OGG-10351 Certificate validation error: Unacceptable certificate from in OGGMA 19.1

OGG-10351 Certificate validation error: Unacceptable certificate from <IP> in OGGMA 19.1

Symptom:
2020-10-07T13:50:40.095+0000 INFO | Cipher installed: 0x003d – ‘TLS_RSA_WITH_AES_256_CBC_SHA256’. (DISTPATH01)
2020-10-07T13:50:40.095+0000 INFO | Cipher installed: 0x009d – ‘TLS_RSA_WITH_AES_256_GCM_SHA384’. (DISTPATH01)
2020-10-07T13:50:40.106+0000 INFO | Using configured client REQUIRED authentication mode ‘client_server’ -> AuthenticateClient (nzosEstablishTrustInClient). (DISTPATH01)
2020-10-07T13:50:40.107+0000 INFO | Using configured server authentication mode: ‘client_server’ -> kAuthenticateServer (nzosEstablishTrustInTarget). (DISTPATH01)
2020-10-07T13:50:40.107+0000 INFO | Full security authentication as configured in effect. (DISTPATH01)
2020-10-07T13:50:40.119+0000 INFO | Negotiated cipher: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (DISTPATH01)
2020-10-07T13:50:40.147+0000 ERROR| ERROR OGG-10351 Oracle GoldenGate Distribution Server for Oracle: Generic error -1 noticed. Error description – Certificate validation error: Unacceptable certificate from 192.168.1.110: application verification failure. (DISTPATH01)
2020-10-07T13:50:40.147+0000 ERROR| Error initializing the network channel (DISTPATH01)
2020-10-07T13:50:40.147+0000 ERROR| ERROR OGG-08525 Oracle GoldenGate Distribution Server for Oracle: The network connection could not be established. (DISTPATH01)
2020-10-07T13:50:40.147+0000 ERROR| Exception Code: OGG-08525 (DISTPATH01)
2020-10-07T13:50:40.147+0000 ERROR| Exception Message: The network connection could not be established. (DISTPATH01)
2020-10-07T13:50:40.147+0000 ERROR| Exception, killing the path DISTPATH01 (DISTPATH01)
2020-10-07T13:50:40.147+0000 WARN | Path killed. (DISTPATH01)
2020-10-07T13:50:40.147+0000 ERROR| ERROR OGG-08518 Oracle GoldenGate Distribution Server for Oracle: Request on path DISTPATH01 failed, which is caused by ‘The network connection could not be established.’. (Thread 11)
2020-10-07T13:50:40.155+0000 ERROR| Exception ‘OGG-08518 – Request on path DISTPATH01 failed, which is caused by ‘The network connection could not be established.’.’ from:
/u01/app/ogg/bin/distsrvr(ggs::gglib::sca::StandardResponse::addMessages(JsonValue&, ggs::gglib::gglog::GGException const&))
/u01/app/ogg/bin/distsrvr(distsrvr::distsrvrModule::patchSourcesDistpath(JsonValue const&, JsonValue&))
/u01/app/ogg/bin/distsrvr(boost::function2<ggs::gglib::sca::ResultStatus, JsonValue const&, JsonValue&>::operator()(JsonValue const&, JsonValue&) const)
/u01/app/ogg/bin/distsrvr(ggs::gglib::sca::UriContext::callUriHandler(JsonValue const&, JsonValue&) const)
/u01/app/ogg/bin/distsrvr(ggs::gglib::sca::ScaDispatcher::dispatch(ggs::gglib::sca::HttpContext&))
/u01/app/ogg/bin/distsrvr(ggs::gglib::sca::ScaServer::onBeginRequest(ggs::gglib::sca::HttpContext&))
/u01/app/ogg/bin/distsrvr(distsrvr::DistServer::onBeginRequest(ggs::gglib::sca::HttpContext&))
/u01/app/ogg/bin/distsrvr(ggs::gglib::sca::HttpServer::beginRequestCallback(mg_connection*))
/u01/app/ogg/bin/distsrvr()
/u01/app/ogg/bin/distsrvr()
/u01/app/ogg/bin/distsrvr()
/lib64/libpthread.so.0()
/lib64/libc.so.6(clone) (Thread 11

Cause:
We are setting FQDN in Common Name of DN in Certifcate, Distribution path is using target IP as desntination. So need to set IP and FQDN mapping or resolvation via /etc/hosts or DNS.

Solution:
Add mapping in OS, vi /etc/hosts:
192.168.1.110 oggvm01 oggvm01.myoracle.com

Leave a Reply

Your email address will not be published. Required fields are marked *