2 Replies Latest reply: Feb 22, 2012 1:56 PM by 914147 RSS

    OIF 11g - Error after renewing signing certficate

    SunilU
      I had to renew the signing certificate for OIF 11g (11.1.1.5) , which was about to expire. It was a straight forward rewal, where I used ewallet.p12 file from OWM and updated in OIF (under security and trust menu). I removed the old wallet and did a update with the new one. The password to the wallet and private key are all the same. Server comes up fine, but while testing IdP site, I keep getting this error:

      WatchData: DATE = Dec 14, 2011 4:23:30 PM CST SERVER = wls_oif1 MESSAGE = [ServletContext@191623398[app:OIF module:/fed path:/fed spec-version:2.5 version:11
      .1.1.2.0]] Servlet failed with Exception
      java.lang.RuntimeException: The server could not initialize properly: oracle.security.fed.sec.util.KeySourceException: No private key found in the PKCS#12 Wa
      llet for alias: OIF
      at oracle.security.fed.controller.web.servlet.AbstractFedServlet.initApplicationController(Unknown Source)
      at oracle.security.fed.controller.web.servlet.AbstractFedServlet.getApplicationController(Unknown Source)


      Has anybody faced this issue during certificate renewal. Please help.

      Thanks
      Sunil.
        • 1. Re: OIF 11g - Error after renewing signing certficate
          SunilU
          Resolved the issue. For some reason it doesn't like using the same signing certifcate alias name. I updated the cert again without alias and it worked and also removed the old wallet.

          Sunil.
          • 2. Re: OIF 11g - Error after renewing signing certficate
            914147
            Sunil,

            Can you provide some detail on setting up the signing cert for your OIF instance? I can't figure out which wallet. I have a couple of wallets on my system:

            /oracle/middleware/asinst_1/EMAGENT/EMAGENT/sysman/config/monwallet/ewallet.p12
            /oracle/middleware/Oracle_IDM1/sysman/config/monwallet/ewallet.p12

            The password I used during my install doesn't work for either of these. I want to use my own private key to sign these certs, but I'm not sure where to add it. I tried creating a JKS store and switching to JKS in the OIF admin in /em, but it wouldn't accept my JKS.

            Thanks!

            Matt