Friday, 12 June 2020

DemoIdentity.jks file not found

Dear DBA-Mates, Topic: demoidentity.jks does not exist for Nodemanager
Hope you all are doing Good in Covid-19. Stay safe, be safe!!!

This post is related to Node Manager Issue which throwing error while starting as DemoIdentity.jks is not found under below path.
.../wlserver_12.2.1/oracle_common/common/nodemanager/security/DemoIdentity.jks

When we start Node Manager, it will not start and will come out of nohup. So, we need to check the log file where we can see this alert.
Error/Action:

ora-data.blogspot.com$ ls -ltr .../wlserver_12.2.1/oracle_common/common/nodemanager/security/DemoIdentity.jks

ls: cannot access .../wlserver_12.2.1/oracle_common/common/nodemanager/security/DemoIdentity.jks: No such file or directory

As above we can see file is not found.

So, we can create it manually without any issue.

1. We need to set the wls env file as shown below:

ora-data.blogspot.com$ pwd
.../wlserver/server/bin
ora-data.blogspot.com$

ora-data.blogspot.com$ . setWLSEnv.sh

2. Once above env setted. Go to security directory where you want to create that DemoIdentity.jks file.

ora-data.blogspot.com$ cd .../wlserver_12.2.1/oracle_common/common/nodemanager/security

ora-data.blogspot.com$ java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile democert -keyfile demokey -strength 1024 -noskid

Generating a certificate with common name vmohsautr068 and key strength 1024
issued by CA with certificate from /.../wlserver_12.2.1/wlserver/server/lib/CertGenCA.der file and key from /.../fmw/bea/wlserver_12.2.1/wlserver/server/lib/CertGenCAKey.der file

ora-data.blogspot.com$ ls -ltr
total 8
-rw-r-----. 1 ora-data ora-data   64 Jun 2 01:03 SerializedSystemIni.dat
-rw-r--r--. 1 ora-data ora-data  676 Jun 2 01:22 demokey.der
-rw-r--r--. 1 ora-data ora-data  993 Jun 2 01:22 demokey.pem
-rw-r--r--. 1 ora-data ora-data  800 Jun 2 01:22 democert.der
-rw-r--r--. 1 ora-data ora-data 1139 Jun 2 01:22 democert.pem

ora-data.blogspot.com$ java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile demokey.pem -keyfilepass DemoIdentityPassPhrase -certfile democert.pem -alias demoidentity

No password was specified for the key entry
Key file password will be used
<Jun 2, 2020 1:23:07 AM EDT> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Jun 2, 2020 1:23:07 AM EDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG28 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>

Imported private key demokey.pem and certificate democert.pem
into a new keystore DemoIdentity.jks of type jks under alias demoidentity

ora-data.blogspot.com$ ls -ltr
total 10
-rw-r-----. 1 ora-data ora-data   64 Jun 2 01:03 SerializedSystemIni.dat
-rw-r--r--. 1 ora-data ora-data  676 Jun 2 01:22 demokey.der
-rw-r--r--. 1 ora-data ora-data  993 Jun 2 01:22 demokey.pem
-rw-r--r--. 1 ora-data ora-data  800 Jun 2 01:22 democert.der
-rw-r--r--. 1 ora-data ora-data 1139 Jun 2 01:22 democert.pem
-rw-r--r--. 1 ora-data ora-data 1577 Jun 2 01:24 DemoIdentity.jks
ora-data.blogspot.com$

Then start the Node Manager, it will work fine.
Some useful links:



Ref.: 1392455.1