid-hostname.com/x.y.z.:9095, General SSLEngine problem; Certificates does not conform to algorithm constraints>
<Feb 23, 2017 6:12:44 AM CST> <Warning> <Coherence> <BEA-000000> <2017-02-23 06:12:44.515/188.594 Oracle Coherence GE 3.7.1.13 <Warning> (thread=PacketListener1, member=1): TcpDatagramSocket{bind=ServerSocket[addr=/x.y.z,localport=9095]}, exception regarding peer /x.y.z:31657, Received fatal alert: certificate_unknown>
Since we upgraded Java from java version "1.7.0_67" to java version "1.7.0_121".We had to do few additional steps.
As per oracle the cause is "The SSL MD5withRSA support is deprecated as of JDK 1.7 release 95. So the old key/certificate stores when used with later JDK version (ex: 7u101) user started seeing the above reported error."
Solution:
copy old cacerts from old JDK-HOME/jre/lib/security directory to the new JDK-HOME/jre/lib/security directory.
<Feb 23, 2017 6:12:44 AM CST> <Warning> <Coherence> <BEA-000000> <2017-02-23 06:12:44.515/188.594 Oracle Coherence GE 3.7.1.13 <Warning> (thread=PacketListener1, member=n/a): TcpDatagramSocket{bind=ServerSocket[addr=/x.y.z,localport=9097]}, exception regarding peer host-sid-hostname.com/x.y.z.:9095, General SSLEngine problem; Certificates does not conform to algorithm constraints>
<Feb 23, 2017 6:12:44 AM CST> <Warning> <Coherence> <BEA-000000> <2017-02-23 06:12:44.515/188.594 Oracle Coherence GE 3.7.1.13 <Warning> (thread=PacketListener1, member=1): TcpDatagramSocket{bind=ServerSocket[addr=/x.y.z,localport=9095]}, exception regarding peer /x.y.z:31657, Received fatal alert: certificate_unknown>
Since we upgraded Java from java version "1.7.0_67" to java version "1.7.0_121".We had to do few additional steps.
As per oracle the cause is "The SSL MD5withRSA support is deprecated as of JDK 1.7 release 95. So the old key/certificate stores when used with later JDK version (ex: 7u101) user started seeing the above reported error."
Solution:
copy old cacerts from old JDK-HOME/jre/lib/security directory to the new JDK-HOME/jre/lib/security directory.
