Oracle ILOM Firmware Release: 3.2.11 and later
Server Platform: Sun Server X3-2 series models.
Issue: After uploading a CA SSL certificate chain to Oracle ILOM, the Oracle ILOM Remote System Console fails to start and the following message appears:
Warning: Certificate validation failed. Could not validate the Remote Host Certificate. Either a man-in-the middle attack could be occuring or it is possible that the remote host certificate has been changed.
When an SSL certificate chain is uploaded as a custom certificate to Oracle ILOM, the Oracle ILOM services only transmit the first certificate in the chain, which is known as the server certificate, to the Remote System Console. On the client side, if the intermediate certificate or certificates in the chain are not available in the Java keystore, then the certificate validation will fail.
Workaround: On the client side using the Java keytool command, import the intermediate certificate used to sign the server certificate (uploaded to Oracle ILOM) to the Java keystore, for instance:
On Windows systems, at the command prompt, type:
keytool -importcert -alias <certalias> -file <intermediate-cert> -keystore "c:\Program Files (x86)\Java\jre[version]\lib\security\cacerts"
On Linux systems, at the command prompt, type:
keytool -importcert -alias <certalias> -file <intermediate-cert> -keystore [Java_home]/jre/lib/security/cacerts
Reference information: