SSL Exceptions in Admin Server and Node Manager. [Security:090482]BAD_CERTIFICATE alert was received from – Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.


<WARNING> <Uncaught exception in server Remote host closed connection during handshake> Remote host closed connection during handshake at at

The above exceptions are  the most common exceptions encountered during the setup of Weblogic Server in an environment. The stack does suggest what could be the reasons but the diagnostics are not mentioned.

To debug this issue, first we need to check the certificates used by Admin Server and the Node Manager. If we have Admin and the Node Manager using demo certificates, then the issue can be due to improper DNS mapping. We can use the nslookup to check the DNS entry. For testing purpose we can provide the ip address as the listen address for the admin server and the node manager and see if the issue is still occurring.

Also we will have to turn of host name verification and the basic validation check of the certificates. We can do it by specifying the following flag in


And the following flag in

-Dssl.debug=true -Dweblogic.nodemanager.sslHostNameVerificationEnabled=false

If the Admin Server is using Custom Identity and Custom trust, then its better to configure the node manger with custom identity and custom trust as well.
By default the Node Manager is configured with Demo Identity and Demo Trust. To change it to custom identity and custom trust, we need to specify the following values in the file present in nodemanager home

CustomIdentityKeyStorePassPhrase = xxxxxx
CustomIdentityKeyStoreType = JKS
CustomIdentityPrivateKeyPassPhrase = xxxxxxx

Apply the same flags as above in the startup script of Admin Server and Node Manger.

Check from the console whether Node Manager is reachable or not.

Another option can be to use PLAIN communication between Admin Server and Node Manager.

We can change the Listen Type to PLAIN for the Node Manager from the console and set the secureListener=false in the file present in nodemanager home.


Latest Comments

  1. Virgil May 8, 2010
  2. Suresh Kumar July 6, 2010
    • admin July 6, 2010
  3. Jobi December 8, 2010
  4. Jobi December 8, 2010
    • Administrator December 8, 2010
  5. Jobi December 9, 2010
  6. Lon Nestrud April 29, 2011
  7. 405 August 11, 2011
  8. Rajendra September 13, 2011
  9. Marco April 21, 2012
  10. Arulraj December 18, 2012
  11. Karri May 13, 2013
  12. Nitin August 19, 2014
    • Administrator September 8, 2014

Leave a Reply