The reason being of the issue is, ICS certificate has been changed. Certificate changes for ICS happened on the Cloud (outside of Agent). It can be mapped to 18.2.3 MLR 00.
This is known Bug 28242477 logged by Oracle.
To resolve this issue, the user needs to re-import the CA certs from ICS on to agent keystore. Ensure that entire certificate chain is imported to agent keystore.
Follow below steps to resolve the issue:
1) Download Certificate Chain from ICS
- Login into ICS console using Firefox browser
- Click on Security Report and More Information
- Go to Security Tab and Click on View Certificate button
- Click on Details tab. Once click on Details tab, you will notice Certificate Chain (Root, Intermediate & Leaf)
- Download all three (Root, Intermediate & Leaf) Certificate one by one
- Click on Root Certificate and Click on Export button
- Repeat last two steps for Intermediate and Leaf certificate
- Login to ICS agent server
- Move certificates to /tmp/cert directory
- Go to <AgentHome>/cert/ directory
- Take backup of keystore.jks file
- Ensure JAVA_HOME is set to run keytool command
- Import leaf certificate first by issuing following command
- Once promoted for keystore password, enter “changeit”. This is default password of keystore.jks
- Run below command to import root certificate
- Run below command to import intermediate certificate
- Run below command to start ICS agent